Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ou0ZT4968y.exe

Overview

General Information

Sample Name:Ou0ZT4968y.exe
Analysis ID:753418
MD5:27b75158dcfeba6b3419bdbb15397584
SHA1:8a135c4fc3fa7e06bf29537f9cb0298cc2f1c1de
SHA256:a6ffd97ca5d47f2251a53ccd3ab891a9fec5b7d0f316b4c11e7d88f19765b1b4
Tags:32exetrojan
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Allocates memory in foreign processes
Tries to harvest and steal browser information (history, passwords, etc)
Injects a PE file into a foreign processes
Creates a DirectInput object (often for capturing keystrokes)
Uses 32bit PE files
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
Checks if the current process is being debugged
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Ou0ZT4968y.exe (PID: 4204 cmdline: C:\Users\user\Desktop\Ou0ZT4968y.exe MD5: 27B75158DCFEBA6B3419BDBB15397584)
    • conhost.exe (PID: 3520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • vbc.exe (PID: 6096 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)
    • WerFault.exe (PID: 1216 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 144 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Ou0ZT4968y.exeVirustotal: Detection: 34%Perma Link
Source: Ou0ZT4968y.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Ou0ZT4968y.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: \Downloads\Documents\3pqvu\outpu2.pdb source: Ou0ZT4968y.exe
Source: Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Set-CookieCookie:www.youtube.comLOGIN_INFOstudio.youtube.com\u003d=%3DPAGE_CLINNERTUBE_API_KEYPAGE_BUILD_LABELINNERTUBE_CONTEXT_CLIENT_NAMEINNERTUBE_CONTEXT_CLIENT_VERSIONINNERTUBE_CONTEXT_SERIALIZED_DELEGATION_CONTEXTINNERTUBE_CONTEXT_GLINNERTUBE_CONTEXT_HLproductVersionVISITOR_DATAXSRF_TOKENCHANNEL_ID equals www.youtube.com (Youtube)
Source: Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: tVSet-CookieCookie:www.youtube.comLOGIN_INFOstudio.youtube.com\u003d=%3DPAGE_CLINNERTUBE_API_KEYPAGE_BUILD_LABELINNERTUBE_CONTEXT_CLIENT_NAMEINNERTUBE_CONTEXT_CLIENT_VERSIONINNERTUBE_CONTEXT_SERIALIZED_DELEGATION_CONTEXTINNERTUBE_CONTEXT_GLINNERTUBE_CONTEXT_HLproductVersionVISITOR_DATAXSRF_TOKENCHANNEL_ID equals www.youtube.com (Youtube)
Source: Ou0ZT4968y.exeString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: Ou0ZT4968y.exe, 00000000.00000000.263129062.0000000001473000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: Ou0ZT4968y.exe, 00000000.00000000.263129062.0000000001473000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: Ou0ZT4968y.exe, 00000000.00000000.263129062.0000000001473000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcc.gnu.org/bugs/):
Source: Ou0ZT4968y.exe, 00000000.00000000.263129062.0000000001473000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: Ou0ZT4968y.exe, Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://studio.youtube.com
Source: Ou0ZT4968y.exe, Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://studio.youtube.com/reauth
Source: Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://studio.youtube.comSAPISIDHASH
Source: Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://studio.youtube.comX-Originapplication/jsonContent-TypesessionTokenctx
Source: Ou0ZT4968y.exe, 00000000.00000000.263396775.0000000000D0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: Ou0ZT4968y.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 144
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011535CB0_2_011535CB
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_0115510A0_2_0115510A
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011524140_2_01152414
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_0115510F0_2_0115510F
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01151E2E0_2_01151E2E
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011522700_2_01152270
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011533A50_2_011533A5
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_0115278E0_2_0115278E
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01155ECF0_2_01155ECF
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01155F740_2_01155F74
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011D1D690_2_011D1D69
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01151E1A0_2_01151E1A
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01151A730_2_01151A73
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011511540_2_01151154
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011511540_2_01151154
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01152DBA0_2_01152DBA
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011533780_2_01153378
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01154C0F0_2_01154C0F
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011513AC0_2_011513AC
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011525A40_2_011525A4
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011544620_2_01154462
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01152EA00_2_01152EA0
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01152EA00_2_01152EA0
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011528380_2_01152838
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011524140_2_01152414
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: String function: 01154FC0 appears 58 times
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: String function: 011521BC appears 41 times
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: String function: 01152F36 appears 78 times
Source: Ou0ZT4968y.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_EXPORT size: 0x100 address: 0x0
Source: Ou0ZT4968y.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE size: 0x100 address: 0x0
Source: Ou0ZT4968y.exeVirustotal: Detection: 34%
Source: Ou0ZT4968y.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Ou0ZT4968y.exe C:\Users\user\Desktop\Ou0ZT4968y.exe
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 144
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\NaBhAaAa__eh_shmem3_gcc_tdm_
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\NaBhAaAa__shmem3_winpthreads_tdm_
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3520:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4204
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERDFF8.tmpJump to behavior
Source: classification engineClassification label: mal64.spyw.evad.winEXE@5/5@0/0
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Ou0ZT4968y.exe, Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Ou0ZT4968y.exeStatic file information: File size 3838464 > 1048576
Source: Ou0ZT4968y.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x2e8000
Source: Ou0ZT4968y.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Ou0ZT4968y.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: \Downloads\Documents\3pqvu\outpu2.pdb source: Ou0ZT4968y.exe
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01152158 push ecx; ret 0_2_011886D3
Source: Ou0ZT4968y.exeStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01160C7A LoadLibraryA,LoadLibraryA,GetProcAddress,0_2_01160C7A
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeAPI coverage: 3.8 %
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_0115384B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0115384B
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01151A64 mov eax, dword ptr fs:[00000030h]0_2_01151A64
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_0115302B mov eax, dword ptr fs:[00000030h]0_2_0115302B
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01154827 mov eax, dword ptr fs:[00000030h]0_2_01154827
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011C2752 mov eax, dword ptr fs:[00000030h]0_2_011C2752
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01160C7A LoadLibraryA,LoadLibraryA,GetProcAddress,0_2_01160C7A
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01155D94 GetProcessHeap,0_2_01155D94
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_01160375 LdrInitializeThunk,0_2_01160375
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_0115384B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0115384B
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_0115579A SetUnhandledExceptionFilter,0_2_0115579A

HIPS / PFW / Operating System Protection Evasion

barindex
Writes to foreign memory regions
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4F10000Jump to behavior
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4CF2008Jump to behavior
Allocates memory in foreign processes
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4F10000 protect: page execute and read and writeJump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4F10000 value starts with: 4D5AJump to behavior
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: GetLocaleInfoW,0_2_0115282E
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: GetLocaleInfoW,0_2_0115282E
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: EnumSystemLocalesW,0_2_011CB629
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_01153431
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011D4A53 GetTimeZoneInformation,0_2_011D4A53
Source: C:\Users\user\Desktop\Ou0ZT4968y.exeCode function: 0_2_011558DF GetSystemTimeAsFileTime,0_2_011558DF

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Native API		Path Interception311
Process Injection		1
Virtualization/Sandbox Evasion		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts311
Process Injection		1
Input Capture		3
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares1
Data from Local System		Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
Obfuscated Files or Information		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets12
System Information Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 753418 Sample: Ou0ZT4968y.exe Startdate: 24/11/2022 Architecture: WINDOWS Score: 64 19 Multi AV Scanner detection for submitted file 2->19 6 Ou0ZT4968y.exe 1 2->6         started        process3 signatures4 21 Writes to foreign memory regions 6->21 23 Allocates memory in foreign processes 6->23 25 Injects a PE file into a foreign processes 6->25 9 vbc.exe 6->9         started        12 WerFault.exe 24 9 6->12         started        15 conhost.exe 6->15         started        process5 file6 27 Tries to harvest and steal browser information (history, passwords, etc) 9->27 17 C:\ProgramData\Microsoft\...\Report.wer, Unicode 12->17 dropped signatures7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Ou0ZT4968y.exe34%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
https://studio.youtube.comX-Originapplication/jsonContent-TypesessionTokenctx0%Avira URL Cloudsafe
https://studio.youtube.comSAPISIDHASH0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tOu0ZT4968y.exe, 00000000.00000000.263129062.0000000001473000.00000040.00000001.01000000.00000003.sdmpfalse
  • URL Reputation: safe
unknown
https://gcc.gnu.org/bugs/):Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpfalse
    		high
    https://sectigo.com/CPS0Ou0ZT4968y.exe, 00000000.00000000.263129062.0000000001473000.00000040.00000001.01000000.00000003.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://studio.youtube.comSAPISIDHASHOu0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://studio.youtube.comX-Originapplication/jsonContent-TypesessionTokenctxOu0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://ocsp.sectigo.com0Ou0ZT4968y.exe, 00000000.00000000.263129062.0000000001473000.00000040.00000001.01000000.00000003.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://studio.youtube.comOu0ZT4968y.exe, Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpfalse
      		high
      https://studio.youtube.com/reauthOu0ZT4968y.exe, Ou0ZT4968y.exe, 00000000.00000000.262227634.000000000120A000.00000004.00000001.01000000.00000003.sdmp, Ou0ZT4968y.exe, 00000000.00000003.260801348.000000000103F000.00000040.00001000.00020000.00000000.sdmpfalse
        		high
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#Ou0ZT4968y.exe, 00000000.00000000.263129062.0000000001473000.00000040.00000001.01000000.00000003.sdmpfalse
        • URL Reputation: safe
        		unknown

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox Version:36.0.0 Rainbow Opal
        Analysis ID:753418
        Start date and time:2022-11-24 19:46:10 +01:00
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 6m 17s
        Hypervisor based Inspection enabled:false
        Report type:full
        Sample file name:Ou0ZT4968y.exe
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
        Number of analysed new started processes analysed:16
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal64.spyw.evad.winEXE@5/5@0/0
        EGA Information:
        • Successful, ratio: 100%
        HDC Information:
        • Successful, ratio: 9.1% (good quality ratio 8.1%)
        • Quality average: 72.1%
        • Quality standard deviation: 33.3%
        HCA Information:
        • Successful, ratio: 53%
        • Number of executed functions: 8
        • Number of non-executed functions: 39
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, SgrmBroker.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 52.168.117.173
        • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, watson.telemetry.microsoft.com
        • Not all processes where analyzed, report is missing behavior information

        Simulations

        Behavior and APIs

        TimeTypeDescription
        19:47:22API Interceptor1x Sleep call for process: WerFault.exe modified

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Ou0ZT4968y.exe_6d94c01abebf2aab25e322aa91a877df2b8acdd6_dac8cab9_0497fefa\Report.wer

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):65536
        Entropy (8bit):0.6333673483266187
        Encrypted:false
        SSDEEP:96:BaF+Bywfq7hooI7Rj6tpXIQcQvc6QcEDMcw3Dz+HbHg6ZAXGng5FMTPSkvPkpXmt:YUEgKHBUZMXwjE/u7sYS274Ithd
        MD5:E3388C180CA99CBB06B4FB511ABED0BC
        SHA1:401193C3EAD21B346B3491F1A75DF4825EB07DD5
        SHA-256:FA7F3F2FB2DC97680A1175BE9FFD628A4153ED3271DB415E8ED66A5FBFB1EAEA
        SHA-512:B157E4A47EE0FF42B9668927CA7CC8A42CFD94C41A643AE555321839BB9E7B8C0C39A3903124C665D88F1ED46009D51A2F0AEF9A98CE034AFCA3F8DE8EE7B075
        Malicious:true
        Reputation:low
        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.3.8.2.1.6.3.4.1.5.4.2.8.1.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.3.8.2.1.6.3.4.9.0.4.2.7.9.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.f.7.c.c.2.f.2.-.4.a.0.3.-.4.e.6.2.-.9.5.c.7.-.c.3.b.e.b.f.f.c.c.7.4.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.b.b.d.5.3.b.8.-.d.e.d.9.-.4.e.2.d.-.8.3.6.1.-.6.1.8.0.4.9.5.0.d.2.8.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.O.u.0.Z.T.4.9.6.8.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.6.c.-.0.0.0.1.-.0.0.1.f.-.b.d.1.9.-.9.2.9.3.8.0.0.0.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.b.5.3.c.e.d.0.4.4.4.c.0.0.7.6.6.b.3.c.0.8.7.f.d.b.8.c.c.b.7.a.0.0.0.0.f.f.f.f.!.0.0.0.0.8.a.1.3.5.c.4.f.c.3.f.a.7.e.0.6.b.f.2.9.5.3.7.f.9.c.b.0.2.9.8.c.c.2.f.1.c.1.d.e.!.O.u.0.Z.T.4.9.6.8.y...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

        C:\ProgramData\Microsoft\Windows\WER\Temp\WERDFF8.tmp.dmp

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:Mini DuMP crash report, 14 streams, Fri Nov 25 03:47:14 2022, 0x1205a4 type
        Category:dropped
        Size (bytes):19308
        Entropy (8bit):2.034850742153558
        Encrypted:false
        SSDEEP:192:IiBN776wEO8SUgESYjTTf0LwS6VbwiVB:BL8SUgEnWU
        MD5:5F62CFE3289680CE0BA403BFA713F762
        SHA1:11DB652ED2452D5878A852FE8F0AF28F2DD0B0D6
        SHA-256:87A0635B61D9F5236D89B374CE8B4528E9384775DF853C9215EA475A4FD5C0B9
        SHA-512:AB89FE022F7013D25462866CB198D10C1A5560FC6540263887ECCB60EBB88167C0FBD3395B6261E36F4F45A91034A39D4B6AE73122396F28506D39CF4C7DB196
        Malicious:false
        Reputation:low
        Preview:MDMP....... ........:.c............4........... ...<.......D...............T.......8...........T...........H...$B..........\...........H....................................................................U...........B..............GenuineIntelW...........T.......l....:.c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE1AF.tmp.WERInternalMetadata.xml

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):8414
        Entropy (8bit):3.7002308627041924
        Encrypted:false
        SSDEEP:192:Rrl7r3GLNisWM6IrhYI6YqLSUdQLgmfZS/4CprR89bigsf9Z2m:RrlsNie6IrhYI6YWSUd0gmfZSWizfj
        MD5:407BD46C9BE20C03543997A842850C90
        SHA1:E94331EC35B224F55AD3CDC8C4AC35204C759047
        SHA-256:F2D534182D6DA418CE4EE1405ED2459A27E5DC606838E5594B499320A9FC465F
        SHA-512:CFDDD29B18A54B66291E3EFE5927F47D35D2EF5DCD49C983776A67CBBED46BAA7AB24206F01A0FB0BBA52B2DD777DFF6AED40B5E1DBABD4C420C9D21C130D799
        Malicious:false
        Reputation:low
        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.2.0.4.<./.P.i.d.>.......

        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE24C.tmp.xml

        Download File
        Process:C:\Windows\SysWOW64\WerFault.exe
        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):4704
        Entropy (8bit):4.485959521931812
        Encrypted:false
        SSDEEP:48:cvIwSD8zsEJgtWI9g+Wgc8sqYjI/8fm8M4J2mGMFqVDBQj+q8vFmGw++opNYed:uITfCz/grsqYNJW/DBQjKT95pNYed
        MD5:B803416ADBFF7385C0C65C581A799A10
        SHA1:5EA2F9CF5CA50C9CFB3E1259DF56E9797BC1A55F
        SHA-256:3A6B6AD246307AB0A5DBE6C122A1D306280A1174BCE7AFFDE5F492466EE72B78
        SHA-512:C0D9C84E24D508DE7571C3394108A4F771380FC4585F69F3428AE353F2A09F18AE737BB4E0EB5B681A0FB70DA0FCB3A3FA072991C3201CE3D978E1A5BEDD8C07
        Malicious:false
        Reputation:low
        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1795017" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

        \Device\ConDrv

        Download File
        Process:C:\Users\user\Desktop\Ou0ZT4968y.exe
        File Type:ASCII text, with no line terminators
        Category:dropped
        Size (bytes):2
        Entropy (8bit):1.0
        Encrypted:false
        SSDEEP:3:E:E
        MD5:3C59DC048E8850243BE8079A5C74D079
        SHA1:472B07B9FCF2C2451E8781E944BF5F77CD8457C8
        SHA-256:6F4B6612125FB3A0DAECD2799DFD6C9C299424FD920F9B308110A2C1FBD8F443
        SHA-512:198DABF4BAC21CF35CDDB48DB0F8B67C56B2BDF63767242AEA7342FE68C0B9DF8D37F3E47A134648E19F1640E158F2E527E636DB122A9143307CF309EFCB85D9
        Malicious:false
        Reputation:low
        Preview:21

        Static File Info

        General

        File type:PE32 executable (console) Intel 80386, for MS Windows
        Entropy (8bit):6.805543225209493
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:Ou0ZT4968y.exe
        File size:3838464
        MD5:27b75158dcfeba6b3419bdbb15397584
        SHA1:8a135c4fc3fa7e06bf29537f9cb0298cc2f1c1de
        SHA256:a6ffd97ca5d47f2251a53ccd3ab891a9fec5b7d0f316b4c11e7d88f19765b1b4
        SHA512:eb9acc530d9c20dc26a00489572fe5b21075181f5f25d6598ebd5292aef5bbce9c2dc89fac04201ea7ce5c5faec545e44c02e54356ae6dfda7d2f70255a930b3
        SSDEEP:49152:YI2A2+xup+pRTSHO1c6R7heQLqPqW7SdZ8iyTgyfw91m0tfSl8TtVlkQb9Hmv3IS:FneShqwhb/lkHv3IzT
        TLSH:B006CF710A5560CAE4D025F84AFB7772A7ECCBB02BC6C7CB428316A942D35C4A5B5F8D
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..AA..*B..AG..*B..AF..*B..AC..*B..*C..*B..PF..*B..PA..*B..PG..*B..PG..*B..P@..*B.Rich.*B.................PE..L..

        File Icon

        Icon Hash:00828e8e8686b000

        Static PE Info

        General

        Entrypoint:0x4011b8
        Entrypoint Section:.text
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows cui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Time Stamp:0x637FB129 [Thu Nov 24 18:00:09 2022 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:a142061eae8e8b8626d2b5b074229afd

        Entrypoint Preview

        Instruction
        jmp 00007FBF70ADA88Fh
        jmp 00007FBF70AF0D84h
        jmp 00007FBF70AE2BAEh
        jmp 00007FBF70ACDFD4h
        jmp 00007FBF70AB5F47h
        jmp 00007FBF70B3316Fh
        jmp 00007FBF70ACE705h
        jmp 00007FBF70AF1129h
        jmp 00007FBF70B393B0h
        jmp 00007FBF70ABC105h
        jmp 00007FBF70ADB027h
        jmp 00007FBF70ABACAAh
        jmp 00007FBF70AEB610h
        jmp 00007FBF70AC38DCh
        jmp 00007FBF70B05ADBh
        jmp 00007FBF70AB9C4Fh
        jmp 00007FBF70AB3B8Dh
        jmp 00007FBF70B26A81h
        jmp 00007FBF70AB3C5Ch
        jmp 00007FBF70AFF999h
        jmp 00007FBF70ACAF0Eh
        jmp 00007FBF70AF35C5h
        jmp 00007FBF70AD586Fh
        jmp 00007FBF70AE3786h
        jmp 00007FBF70AB95E1h
        jmp 00007FBF70AFA774h
        jmp 00007FBF70B35FCBh
        jmp 00007FBF70AF166Fh
        jmp 00007FBF70AC1739h
        jmp 00007FBF70ADBBB5h
        jmp 00007FBF70B05AA1h
        jmp 00007FBF70B2F638h
        jmp 00007FBF70B1F8F4h
        jmp 00007FBF70B1853Dh
        jmp 00007FBF70AC3EADh
        jmp 00007FBF70AE36A0h
        jmp 00007FBF70AF2C70h
        jmp 00007FBF70AF2C57h
        jmp 00007FBF70AD9C9Dh
        jmp 00007FBF70AD3E89h

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x100
        IMAGE_DIRECTORY_ENTRY_IMPORT0x3a41cc0x28.idata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x100
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3a60000x47f4.reloc
        IMAGE_DIRECTORY_ENTRY_DEBUG0xb16a00x38.rdata
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb15b80x40.rdata
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x3a40000x1cc.idata
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x9ef240x9f000False0.3489721526139937data5.808660940243666IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        .rdata0xa00000x19ddc0x19e00False0.3395889945652174data4.119191864178727IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .data0xba0000x2e9bc40x2e8000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .idata0x3a40000xbdb0xc00False0.3610026041666667data4.663842800729639IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .00cfg0x3a50000x10e0x200False0.03515625data0.11055713125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .reloc0x3a60000x71bd0x7200False0.4772820723684211data4.965115122336909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

        Imports

        DLLImport
        KERNEL32.dllFormatMessageA, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, LocalFree, EncodePointer, DecodePointer, LCMapStringEx, GetLocaleInfoEx, CompareStringEx, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, GetCurrentThread, HeapAlloc, HeapFree, GetFileType, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, SetConsoleCtrlHandler, GetTimeZoneInformation, OutputDebugStringW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, HeapSize, WriteConsoleW

        Network Behavior

        No network behavior found

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:19:47:01
        Start date:24/11/2022
        Path:C:\Users\user\Desktop\Ou0ZT4968y.exe
        Wow64 process (32bit):true
        Commandline:C:\Users\user\Desktop\Ou0ZT4968y.exe
        Imagebase:0x1150000
        File size:3838464 bytes
        MD5 hash:27B75158DCFEBA6B3419BDBB15397584
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:low

        General

        Target ID:1
        Start time:19:47:02
        Start date:24/11/2022
        Path:C:\Windows\System32\conhost.exe
        Wow64 process (32bit):false
        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Imagebase:0x7ff745070000
        File size:625664 bytes
        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        General

        Target ID:2
        Start time:19:47:10
        Start date:24/11/2022
        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
        Imagebase:0x2c0000
        File size:2688096 bytes
        MD5 hash:B3A917344F5610BEEC562556F11300FA
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        General

        Target ID:4
        Start time:19:47:12
        Start date:24/11/2022
        Path:C:\Windows\SysWOW64\WerFault.exe
        Wow64 process (32bit):true
        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 144
        Imagebase:0xe20000
        File size:434592 bytes
        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:1.5%
          Dynamic/Decrypted Code Coverage:100%
          Signature Coverage:3.4%
          Total number of Nodes:149
          Total number of Limit Nodes:12
          execution_graph 34618 115ff47 34619 115ff53 34618->34619 34621 115ff94 34619->34621 34623 1155cae std::_Locinfo::_Locinfo_ctor 34619->34623 34622 115ff8b 34623->34622 34624 11645b0 34623->34624 34624->34622 34498 1154b56 34499 11c2327 34498->34499 34500 11c2335 34499->34500 34502 11c1a27 34499->34502 34503 11c1a30 34502->34503 34505 11c1a3d 34502->34505 34503->34505 34506 11c1a95 34503->34506 34505->34500 34507 11c1a9e 34506->34507 34508 11c1aa1 34506->34508 34507->34505 34511 1154543 34508->34511 34510 11c1aa8 34510->34505 34511->34510 34512 11d7812 34511->34512 34513 11d784d 34512->34513 34515 11d75ee 34512->34515 34513->34510 34516 11d7601 34515->34516 34519 11d72d4 34516->34519 34518 11d7609 34518->34513 34520 11d72e6 34519->34520 34521 11d72f5 GetOEMCP 34520->34521 34522 11d7307 34520->34522 34523 11d731e 34521->34523 34522->34523 34524 11d730c GetACP 34522->34524 34523->34518 34524->34523 34525 1160375 34526 1160394 34525->34526 34528 11603ca 34525->34528 34526->34528 34529 115394a 34526->34529 34529->34528 34530 1163454 34529->34530 34533 1151483 34530->34533 34532 116348d 34532->34528 34533->34532 34534 1163418 34533->34534 34535 1163429 VirtualProtect 34534->34535 34535->34532 34625 1151ea6 34626 11e6d49 34625->34626 34629 115159b 34626->34629 34628 11e6d84 34629->34628 34630 11cc5ec 34629->34630 34631 11cc5fd LCMapStringEx 34630->34631 34632 11cc624 34630->34632 34635 11cc644 34631->34635 34634 11cc63d LCMapStringW 34632->34634 34634->34635 34635->34628 34636 115fc00 34637 115fc20 34636->34637 34638 115fc45 34637->34638 34639 115fc5a 34637->34639 34642 115fc8a 34637->34642 34656 11522b1 std::_Facet_Register 34639->34656 34641 115fcf9 34642->34641 34643 115fd0e 34642->34643 34645 115fd3e 34642->34645 34657 11522b1 std::_Facet_Register 34643->34657 34646 115fdad 34645->34646 34647 115fdc2 34645->34647 34650 115fdf2 34645->34650 34658 11522b1 std::_Facet_Register 34647->34658 34649 115fe61 34650->34649 34651 115fea6 34650->34651 34652 115fe76 34650->34652 34660 1155d7b _strlen 34651->34660 34659 11522b1 std::_Facet_Register 34652->34659 34655 115feea 34656->34638 34657->34641 34658->34646 34659->34649 34660->34655 34536 11606bf 34537 11606d2 34536->34537 34538 11606c9 34536->34538 34540 1151541 34538->34540 34540->34537 34541 11635ea 34540->34541 34542 1163605 34541->34542 34544 115416a 34541->34544 34542->34537 34544->34542 34545 1166722 34544->34545 34547 116673e 34545->34547 34548 1152d88 _Fputc 34545->34548 34547->34542 34548->34547 34549 1164fd7 34548->34549 34549->34547 34661 116660d 34664 1154c4b std::ios_base::_Init 34661->34664 34663 1166618 34664->34663 34665 1166042 34664->34665 34665->34663 34666 115516e 34667 116375e 34666->34667 34670 1152293 34667->34670 34669 116377b 34670->34669 34671 11634a2 34670->34671 34672 11634ae FreeConsole 34671->34672 34550 1151799 34551 11cb564 34550->34551 34554 11cb595 34551->34554 34556 11cb3a0 GetStartupInfoW GetFileType 34551->34556 34553 11cb590 34557 11cb483 34553->34557 34556->34553 34558 11cb48a 34557->34558 34559 11cb4cd GetStdHandle 34558->34559 34560 11cb533 34558->34560 34561 11cb4e0 GetFileType 34558->34561 34559->34558 34560->34554 34561->34558 34562 115579a 34563 1188564 SetUnhandledExceptionFilter 34562->34563 34564 1153f3a 34566 11b4221 34564->34566 34565 11b4241 34566->34565 34568 11523d3 34566->34568 34568->34566 34569 11cefdd 34568->34569 34575 11ceff1 __get_errno 34569->34575 34576 11514ec 34569->34576 34571 11cf041 34573 11cf05d __get_errno 34571->34573 34578 1151d1b 34571->34578 34603 11cf09c LeaveCriticalSection 34573->34603 34575->34566 34576->34571 34577 11d918c EnterCriticalSection 34576->34577 34577->34571 34578->34573 34580 11cf10b 34578->34580 34579 11cf197 34604 11ceb89 34579->34604 34580->34579 34602 11cf131 __get_errno 34580->34602 34613 11518cf SetFilePointerEx GetLastError 34580->34613 34584 11cf1de 34586 11cf238 WriteFile 34584->34586 34587 11cf1f2 34584->34587 34585 11cf1a5 34588 11cf1a9 34585->34588 34589 11cf1cb 34585->34589 34590 11cf25b GetLastError 34586->34590 34601 11cf216 34586->34601 34592 11cf228 34587->34592 34593 11cf1fa 34587->34593 34588->34602 34614 11ceb07 GetLastError 34588->34614 34615 11ce670 GetConsoleOutputCP WriteFile WriteFile GetLastError 34589->34615 34590->34601 34608 11cec16 34592->34608 34596 11cf1ff 34593->34596 34597 11cf218 34593->34597 34598 11cf208 34596->34598 34596->34602 34617 11cee4a WriteFile GetLastError 34597->34617 34616 11ced27 WriteFile GetLastError 34598->34616 34601->34602 34602->34573 34603->34575 34605 11ceb9a 34604->34605 34606 11cebd7 GetConsoleMode 34605->34606 34607 11cebf0 34605->34607 34606->34607 34607->34584 34607->34585 34609 11cec25 34608->34609 34610 11cecd6 34609->34610 34611 11cec95 WriteFile 34609->34611 34610->34602 34611->34609 34612 11cecd8 GetLastError 34611->34612 34612->34610 34613->34579 34614->34602 34615->34602 34616->34601 34617->34601 34673 1168de9 34674 1168ed6 34673->34674 34675 1168e0f 34673->34675 34675->34674 34677 1154d0e 34675->34677 34677->34675 34680 11683da 34677->34680 34678 11683fb 34678->34675 34680->34678 34681 1151d5c _Fputc 34680->34681 34681->34678 34682 1167510 34681->34682 34682->34678

          Executed Functions

          Function 0115579A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 137 115579a-118856f SetUnhandledExceptionFilter
          C-Code - Quality: 100%
          			E0115579A() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E011556AA); // executed
				return _t1;
			}




          0x01188569
          0x0118856f

          APIs
          • SetUnhandledExceptionFilter.KERNELBASE(Function_000056AA), ref: 01188569
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ExceptionFilterUnhandled
          • String ID:
          • API String ID: 3192549508-0
          • Opcode ID: c6843ec601d021a1df6cb03db5b42cf8f35027d59c1e176f415298957f102552
          • Instruction ID: 217167e9b6c33978ad89a6b7ea4a6d8ac33162926d6424000c3b7e59c715a205
          • Opcode Fuzzy Hash: c6843ec601d021a1df6cb03db5b42cf8f35027d59c1e176f415298957f102552
          • Instruction Fuzzy Hash: 10900264580241DE8EDCE652F509616361167406093654049A4226252D4B944110CE36
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01160375 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 139 1160375-116038e 140 1160394-11603ad call 1152f9a 139->140 141 116044f-116045f call 1152ecd 139->141 140->141 146 11603b3-11603cd call 115394a call 1153e59 140->146 150 11603d2-11603e2 146->150 151 11603eb-11603f2 150->151 152 11603f4-11603fb 151->152 153 11603fd-116044b call 1152360 151->153 152->151 153->141
          C-Code - Quality: 63%
          			E01160375(void* __ebx, intOrPtr __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t24;
				void* _t47;
				char* _t56;
				void* _t59;
				signed int _t60;
				void* _t61;
				void* _t62;

				_t44 = __ecx;
				_t43 = __ebx;
				_t24 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t24 ^ _t60;
				_v20 = __ecx;
				if(_a4 != 0) {
					L01152F9A(0x1474268, _a4, 0x100, 0x3b9aca00);
					_t62 = _t61 + 0xc;
					if(_a4 != 0) {
						_v24 = _v24 & 0x00000000;
						_v28 = 4;
						_v32 = 0x269ad8;
						E0115394A(__ebx, _t44);
						L01153E59(_a4); // executed
						_pop(_t47);
						_v36 = _v36 & 0x00000000;
						_v12 = 0x7c;
						_v16 = _v16 & 0x00000000;
						while(_v16 < 0x105) {
							_v12 = _v12 + 1;
							_v16 = _v16 + 1;
						}
						L01152360(_t43, _t47, 0x77e, 0x1473ae0, 4);
						_push(0x120a008);
						_push(0);
						_push(0x1474268);
						_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t62 + 0xc))));
						_push(_t59);
						_push(0x1473ae0);
						_t56 =  &_v12;
						asm("lodsd");
						_push(0);
						goto __eax;
					}
				}
				return L01152ECD(_v20, _t43, _v8 ^ _t60, 0x1473ae0, 0x1474268, _t56);
			}





















          0x01160375
          0x01160375
          0x0116037b
          0x01160382
          0x01160387
          0x0116038e
          0x011603a1
          0x011603a6
          0x011603ad
          0x011603b3
          0x011603b7
          0x011603be
          0x011603c5
          0x011603cd
          0x011603d2
          0x011603d3
          0x011603d7
          0x011603de
          0x011603eb
          0x011603f8
          0x011603e8
          0x011603e8
          0x01160410
          0x0116041f
          0x0116042a
          0x01160432
          0x0116043a
          0x0116043b
          0x01160441
          0x01160442
          0x01160445
          0x0116044b
          0x0116044d
          0x0116044d
          0x011603ad
          0x0116045f

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: |
          • API String ID: 0-2343686810
          • Opcode ID: 348249e2074f76f6a98e6dbc0d9b2c90ec3639f332d5d83d22c4e208222a0eb5
          • Instruction ID: 2359d33a3f7492e868219b981b64005f2340d7dda59923b3aaaeea3d5b0e5571
          • Opcode Fuzzy Hash: 348249e2074f76f6a98e6dbc0d9b2c90ec3639f332d5d83d22c4e208222a0eb5
          • Instruction Fuzzy Hash: 9D21A172E00104EFDB08DF99DC46BEEBBF9FB88305F108026E516AB190D7746685CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01152293 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 8COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 1152293-11634b0 call 11551ff FreeConsole
          C-Code - Quality: 77%
          			E01152293(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v4;
				char _v5;
				signed int _v8;
				signed int _t6;
				void* _t8;
				void* _t9;
				void* _t21;
				signed int _t24;
				void* _t25;

				_t25 = __eflags;
				_t21 = __edx;
				L011551FF(__ecx, "FreeConsole", 0);
				_pop(_t14); // executed
				FreeConsole(); // executed
				_push(_t14);
				_t6 =  *0x14efcac; // 0x473d9cf5
				_v4 = _t6 ^ _t24;
				_t8 = L01152EB9(_t25); // executed
				_t9 = L0115338C(__ebx,  &_v5, _t8); // executed
				return L01152ECD(_t9, __ebx, _v8 ^ _t24, _t21, __edi, __esi, 0x3b9aca00);
			}












          0x01152293
          0x01152293
          0x011634a9
          0x011634af
          0x011634b0
          0x01163678
          0x01163679
          0x01163680
          0x01163689
          0x01163694
          0x011636a6

          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ConsoleFree
          • String ID: FreeConsole
          • API String ID: 771614528-1307276421
          • Opcode ID: 235912ee3850e8c1452f8838f3de18e896fce8fd1956e4ba6cbc0b5651c7de52
          • Instruction ID: 960facd147724b919c1cefcbcaed38adec66408b04c72cbb6c810f8422ed41b0
          • Opcode Fuzzy Hash: 235912ee3850e8c1452f8838f3de18e896fce8fd1956e4ba6cbc0b5651c7de52
          • Instruction Fuzzy Hash: 28B0122916C301FCD19D31731C4271421004B10530F61440DD937240C08FC250010026
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01151D1B Relevance: 3.2, APIs: 2, Instructions: 171fileCOMMON
          Download Yara Rule

          Control-flow Graph

          C-Code - Quality: 93%
          			E01151D1B(signed int _a4, void* _a8, signed int _a12) {
				long _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _v40;
				char _v44;
				signed int _t59;
				signed int _t64;
				signed int _t66;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t81;
				signed int _t84;
				signed int _t91;
				signed int _t93;
				intOrPtr _t95;
				signed int _t100;
				intOrPtr _t101;
				void* _t102;
				signed int _t105;
				signed int _t107;
				void* _t109;

				_t93 = _a12;
				_v8 = _t93;
				_t105 = _a4;
				_t102 = _a8;
				_v16 = _t102;
				if(_t93 == 0) {
					L38:
					__eflags = 0;
					return 0;
				} else {
					_t113 = _t102;
					if(_t102 != 0) {
						_t100 = _t105 >> 6;
						_t59 = (_t105 & 0x0000003f) * 0x38;
						_v20 = _t100;
						_t101 =  *((intOrPtr*)(0x14f3688 + _t100 * 4));
						_v12 = _t59;
						_t91 =  *((intOrPtr*)(_t101 + _t59 + 0x29));
						__eflags = _t91 - 2;
						if(_t91 == 2) {
							L7:
							__eflags =  !_t93 & 0x00000001;
							if(__eflags == 0) {
								goto L3;
							}
							_t59 = _v12;
							L9:
							__eflags =  *(_t101 + _t59 + 0x28) & 0x00000020;
							if(__eflags != 0) {
								E011518CF(_t105, 0, 0, 2);
								_t109 = _t109 + 0x10;
							}
							_t66 = E011CEB89(_t101, __eflags, _t105);
							__eflags = _t66;
							if(_t66 == 0) {
								_t95 =  *((intOrPtr*)(0x14f3688 + _v20 * 4));
								_t68 = _v12;
								__eflags =  *((char*)(_t95 + _t68 + 0x28));
								if( *((char*)(_t95 + _t68 + 0x28)) >= 0) {
									asm("stosd");
									asm("stosd");
									asm("stosd");
									_t71 = WriteFile( *(_t95 + _t68 + 0x18), _v16, _v8,  &_v40, 0);
									__eflags = _t71;
									if(_t71 == 0) {
										_v44 = GetLastError();
									}
									goto L28;
								}
								_t81 = _t91;
								__eflags = _t81;
								if(_t81 == 0) {
									E011CEC16( &_v44, _t105, _t102, _v8); // executed
									goto L17;
								}
								_t84 = _t81 - 1;
								__eflags = _t84;
								if(_t84 == 0) {
									_t83 = E011CEE4A( &_v44, _t105, _t102, _v8);
									goto L17;
								}
								__eflags = _t84 != 1;
								if(_t84 != 1) {
									goto L34;
								}
								_t83 = E011CED27( &_v44, _t105, _t102, _v8);
								goto L17;
							} else {
								__eflags = _t91;
								if(__eflags == 0) {
									_t83 = E011CE670(__eflags,  &_v44, _t105, _t102, _v8);
									L17:
									L15:
									L28:
									asm("movsd");
									asm("movsd");
									asm("movsd");
									_t72 = _v28;
									__eflags = _t72;
									if(_t72 != 0) {
										return _t72 - _v24;
									}
									_t74 = _v32;
									__eflags = _t74;
									if(_t74 == 0) {
										_t102 = _v16;
										L34:
										__eflags =  *( *((intOrPtr*)(0x14f3688 + _v20 * 4)) + _v12 + 0x28) & 0x00000040;
										if(__eflags == 0) {
											L36:
											 *((intOrPtr*)(L01153792(__eflags))) = 0x1c;
											_t64 = E01151802(__eflags);
											 *_t64 =  *_t64 & 0x00000000;
											L4:
											return _t64 | 0xffffffff;
										}
										__eflags =  *_t102 - 0x1a;
										if(__eflags == 0) {
											goto L38;
										}
										goto L36;
									}
									_t107 = 5;
									__eflags = _t74 - _t107;
									if(__eflags != 0) {
										_t64 = L011547AF(_t74);
									} else {
										 *((intOrPtr*)(L01153792(__eflags))) = 9;
										_t64 = E01151802(__eflags);
										 *_t64 = _t107;
									}
									goto L4;
								}
								__eflags = _t91 - 1 - 1;
								if(_t91 - 1 > 1) {
									goto L34;
								}
								E011CEB07( &_v44, _t102, _v8);
								goto L15;
							}
						}
						__eflags = _t91 - 1;
						if(_t91 != 1) {
							goto L9;
						}
						goto L7;
					}
					L3:
					 *(E01151802(_t113)) =  *_t62 & 0x00000000;
					 *((intOrPtr*)(L01153792( *_t62))) = 0x16;
					_t64 = L01153567();
					goto L4;
				}
			}






























          0x011cf113
          0x011cf116
          0x011cf11b
          0x011cf11f
          0x011cf122
          0x011cf127
          0x011cf2de
          0x011cf2de
          0x00000000
          0x011cf12d
          0x011cf12d
          0x011cf12f
          0x011cf155
          0x011cf15b
          0x011cf15e
          0x011cf161
          0x011cf168
          0x011cf16b
          0x011cf16f
          0x011cf172
          0x011cf179
          0x011cf17d
          0x011cf17f
          0x00000000
          0x00000000
          0x011cf181
          0x011cf184
          0x011cf184
          0x011cf189
          0x011cf192
          0x011cf197
          0x011cf197
          0x011cf19b
          0x011cf1a1
          0x011cf1a3
          0x011cf1e1
          0x011cf1e8
          0x011cf1eb
          0x011cf1f0
          0x011cf241
          0x011cf244
          0x011cf245
          0x011cf251
          0x011cf257
          0x011cf259
          0x011cf261
          0x011cf261
          0x00000000
          0x011cf264
          0x011cf1f5
          0x011cf1f5
          0x011cf1f8
          0x011cf231
          0x00000000
          0x011cf231
          0x011cf1fa
          0x011cf1fa
          0x011cf1fd
          0x011cf221
          0x00000000
          0x011cf221
          0x011cf1ff
          0x011cf202
          0x00000000
          0x00000000
          0x011cf211
          0x00000000
          0x011cf1a5
          0x011cf1a5
          0x011cf1a7
          0x011cf1d4
          0x011cf1d9
          0x011cf1c4
          0x011cf267
          0x011cf26a
          0x011cf26b
          0x011cf26c
          0x011cf26d
          0x011cf270
          0x011cf272
          0x00000000
          0x011cf2d9
          0x011cf274
          0x011cf277
          0x011cf279
          0x011cf2a5
          0x011cf2a8
          0x011cf2b5
          0x011cf2ba
          0x011cf2c1
          0x011cf2c6
          0x011cf2cc
          0x011cf2d1
          0x011cf149
          0x00000000
          0x011cf149
          0x011cf2bc
          0x011cf2bf
          0x00000000
          0x00000000
          0x00000000
          0x011cf2bf
          0x011cf27d
          0x011cf27e
          0x011cf280
          0x011cf29a
          0x011cf282
          0x011cf287
          0x011cf28d
          0x011cf292
          0x011cf292
          0x00000000
          0x011cf280
          0x011cf1ab
          0x011cf1ae
          0x00000000
          0x00000000
          0x011cf1bc
          0x00000000
          0x011cf1c1
          0x011cf1a3
          0x011cf174
          0x011cf177
          0x00000000
          0x00000000
          0x00000000
          0x011cf177
          0x011cf131
          0x011cf136
          0x011cf13e
          0x011cf144
          0x00000000
          0x011cf144

          APIs
            • Part of subcall function 011CE670: GetConsoleOutputCP.KERNEL32(?,?,?), ref: 011CE6B8
          • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 011CF251
          • GetLastError.KERNEL32 ref: 011CF25B
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ConsoleErrorFileLastOutputWrite
          • String ID:
          • API String ID: 2915228174-0
          • Opcode ID: 7de086db82973686cf2ff1ebc8b18f50ee5683bfcda3e278b93f0f8f03cc5c30
          • Instruction ID: 3d60eba785be4bc473fb2d735af8e3f636e8bbcfa9468cee44b8243ad1f530dd
          • Opcode Fuzzy Hash: 7de086db82973686cf2ff1ebc8b18f50ee5683bfcda3e278b93f0f8f03cc5c30
          • Instruction Fuzzy Hash: 6251967590010BAAEB2DDFA8C845BEE7FBBEFA6B14F05004DD500A7291D770D942C761
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011CEC16 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 72 11cec16-11cec6b call 1151d0c 75 11cec6d 72->75 76 11cece0-11cecf0 call 1152ecd 72->76 77 11cec73 75->77 79 11cec79-11cec7b 77->79 81 11cec7d-11cec82 79->81 82 11cec95-11cecba WriteFile 79->82 83 11cec8b-11cec93 81->83 84 11cec84-11cec8a 81->84 85 11cecbc-11cecc7 82->85 86 11cecd8-11cecde GetLastError 82->86 83->79 83->82 84->83 85->76 87 11cecc9-11cecd4 85->87 86->76 87->77 88 11cecd6 87->88 88->76
          C-Code - Quality: 81%
          			E011CEC16(void* _a4, signed int _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v9;
				void _v5128;
				long _v5132;
				intOrPtr _v5136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				int _t41;
				long _t43;
				char _t44;
				void* _t46;
				intOrPtr* _t50;
				intOrPtr _t54;
				void* _t55;
				long _t56;
				char* _t57;
				signed int _t58;

				E01151D0C(0x140c);
				_t29 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t29 ^ _t58;
				_t47 = _a8;
				_t46 = _a4;
				_t55 = _t46;
				_t50 = _a12;
				_t54 = _a16 + _t50;
				_v5132 =  *((intOrPtr*)( *((intOrPtr*)(0x14f3688 + (_a8 >> 6) * 4)) + 0x18 + (_t47 & 0x0000003f) * 0x38));
				asm("stosd");
				_v5136 = _t54;
				asm("stosd");
				asm("stosd");
				if(_t50 < _t54) {
					_t55 = _v5132;
					do {
						_t57 =  &_v5128;
						while(_t50 < _t54) {
							_t44 =  *_t50;
							_t50 = _t50 + 1;
							if(_t44 == 0xa) {
								 *((intOrPtr*)(_t46 + 8)) =  *((intOrPtr*)(_t46 + 8)) + 1;
								 *_t57 = 0xd;
								_t57 = _t57 + 1;
							}
							 *_t57 = _t44;
							_t57 = _t57 + 1;
							if(_t57 <  &_v9) {
								continue;
							}
							break;
						}
						_a12 = _t50;
						_t56 = _t57 -  &_v5128;
						_t41 = WriteFile(_t55,  &_v5128, _t56,  &_v5132, 0); // executed
						if(_t41 == 0) {
							 *_t46 = GetLastError();
						} else {
							_t43 = _v5132;
							 *((intOrPtr*)(_t46 + 4)) =  *((intOrPtr*)(_t46 + 4)) + _t43;
							if(_t43 >= _t56) {
								goto L9;
							}
						}
						goto L12;
						L9:
						_t50 = _a12;
						_t54 = _v5136;
					} while (_t50 < _t54);
				}
				L12:
				return L01152ECD(_t46, _t46, _v8 ^ _t58, _t54, _t55, _t56);
			}






















          0x011cec20
          0x011cec25
          0x011cec2c
          0x011cec2f
          0x011cec41
          0x011cec4d
          0x011cec53
          0x011cec56
          0x011cec58
          0x011cec60
          0x011cec61
          0x011cec67
          0x011cec68
          0x011cec6b
          0x011cec6d
          0x011cec73
          0x011cec73
          0x011cec79
          0x011cec7d
          0x011cec7f
          0x011cec82
          0x011cec84
          0x011cec87
          0x011cec8a
          0x011cec8a
          0x011cec8b
          0x011cec8d
          0x011cec93
          0x00000000
          0x00000000
          0x00000000
          0x011cec93
          0x011cec9b
          0x011cec9e
          0x011cecb2
          0x011cecba
          0x011cecde
          0x011cecbc
          0x011cecbc
          0x011cecc2
          0x011cecc7
          0x00000000
          0x00000000
          0x011cecc7
          0x00000000
          0x011cecc9
          0x011cecc9
          0x011ceccc
          0x011cecd2
          0x011cecd6
          0x011cece0
          0x011cecf0

          APIs
          • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,?,011CF236,00000000,?,?,?), ref: 011CECB2
          • GetLastError.KERNEL32(?,011CF236,00000000,?,?,?), ref: 011CECD8
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ErrorFileLastWrite
          • String ID:
          • API String ID: 442123175-0
          • Opcode ID: 6f4f6a78082ae2fb085cd5e08e6c6200b0fb9c2c7da9518968e0ab7ceed5786d
          • Instruction ID: 365ac837154372442a23c4624ac605cf3a154024cac7020e93ce79610950d2f9
          • Opcode Fuzzy Hash: 6f4f6a78082ae2fb085cd5e08e6c6200b0fb9c2c7da9518968e0ab7ceed5786d
          • Instruction Fuzzy Hash: B621BF35A012199FCB2ACF29D8809EDBBF9FB59701F1444ADEA06D7211D730DE42CB68
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011CB483 Relevance: 3.1, APIs: 2, Instructions: 67COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 89 11cb483-11cb488 90 11cb48a-11cb4a2 89->90 91 11cb4a4-11cb4a8 90->91 92 11cb4b0-11cb4b9 90->92 91->92 93 11cb4aa-11cb4ae 91->93 94 11cb4cb 92->94 95 11cb4bb-11cb4be 92->95 96 11cb529-11cb52d 93->96 99 11cb4cd-11cb4da GetStdHandle 94->99 97 11cb4c7-11cb4c9 95->97 98 11cb4c0-11cb4c5 95->98 96->90 100 11cb533-11cb536 96->100 97->99 98->99 101 11cb4dc-11cb4de 99->101 102 11cb4e9 99->102 101->102 103 11cb4e0-11cb4e7 GetFileType 101->103 104 11cb4eb-11cb4ed 102->104 103->104 105 11cb4ef-11cb4f8 104->105 106 11cb50b-11cb51d 104->106 108 11cb4fa-11cb4fe 105->108 109 11cb500-11cb503 105->109 106->96 107 11cb51f-11cb522 106->107 107->96 108->96 109->96 110 11cb505-11cb509 109->110 110->96
          C-Code - Quality: 84%
          			E011CB483() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x14f3688 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							_t25 = 0;
						} else {
							_t25 = GetFileType(_t28); // executed
						}
						if(_t25 == 0) {
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x14f2ad4; // 0xd12df0
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
						} else {
							_t20 = _t25 & 0x000000ff;
							 *(_t33 + 0x18) = _t28;
							if(_t20 != 2) {
								if(_t20 == 3) {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
								}
							} else {
								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










          0x011cb488
          0x011cb48a
          0x011cb48e
          0x011cb497
          0x011cb4a2
          0x011cb4b2
          0x011cb4b6
          0x011cb4b9
          0x011cb4cb
          0x011cb4bb
          0x011cb4be
          0x011cb4c7
          0x011cb4c0
          0x011cb4c3
          0x011cb4c3
          0x011cb4be
          0x011cb4cd
          0x011cb4d5
          0x011cb4da
          0x011cb4e9
          0x011cb4e0
          0x011cb4e1
          0x011cb4e1
          0x011cb4ed
          0x011cb50b
          0x011cb50f
          0x011cb516
          0x011cb51d
          0x011cb51f
          0x011cb522
          0x011cb522
          0x011cb4ef
          0x011cb4ef
          0x011cb4f2
          0x011cb4f8
          0x011cb503
          0x011cb505
          0x011cb505
          0x011cb4fa
          0x011cb4fa
          0x011cb4fa
          0x011cb4f8
          0x011cb4aa
          0x011cb4aa
          0x011cb4aa
          0x011cb529
          0x011cb52a
          0x011cb536

          APIs
          • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,011CB595,012090E0,0000000C), ref: 011CB4CF
          • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,011CB595,012090E0,0000000C), ref: 011CB4E1
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: FileHandleType
          • String ID:
          • API String ID: 3000768030-0
          • Opcode ID: b2ac406854c11fe76d05972a83469cc7e2a0b0ff56b4d13d93912b46f2210d07
          • Instruction ID: 62f152371cd86dc2f54f1555085375222390afb48afeb52dc693dfd0afdbf70b
          • Opcode Fuzzy Hash: b2ac406854c11fe76d05972a83469cc7e2a0b0ff56b4d13d93912b46f2210d07
          • Instruction Fuzzy Hash: 10110A7160CB514AD73C493E9C89532FE94AB76AB0B29071EE1B7C26F1C730C486C24E
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0115159B Relevance: 3.0, APIs: 2, Instructions: 35COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 111 115159b-11cc5fb call 11cbb75 115 11cc5fd-11cc622 LCMapStringEx 111->115 116 11cc624-11cc63e call 115398b LCMapStringW 111->116 120 11cc644-11cc646 115->120 116->120
          C-Code - Quality: 50%
          			E0115159B(intOrPtr _a4, int _a8, short* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				void* _t20;
				intOrPtr* _t22;

				_t22 = L011CBB75();
				if(_t22 == 0) {
					return LCMapStringW(L0115398B(_a4, 0), _a8, _a12, _a16, _a20, _a24);
				}
				 *0x14f5000(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36); // executed
				_t20 =  *_t22(); // executed
				return _t20;
			}





          0x011cc5f7
          0x011cc5fb
          0x00000000
          0x011cc63e
          0x011cc61a
          0x011cc620
          0x00000000

          APIs
          • LCMapStringEx.KERNELBASE ref: 011CC620
          • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?), ref: 011CC63E
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: String
          • String ID:
          • API String ID: 2568140703-0
          • Opcode ID: ab75016d94aabed347173970341144f1eacaf8bec3c4c64534b0167ea1e08614
          • Instruction ID: b008ac65ea3f877c068388ce4a8ebf1db160ea975983dfbd75b7106a7c4b2084
          • Opcode Fuzzy Hash: ab75016d94aabed347173970341144f1eacaf8bec3c4c64534b0167ea1e08614
          • Instruction Fuzzy Hash: D3F0B83200011ABBCF165E90DD04AEE7E26EB68BA4F098018BA1865220CB32D831AB94
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01151483 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 133 1151483-1163447 call 1152360 VirtualProtect
          C-Code - Quality: 100%
          			E01151483(void* __eflags, void* _a4, intOrPtr _a8) {
				void* _t7;
				void* _t8;

				L01152360(_t7, _t8, 0x269ad8, "true", 4);
				return VirtualProtect(0x1473ae0, 0x77e, _a8 + 0x18, 0x14f1f78);
			}





          0x01163424
          0x01163447

          APIs
          • VirtualProtect.KERNELBASE(01473AE0,0000077E,?,014F1F78), ref: 01163443
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ProtectVirtual
          • String ID:
          • API String ID: 544645111-0
          • Opcode ID: 28c59518cb7525b847bf07047c5f3915d985391e8b774f0496ab74427efaa134
          • Instruction ID: 85ba176abe36a1a9dc5ff2a9d58383388b3e372b3e5bee678a4daf6c59f2ba92
          • Opcode Fuzzy Hash: 28c59518cb7525b847bf07047c5f3915d985391e8b774f0496ab74427efaa134
          • Instruction Fuzzy Hash: 7BD012A1BE8305B6DE14EA6B9D03E2A7188BB70F07F100058B649751C2CAB1685C4573
          Uniqueness

          Uniqueness Score: -1.00%

          Non-executed Functions

          Function 0115510A Relevance: 7.4, Strings: 4, Instructions: 2429COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 19%
          			E0115510A(void* __ebx, signed int __edx, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, signed int _a20, intOrPtr _a24) {
				signed int _v0;
				signed int _v8;
				signed int _v464;
				void _v468;
				signed int _v472;
				char _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1868;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				intOrPtr _v1888;
				signed int _v1892;
				signed int _v1896;
				signed int _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1928;
				char _v1932;
				signed int _v1940;
				signed int _v1944;
				char _v2404;
				signed int _v2408;
				signed int _v2424;
				void* __edi;
				void* __esi;
				signed int _t798;
				intOrPtr _t808;
				signed int _t815;
				signed int _t816;
				signed int _t817;
				intOrPtr _t822;
				intOrPtr* _t823;
				intOrPtr* _t826;
				signed int _t832;
				signed int _t834;
				signed int _t841;
				signed int _t846;
				intOrPtr _t852;
				void* _t853;
				signed int _t859;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t868;
				signed int _t870;
				signed int _t872;
				signed int _t873;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t882;
				signed int _t885;
				signed int _t888;
				signed int _t893;
				signed int _t894;
				signed int _t901;
				signed int _t904;
				signed int _t908;
				char* _t911;
				signed int _t914;
				signed int _t925;
				signed int _t926;
				signed int _t927;
				signed int _t928;
				char* _t929;
				signed char _t931;
				signed int _t936;
				signed int _t938;
				signed int _t942;
				signed int _t945;
				signed int _t952;
				signed int _t955;
				signed int _t957;
				signed int _t960;
				signed int _t967;
				signed int _t968;
				signed int _t971;
				signed int _t984;
				signed int _t985;
				signed int _t986;
				signed int _t987;
				signed int* _t988;
				signed char _t990;
				signed int* _t993;
				signed int _t995;
				signed int _t997;
				signed int _t1001;
				signed int _t1004;
				signed int _t1011;
				signed int _t1014;
				signed int _t1017;
				signed int _t1020;
				signed int _t1027;
				intOrPtr _t1031;
				signed int _t1032;
				signed int _t1038;
				void* _t1045;
				signed int _t1046;
				signed int _t1047;
				signed int _t1048;
				signed int _t1051;
				signed int _t1057;
				signed int _t1061;
				signed int _t1063;
				signed int _t1068;
				void* _t1074;
				signed int _t1075;
				signed int _t1076;
				signed int _t1077;
				signed int _t1080;
				signed int _t1084;
				signed int _t1085;
				signed int _t1089;
				signed int _t1091;
				signed int _t1096;
				signed char _t1103;
				void* _t1104;
				signed int _t1109;
				intOrPtr* _t1116;
				signed int _t1124;
				signed int _t1125;
				signed int _t1130;
				signed int _t1132;
				signed int _t1133;
				signed int _t1134;
				signed int _t1137;
				signed int _t1141;
				signed int _t1142;
				signed int _t1143;
				signed int _t1145;
				signed int _t1146;
				signed int _t1147;
				signed int _t1149;
				signed int _t1150;
				signed int _t1151;
				signed int _t1152;
				signed int _t1154;
				signed int _t1155;
				signed int _t1156;
				signed int _t1158;
				signed int _t1159;
				unsigned int _t1160;
				unsigned int _t1164;
				unsigned int _t1167;
				signed int _t1168;
				signed int _t1171;
				signed int* _t1174;
				signed int _t1177;
				void* _t1179;
				unsigned int _t1180;
				signed int _t1181;
				signed int _t1184;
				signed int* _t1187;
				signed int _t1190;
				signed int _t1193;
				signed int _t1194;
				signed int _t1195;
				signed int _t1196;
				signed int _t1199;
				signed int _t1204;
				signed int _t1205;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1215;
				signed int _t1217;
				signed int _t1218;
				signed int _t1219;
				signed int _t1220;
				signed int _t1221;
				signed int _t1223;
				void* _t1224;
				signed int _t1225;
				signed int _t1227;
				signed int _t1232;
				intOrPtr _t1237;
				signed int _t1238;
				void* _t1240;
				void* _t1243;
				unsigned int _t1246;
				signed int _t1247;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int _t1251;
				signed int _t1252;
				signed int _t1255;
				signed int _t1256;
				signed int _t1257;
				signed int _t1258;
				signed int _t1261;
				signed int _t1262;
				signed int _t1263;
				void* _t1264;
				void* _t1267;
				signed int _t1269;
				signed int _t1273;
				signed int _t1275;
				signed int _t1279;
				signed int _t1281;
				signed int _t1282;
				intOrPtr _t1284;
				intOrPtr _t1285;
				void* _t1286;
				signed int _t1288;
				signed int _t1289;
				signed int _t1291;
				void* _t1294;
				signed int _t1296;
				signed int _t1297;
				signed int _t1299;
				signed int _t1300;
				signed int _t1302;
				signed int _t1310;
				signed int _t1314;
				void* _t1315;
				signed int* _t1316;
				signed int* _t1321;
				signed int _t1324;
				signed int _t1333;

				_t1193 = __edx;
				_t1310 = _t1314;
				_t1315 = _t1314 - 0x964;
				_t798 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t798 ^ _t1310;
				_v1928 = _a16;
				_v1896 = _a20;
				_push(__ebx);
				E01152F13(__eflags,  &_v1940);
				_t1103 = 1;
				if((_v1940 & 0x0000001f) != 0x1f) {
					L011555E7(__eflags,  &_v1940);
					_v1932 = 1;
				} else {
					_v1932 = 0;
				}
				_t1281 = _a8;
				_t1237 = 0x20;
				_t1324 = _t1281;
				if(_t1324 > 0 || _t1324 >= 0 && _a4 >= 0) {
					_t808 = _t1237;
				} else {
					_t808 = 0x2d;
				}
				_t1116 = _v1928;
				 *_t1116 = _t808;
				 *((intOrPtr*)(_t1116 + 8)) = _v1896;
				L0115568C( &_v1944, 0, 0);
				_t1316 = _t1315 + 0xc;
				if((_t1281 & 0x7ff00000) != 0) {
					L16:
					_t815 = E01154179( &_a4);
					_pop(_t1119);
					__eflags = _t815;
					if(_t815 != 0) {
						_t1119 = _v1928;
						 *((intOrPtr*)(_v1928 + 4)) = _t1103;
					}
					_t816 = _t815 - 1;
					__eflags = _t816;
					if(_t816 == 0) {
						_t817 = L01155B19(_v1896, _a24, "1#INF");
						__eflags = _t817;
						if(_t817 != 0) {
							goto L313;
						} else {
							_t1103 = 0;
							__eflags = 0;
							goto L310;
						}
					} else {
						_t832 = _t816 - 1;
						__eflags = _t832;
						if(_t832 == 0) {
							_push("1#QNAN");
							goto L14;
						} else {
							_t834 = _t832 - 1;
							__eflags = _t834;
							if(_t834 == 0) {
								_push("1#SNAN");
								goto L14;
							} else {
								__eflags = _t834 == 1;
								if(_t834 == 1) {
									_push("1#IND");
									goto L14;
								} else {
									_v1920 = _v1920 & 0x00000000;
									_a8 = _t1281 & 0x7fffffff;
									_t1333 = _a4;
									asm("fst qword [ebp-0x75c]");
									_t1288 = _v1884;
									_v1916 = _a12 + 1;
									_t1124 = _t1288 >> 0x14;
									_t841 = _t1124 & 0x000007ff;
									__eflags = _t841;
									if(_t841 != 0) {
										_t841 = 0;
										_t1194 = 0x100000;
										_t39 =  &_v1876;
										 *_t39 = _v1876 & 0;
										__eflags =  *_t39;
									} else {
										_t1194 = 0;
										_v1876 = _t1103;
									}
									_t1289 = _t1288 & 0x000fffff;
									_v1912 = _v1888 + _t841;
									asm("adc esi, edx");
									_t1125 = _t1124 & 0x000007ff;
									_v1868 = _v1876 + _t1125;
									E01154EC1(_t1125, _t1333);
									_push(_t1125);
									_push(_t1125);
									 *_t1316 = _t1333;
									L01155DA3(_t1125);
									_t846 = L01151C99(_t1194);
									_v1904 = _t846;
									_t1243 = 0x20;
									__eflags = _t846 - 0x7fffffff;
									if(_t846 == 0x7fffffff) {
										L27:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t846 - 0x80000000;
										if(_t846 == 0x80000000) {
											goto L27;
										}
									}
									_t1195 = _v1868;
									__eflags = _t1289;
									_v468 = _v1912;
									_v464 = _t1289;
									_t1130 = (0 | _t1289 != 0x00000000) + 1;
									_v1892 = _t1130;
									_v472 = _t1130;
									__eflags = _t1195 - 0x433;
									if(_t1195 < 0x433) {
										__eflags = _t1195 - 0x35;
										if(_t1195 == 0x35) {
											L98:
											__eflags = _t1289;
											_t209 =  &_v1884;
											 *_t209 = _v1884 & 0x00000000;
											__eflags =  *_t209;
											_t852 =  *((intOrPtr*)(_t1310 + 4 + (0 | _t1289 != 0x00000000) * 4 - 0x1d4));
											asm("bsr eax, eax");
											if( *_t209 == 0) {
												_t853 = 0;
												__eflags = 0;
											} else {
												_t853 = _t852 + 1;
											}
											__eflags = _t1243 - _t853 - _t1103;
											asm("sbb esi, esi");
											_t1291 =  ~_t1289 + _t1130;
											__eflags = _t1291 - 0x73;
											if(_t1291 <= 0x73) {
												_t1196 = _t1291 - 1;
												__eflags = _t1196 - 0xffffffff;
												if(_t1196 != 0xffffffff) {
													_t1264 = _t1196 - 1;
													while(1) {
														__eflags = _t1196 - _t1130;
														if(_t1196 >= _t1130) {
															_t1027 = 0;
															__eflags = 0;
														} else {
															_t1027 =  *(_t1310 + _t1196 * 4 - 0x1d0);
														}
														__eflags = _t1264 - _t1130;
														if(_t1264 >= _t1130) {
															_t1160 = 0;
															__eflags = 0;
														} else {
															_t1160 =  *(_t1310 + _t1196 * 4 - 0x1d4);
														}
														 *(_t1310 + _t1196 * 4 - 0x1d0) = _t1160 >> 0x0000001f | _t1027 + _t1027;
														_t1196 = _t1196 - 1;
														_t1264 = _t1264 - 1;
														__eflags = _t1196 - 0xffffffff;
														if(_t1196 == 0xffffffff) {
															goto L113;
														}
														_t1130 = _v472;
													}
												}
												L113:
												_v472 = _t1291;
											} else {
												_v1400 = _v1400 & 0x00000000;
												_v472 = _v472 & 0x00000000;
												_push(0);
												_push( &_v1396);
												_push(0x1cc);
												_push( &_v468);
												L314();
												_t1316 =  &(_t1316[4]);
											}
											_t1246 = 0x434 >> 5;
											L01152F9A(0x434 >> 5,  &_v1396, 0, 0x434);
											__eflags = 1;
											 *(_t1310 + 0xbad63d) = 1 << (0x00000434 - _v1868 & 0x0000001f);
										} else {
											_v1396 = _v1396 & 0x00000000;
											_v1392 = 0x100000;
											_v1400 = 2;
											__eflags = _t1289;
											if(_t1289 != 0) {
												_t1224 = 0;
												__eflags = 0;
												while(1) {
													_t1031 =  *((intOrPtr*)(_t1310 + _t1224 - 0x570));
													__eflags = _t1031 -  *((intOrPtr*)(_t1310 + _t1224 - 0x1d0));
													if(_t1031 !=  *((intOrPtr*)(_t1310 + _t1224 - 0x1d0))) {
														goto L98;
													}
													_t1224 = _t1224 + 4;
													__eflags = _t1224 - 8;
													if(_t1224 != 8) {
														continue;
													} else {
														__eflags = 0;
														asm("bsr eax, esi");
														_v1884 = 0;
														if(0 == 0) {
															_t1032 = 0;
														} else {
															_t1032 = _t1031 + 1;
														}
														__eflags = _t1243 - _t1032 - 2;
														asm("sbb esi, esi");
														_t1302 =  ~_t1289 + _t1130;
														__eflags = _t1302 - 0x73;
														if(_t1302 <= 0x73) {
															_t1225 = _t1302 - 1;
															__eflags = _t1225 - 0xffffffff;
															if(_t1225 != 0xffffffff) {
																_t1267 = _t1225 - 1;
																while(1) {
																	__eflags = _t1225 - _t1130;
																	if(_t1225 >= _t1130) {
																		_t1038 = 0;
																	} else {
																		_t1038 =  *(_t1310 + _t1225 * 4 - 0x1d0);
																	}
																	__eflags = _t1267 - _t1130;
																	if(_t1267 >= _t1130) {
																		_t1164 = 0;
																	} else {
																		_t1164 =  *(_t1310 + _t1225 * 4 - 0x1d4);
																	}
																	 *(_t1310 + _t1225 * 4 - 0x1d0) = _t1164 >> 0x0000001e | _t1038 << 0x00000002;
																	_t1225 = _t1225 - 1;
																	_t1267 = _t1267 - 1;
																	__eflags = _t1225 - 0xffffffff;
																	if(_t1225 == 0xffffffff) {
																		goto L96;
																	}
																	_t1130 = _v472;
																}
															}
															L96:
															_v472 = _t1302;
														} else {
															_push(0);
															_v1400 = 0;
															_push( &_v1396);
															_v472 = 0;
															_push(0x1cc);
															_push( &_v468);
															L314();
															_t1316 =  &(_t1316[4]);
														}
														_t1246 = 0x435 >> 5;
														L01152F9A(0x435 >> 5,  &_v1396, 0, 0x435);
														 *(_t1310 + 0xbad63d) = 1 << (0x00000435 - _v1868 & 0x0000001f);
													}
													goto L115;
												}
											}
											goto L98;
										}
										L115:
										_t859 = _t1246 + 1;
										_t1294 = 0x1cc;
										_v1400 = _t859;
										_v936 = _t859;
										_push(_t859 << 2);
										_push( &_v1396);
										_push(0x1cc);
										_push( &_v932);
										L314();
										_t1321 =  &(_t1316[7]);
										_t1103 = 1;
										__eflags = 1;
									} else {
										_v1396 = _v1396 & 0x00000000;
										_v1392 = 0x100000;
										_v1400 = 2;
										__eflags = _t1289;
										if(_t1289 == 0) {
											L55:
											_t1167 = _t1195 - 0x432;
											_t1168 = _t1167 & 0x0000001f;
											_v1900 = _t1167 >> 5;
											_v1876 = _t1168;
											_v1920 = _t1243 - _t1168;
											_t1045 = L01153E27(_t1103, _t1243 - _t1168, 0);
											_t1227 = _v1892;
											_t1046 = _t1045 - 1;
											_t128 =  &_v1872;
											 *_t128 = _v1872 & 0x00000000;
											__eflags =  *_t128;
											_v1912 = _t1046;
											_t1047 =  !_t1046;
											_v1884 = _t1047;
											asm("bsr eax, ecx");
											if( *_t128 == 0) {
												_t136 =  &_v1880;
												 *_t136 = _v1880 & 0x00000000;
												__eflags =  *_t136;
											} else {
												_v1880 = _t1047 + 1;
											}
											_t1171 = _v1900;
											_t1294 = 0x1cc;
											_t1048 = _t1227 + _t1171;
											__eflags = _t1048 - 0x73;
											if(_t1048 <= 0x73) {
												__eflags = _t1243 - _v1880 - _v1876;
												asm("sbb eax, eax");
												_t1051 =  ~_t1048 + _t1227 + _t1171;
												_v1908 = _t1051;
												__eflags = _t1051 - 0x73;
												if(_t1051 > 0x73) {
													goto L59;
												} else {
													_t1269 = _t1171 - 1;
													_t1057 = _t1051 - 1;
													_v1872 = _t1269;
													_v1868 = _t1057;
													__eflags = _t1057 - _t1269;
													if(_t1057 != _t1269) {
														_t1273 = _t1057 - _t1171;
														__eflags = _t1273;
														_t1174 =  &(( &_v472)[_t1273]);
														_v1892 = _t1174;
														while(1) {
															__eflags = _t1273 - _t1227;
															if(_t1273 >= _t1227) {
																_t1061 = 0;
																__eflags = 0;
															} else {
																_t1061 = _t1174[1];
															}
															_v1880 = _t1061;
															_t156 = _t1273 - 1; // -4
															__eflags = _t156 - _t1227;
															if(_t156 >= _t1227) {
																_t1063 = 0;
																__eflags = 0;
															} else {
																_t1063 =  *_t1174;
															}
															_t1177 = _v1868;
															 *(_t1310 + _t1177 * 4 - 0x1d0) = (_t1063 & _v1884) >> _v1920 | (_v1880 & _v1912) << _v1876;
															_t1068 = _t1177 - 1;
															_t1174 = _v1892 - 4;
															_v1868 = _t1068;
															_t1273 = _t1273 - 1;
															_v1892 = _t1174;
															__eflags = _t1068 - _v1872;
															if(_t1068 == _v1872) {
																break;
															}
															_t1227 = _v472;
														}
														_t1171 = _v1900;
													}
													__eflags = _t1171;
													if(_t1171 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1171 << 2);
														_t1316 =  &(_t1316[3]);
													}
													_v472 = _v1908;
												}
											} else {
												L59:
												_push(0);
												_v1400 = 0;
												_v472 = 0;
												_push( &_v1396);
												_push(_t1294);
												_push( &_v468);
												L314();
												_t1316 =  &(_t1316[4]);
											}
											_v1396 = 2;
											_push(4);
										} else {
											_t1179 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1310 + _t1179 - 0x570)) -  *((intOrPtr*)(_t1310 + _t1179 - 0x1d0));
												if( *((intOrPtr*)(_t1310 + _t1179 - 0x570)) !=  *((intOrPtr*)(_t1310 + _t1179 - 0x1d0))) {
													goto L55;
												}
												_t1179 = _t1179 + 4;
												__eflags = _t1179 - 8;
												if(_t1179 != 8) {
													continue;
												} else {
													_t1180 = _t1195 - 0x431;
													_t1181 = _t1180 & 0x0000001f;
													_v1880 = _t1180 >> 5;
													_v1900 = _t1181;
													_v1872 = _t1243 - _t1181;
													_t1074 = L01153E27(_t1103, _t1243 - _t1181, 0);
													_t1232 = _v1892;
													_t1075 = _t1074 - 1;
													_t68 =  &_v1884;
													 *_t68 = _v1884 & 0x00000000;
													__eflags =  *_t68;
													_v1908 = _t1075;
													_t1076 =  !_t1075;
													_v1912 = _t1076;
													asm("bsr eax, ecx");
													if( *_t68 == 0) {
														_t76 =  &_v1876;
														 *_t76 = _v1876 & 0x00000000;
														__eflags =  *_t76;
													} else {
														_v1876 = _t1076 + 1;
													}
													_t1184 = _v1880;
													_t1294 = 0x1cc;
													_t1077 = _t1232 + _t1184;
													__eflags = _t1077 - 0x73;
													if(_t1077 <= 0x73) {
														__eflags = _t1243 - _v1876 - _v1900;
														asm("sbb eax, eax");
														_t1080 =  ~_t1077 + _t1232 + _t1184;
														_v1884 = _t1080;
														__eflags = _t1080 - 0x73;
														if(_t1080 > 0x73) {
															goto L37;
														} else {
															_t1275 = _t1184 - 1;
															_t1085 = _t1080 - 1;
															_v1920 = _t1275;
															_v1868 = _t1085;
															__eflags = _t1085 - _t1275;
															if(_t1085 != _t1275) {
																_t1279 = _t1085 - _t1184;
																__eflags = _t1279;
																_t1187 =  &(( &_v472)[_t1279]);
																_v1892 = _t1187;
																while(1) {
																	__eflags = _t1279 - _t1232;
																	if(_t1279 >= _t1232) {
																		_t1089 = 0;
																		__eflags = 0;
																	} else {
																		_t1089 = _t1187[1];
																	}
																	_v1876 = _t1089;
																	_t96 = _t1279 - 1; // -4
																	__eflags = _t96 - _t1232;
																	if(_t96 >= _t1232) {
																		_t1091 = 0;
																		__eflags = 0;
																	} else {
																		_t1091 =  *_t1187;
																	}
																	_t1190 = _v1868;
																	 *(_t1310 + _t1190 * 4 - 0x1d0) = (_t1091 & _v1912) >> _v1872 | (_v1876 & _v1908) << _v1900;
																	_t1096 = _t1190 - 1;
																	_t1187 = _v1892 - 4;
																	_v1868 = _t1096;
																	_t1279 = _t1279 - 1;
																	_v1892 = _t1187;
																	__eflags = _t1096 - _v1920;
																	if(_t1096 == _v1920) {
																		break;
																	}
																	_t1232 = _v472;
																}
																_t1184 = _v1880;
															}
															__eflags = _t1184;
															if(_t1184 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1184 << 2);
																_t1316 =  &(_t1316[3]);
															}
															_v472 = _v1884;
														}
													} else {
														L37:
														_push(0);
														_v1400 = 0;
														_v472 = 0;
														_push( &_v1396);
														_push(_t1294);
														_push( &_v468);
														L314();
														_t1316 =  &(_t1316[4]);
													}
													_t1084 = 4;
													_v1396 = _t1084;
													_push(_t1084);
												}
												goto L54;
											}
											goto L55;
										}
										L54:
										_v1392 = _v1392 & 0x00000000;
										_push( &_v1396);
										_v936 = _t1103;
										_push(_t1294);
										_push( &_v932);
										_v1400 = _t1103;
										L314();
										_t1321 =  &(_t1316[4]);
									}
									_t863 = _v1904;
									_t1132 = 0xa;
									_v1912 = _t1132;
									__eflags = _t863;
									if(_t863 < 0) {
										_t864 =  ~_t863;
										_t865 = _t864 / _t1132;
										_v1892 = _t865;
										_t1133 = _t864 % _t1132;
										_v1920 = _t1133;
										__eflags = _t865;
										if(_t865 == 0) {
											L248:
											__eflags = _t1133;
											if(_t1133 != 0) {
												_t908 =  *(0x11f6e84 + _t1133 * 4);
												_v1884 = _t908;
												__eflags = _t908;
												if(_t908 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t908 - _t1103;
													if(_t908 != _t1103) {
														_t1143 = _v472;
														__eflags = _t1143;
														if(_t1143 != 0) {
															_v1872 = _v1872 & 0x00000000;
															_t1252 = 0;
															__eflags = 0;
															do {
																_t1209 = _t908 *  *(_t1310 + _t1252 * 4 - 0x1d0) >> 0x20;
																 *(_t1310 + _t1252 * 4 - 0x1d0) = _t908 *  *(_t1310 + _t1252 * 4 - 0x1d0) + _v1872;
																_t908 = _v1884;
																asm("adc edx, 0x0");
																_t1252 = _t1252 + 1;
																_v1872 = _t1209;
																__eflags = _t1252 - _t1143;
															} while (_t1252 != _t1143);
															__eflags = _t1209;
															if(_t1209 != 0) {
																_t914 = _v472;
																__eflags = _t914 - 0x73;
																if(_t914 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1310 + _t914 * 4 - 0x1d0) = _t1209;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t865 - 0x26;
												if(_t865 > 0x26) {
													_t865 = 0x26;
												}
												_t1144 =  *(0x11f6dce + _t865 * 4) & 0x000000ff;
												_v1900 = _t865;
												_v1400 = ( *(0x11f6dce + _t865 * 4) & 0x000000ff) + ( *(0x11f6dcf + _t865 * 4) & 0x000000ff);
												L01152F9A(_t1144 << 2,  &_v1396, 0, _t1144 << 2);
												_t925 = L01155385( &(( &_v1396)[_t1144]), 0x11f62f8 + ( *(0x11f6dcc + _v1900 * 4) & 0x0000ffff) * 4, ( *(0x11f6dcf + _t865 * 4) & 0x000000ff) << 2);
												_t1255 = _v1400;
												_t1321 =  &(_t1321[6]);
												__eflags = _t1255 - _t1103;
												if(_t1255 > _t1103) {
													__eflags = _v472 - _t1103;
													if(_v472 > _t1103) {
														__eflags = _t1255 - _v472;
														_t1210 =  &_v1396;
														_t548 = _t1255 - _v472 > 0;
														__eflags = _t548;
														_t926 = _t925 & 0xffffff00 | _t548;
														if(_t548 >= 0) {
															_t1210 =  &_v468;
														}
														_v1876 = _t1210;
														_t1145 =  &_v468;
														__eflags = _t926;
														if(_t926 == 0) {
															_t1145 =  &_v1396;
														}
														_v1872 = _t1145;
														__eflags = _t926;
														if(_t926 == 0) {
															_t1146 = _v472;
															_v1880 = _t1146;
														} else {
															_t1146 = _t1255;
															_v1880 = _t1255;
														}
														__eflags = _t926;
														if(_t926 != 0) {
															_t1255 = _v472;
														}
														_t927 = 0;
														_t1296 = 0;
														_v1864 = 0;
														__eflags = _t1146;
														if(_t1146 == 0) {
															L242:
															_v472 = _t927;
															_t1294 = 0x1cc;
															_t928 = _t927 << 2;
															__eflags = _t928;
															_push(_t928);
															_t929 =  &_v1860;
															goto L243;
														} else {
															do {
																__eflags =  *(_t1210 + _t1296 * 4);
																if( *(_t1210 + _t1296 * 4) != 0) {
																	_t1213 = 0;
																	_t1147 = _t1296;
																	_v1868 = _v1868 & 0;
																	_v1908 = 0;
																	__eflags = _t1255;
																	if(_t1255 == 0) {
																		L239:
																		__eflags = _t1147 - 0x73;
																		if(_t1147 == 0x73) {
																			goto L257;
																		} else {
																			_t1146 = _v1880;
																			_t1210 = _v1876;
																			goto L241;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1147 - 0x73;
																			if(_t1147 == 0x73) {
																				goto L234;
																			}
																			__eflags = _t1147 - _t927;
																			if(_t1147 == _t927) {
																				 *(_t1310 + _t1147 * 4 - 0x740) =  *(_t1310 + _t1147 * 4 - 0x740) & 0x00000000;
																				_t945 = _v1868 + 1 + _t1296;
																				__eflags = _t945;
																				_v1864 = _t945;
																			}
																			_t938 =  *(_v1872 + _v1868 * 4);
																			_t1215 = _v1876;
																			_t1213 = _t938 *  *(_t1215 + _t1296 * 4) >> 0x20;
																			asm("adc edx, 0x0");
																			 *(_t1310 + _t1147 * 4 - 0x740) =  *(_t1310 + _t1147 * 4 - 0x740) + _t938 *  *(_t1215 + _t1296 * 4) + _v1908;
																			asm("adc edx, 0x0");
																			_t942 = _v1868 + 1;
																			_t1147 = _t1147 + 1;
																			_v1868 = _t942;
																			__eflags = _t942 - _t1255;
																			_v1908 = _t1213;
																			_t927 = _v1864;
																			if(_t942 != _t1255) {
																				continue;
																			} else {
																				goto L234;
																			}
																			while(1) {
																				L234:
																				__eflags = _t1213;
																				if(_t1213 == 0) {
																					goto L239;
																				}
																				__eflags = _t1147 - 0x73;
																				if(_t1147 == 0x73) {
																					L257:
																					_t1294 = 0x1cc;
																					goto L258;
																				} else {
																					__eflags = _t1147 - _t927;
																					if(_t1147 == _t927) {
																						_t604 = _t1310 + _t1147 * 4 - 0x740;
																						 *_t604 =  *(_t1310 + _t1147 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t604;
																						_t610 = _t1147 + 1; // 0x1
																						_v1864 = _t610;
																					}
																					_t936 = _t1213;
																					_t1213 = 0;
																					 *(_t1310 + _t1147 * 4 - 0x740) =  *(_t1310 + _t1147 * 4 - 0x740) + _t936;
																					_t927 = _v1864;
																					asm("adc edx, edx");
																					_t1147 = _t1147 + 1;
																					continue;
																				}
																				goto L245;
																			}
																			goto L239;
																		}
																		goto L234;
																	}
																} else {
																	__eflags = _t1296 - _t927;
																	if(_t1296 == _t927) {
																		 *(_t1310 + _t1296 * 4 - 0x740) =  *(_t1310 + _t1296 * 4 - 0x740) & 0x00000000;
																		_t567 = _t1296 + 1; // 0x1
																		_t927 = _t567;
																		_v1864 = _t927;
																	}
																	goto L241;
																}
																goto L245;
																L241:
																_t1296 = _t1296 + 1;
																__eflags = _t1296 - _t1146;
															} while (_t1296 != _t1146);
															goto L242;
														}
													} else {
														_t1294 = 0x1cc;
														_v1872 = _v468;
														_push(_t1255 << 2);
														_v472 = _t1255;
														_push( &_v1396);
														_push(0x1cc);
														_push( &_v468);
														L314();
														_t952 = _v1872;
														_t1321 =  &(_t1321[4]);
														__eflags = _t952;
														if(_t952 != 0) {
															__eflags = _t952 - _t1103;
															if(_t952 == _t1103) {
																goto L244;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L244;
																} else {
																	_v1884 = _v472;
																	_t1149 = 0;
																	_t1256 = 0;
																	__eflags = 0;
																	do {
																		_t1211 = _t952 *  *(_t1310 + _t1256 * 4 - 0x1d0) >> 0x20;
																		 *(_t1310 + _t1256 * 4 - 0x1d0) = _t952 *  *(_t1310 + _t1256 * 4 - 0x1d0) + _t1149;
																		_t952 = _v1872;
																		asm("adc edx, 0x0");
																		_t1256 = _t1256 + 1;
																		_t1149 = _t1211;
																		__eflags = _t1256 - _v1884;
																	} while (_t1256 != _v1884);
																	__eflags = _t1149;
																	if(_t1149 == 0) {
																		goto L244;
																	} else {
																		_t955 = _v472;
																		__eflags = _t955 - 0x73;
																		if(_t955 >= 0x73) {
																			L258:
																			_push(0);
																			_v2408 = 0;
																			_v472 = 0;
																			_push( &_v2404);
																			_push(_t1294);
																			_push( &_v468);
																			L314();
																			_t1321 =  &(_t1321[4]);
																			_t931 = 0;
																		} else {
																			 *(_t1310 + _t955 * 4 - 0x1d0) = _t1149;
																			_v472 = _v472 + 1;
																			goto L244;
																		}
																	}
																}
															}
														} else {
															_v2408 = _t952;
															_v472 = _t952;
															_push(_t952);
															_t929 =  &_v2404;
															L243:
															_push(_t929);
															_push(_t1294);
															_push( &_v468);
															L314();
															_t1321 =  &(_t1321[4]);
															L244:
															_t931 = _t1103;
														}
													}
												} else {
													_t1257 = _v1396;
													__eflags = _t1257;
													if(_t1257 != 0) {
														__eflags = _t1257 - _t1103;
														if(_t1257 == _t1103) {
															goto L196;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L196;
															} else {
																_t1150 = 0;
																_v1884 = _v472;
																_t1297 = 0;
																__eflags = 0;
																do {
																	_t957 = _t1257;
																	_t1212 = _t957 *  *(_t1310 + _t1297 * 4 - 0x1d0) >> 0x20;
																	 *(_t1310 + _t1297 * 4 - 0x1d0) = _t957 *  *(_t1310 + _t1297 * 4 - 0x1d0) + _t1150;
																	asm("adc edx, 0x0");
																	_t1297 = _t1297 + 1;
																	_t1150 = _t1212;
																	__eflags = _t1297 - _v1884;
																} while (_t1297 != _v1884);
																__eflags = _t1150;
																if(_t1150 == 0) {
																	goto L196;
																} else {
																	_t960 = _v472;
																	__eflags = _t960 - 0x73;
																	if(_t960 >= 0x73) {
																		_push(0);
																		_v2408 = 0;
																		_v472 = 0;
																		_push( &_v2404);
																		_push(0x1cc);
																		_push( &_v468);
																		L314();
																		_t1321 =  &(_t1321[4]);
																		_t931 = 0;
																		goto L197;
																	} else {
																		 *(_t1310 + _t960 * 4 - 0x1d0) = _t1150;
																		_v472 = _v472 + 1;
																		goto L196;
																	}
																}
															}
														}
														goto L263;
													} else {
														__eflags = 0;
														_push(0);
														_v2408 = 0;
														_v472 = 0;
														_push( &_v2404);
														_push(0x1cc);
														_push( &_v468);
														L314();
														_t1321 =  &(_t1321[4]);
														L196:
														_t931 = _t1103;
													}
													L197:
													_t1294 = 0x1cc;
												}
												L245:
												__eflags = _t931;
												if(_t931 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t911 =  &_v468;
													goto L262;
												} else {
													goto L246;
												}
												goto L263;
												L246:
												_t865 = _v1892 - _v1900;
												__eflags = _t865;
												_v1892 = _t865;
											} while (_t865 != 0);
											_t1133 = _v1920;
											goto L248;
										}
									} else {
										_t967 = _t863 / _t1132;
										_v1872 = _t967;
										_t1151 = _t863 % _t1132;
										_v1920 = _t1151;
										__eflags = _t967;
										if(_t967 == 0) {
											L176:
											__eflags = _t1151;
											if(_t1151 != 0) {
												_t968 =  *(0x11f6e84 + _t1151 * 4);
												_v1884 = _t968;
												__eflags = _t968;
												if(_t968 != 0) {
													__eflags = _t968 - _t1103;
													if(_t968 != _t1103) {
														_t1152 = _v936;
														__eflags = _t1152;
														if(_t1152 != 0) {
															_v1872 = _v1872 & 0x00000000;
															_t1258 = 0;
															__eflags = 0;
															do {
																_t1217 = _t968 *  *(_t1310 + _t1258 * 4 - 0x3a0) >> 0x20;
																 *(_t1310 + _t1258 * 4 - 0x3a0) = _t968 *  *(_t1310 + _t1258 * 4 - 0x3a0) + _v1872;
																_t968 = _v1884;
																asm("adc edx, 0x0");
																_t1258 = _t1258 + 1;
																_v1872 = _t1217;
																__eflags = _t1258 - _t1152;
															} while (_t1258 != _t1152);
															__eflags = _t1217;
															if(_t1217 != 0) {
																_t971 = _v936;
																__eflags = _t971 - 0x73;
																if(_t971 >= 0x73) {
																	goto L178;
																} else {
																	 *(_t1310 + _t971 * 4 - 0x3a0) = _t1217;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L178:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L182;
												}
											}
										} else {
											do {
												__eflags = _t967 - 0x26;
												if(_t967 > 0x26) {
													_t967 = 0x26;
												}
												_t1153 =  *(0x11f6dce + _t967 * 4) & 0x000000ff;
												_v1876 = _t967;
												_v1400 = ( *(0x11f6dce + _t967 * 4) & 0x000000ff) + ( *(0x11f6dcf + _t967 * 4) & 0x000000ff);
												L01152F9A(_t1153 << 2,  &_v1396, 0, _t1153 << 2);
												_t984 = L01155385( &(( &_v1396)[_t1153]), 0x11f62f8 + ( *(0x11f6dcc + _v1876 * 4) & 0x0000ffff) * 4, ( *(0x11f6dcf + _t967 * 4) & 0x000000ff) << 2);
												_t1261 = _v1400;
												_t1321 =  &(_t1321[6]);
												__eflags = _t1261 - _t1103;
												if(_t1261 > _t1103) {
													__eflags = _v936 - _t1103;
													if(_v936 > _t1103) {
														__eflags = _t1261 - _v936;
														_t1218 =  &_v1396;
														_t338 = _t1261 - _v936 > 0;
														__eflags = _t338;
														_t985 = _t984 & 0xffffff00 | _t338;
														if(_t338 >= 0) {
															_t1218 =  &_v932;
														}
														_v1900 = _t1218;
														_t1154 =  &_v932;
														__eflags = _t985;
														if(_t985 == 0) {
															_t1154 =  &_v1396;
														}
														_v1880 = _t1154;
														__eflags = _t985;
														if(_t985 == 0) {
															_t1155 = _v936;
															_v1908 = _t1155;
														} else {
															_t1155 = _t1261;
															_v1908 = _t1261;
														}
														__eflags = _t985;
														if(_t985 != 0) {
															_t1261 = _v936;
														}
														_t986 = 0;
														_t1299 = 0;
														_v1864 = 0;
														__eflags = _t1155;
														if(_t1155 == 0) {
															L170:
															_v936 = _t986;
															_t1294 = 0x1cc;
															_t987 = _t986 << 2;
															__eflags = _t987;
															_push(_t987);
															_t988 =  &_v1860;
															goto L171;
														} else {
															do {
																__eflags =  *(_t1218 + _t1299 * 4);
																if( *(_t1218 + _t1299 * 4) != 0) {
																	_t1221 = 0;
																	_t1156 = _t1299;
																	_v1868 = _v1868 & 0;
																	_v1892 = 0;
																	__eflags = _t1261;
																	if(_t1261 == 0) {
																		L167:
																		__eflags = _t1156 - 0x73;
																		if(_t1156 == 0x73) {
																			goto L179;
																		} else {
																			_t1155 = _v1908;
																			_t1218 = _v1900;
																			goto L169;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1156 - 0x73;
																			if(_t1156 == 0x73) {
																				goto L162;
																			}
																			__eflags = _t1156 - _t986;
																			if(_t1156 == _t986) {
																				 *(_t1310 + _t1156 * 4 - 0x740) =  *(_t1310 + _t1156 * 4 - 0x740) & 0x00000000;
																				_t1004 = _v1868 + 1 + _t1299;
																				__eflags = _t1004;
																				_v1864 = _t1004;
																			}
																			_t997 =  *(_v1880 + _v1868 * 4);
																			_t1223 = _v1900;
																			_t1221 = _t997 *  *(_t1223 + _t1299 * 4) >> 0x20;
																			asm("adc edx, 0x0");
																			 *(_t1310 + _t1156 * 4 - 0x740) =  *(_t1310 + _t1156 * 4 - 0x740) + _t997 *  *(_t1223 + _t1299 * 4) + _v1892;
																			asm("adc edx, 0x0");
																			_t1001 = _v1868 + 1;
																			_t1156 = _t1156 + 1;
																			_v1868 = _t1001;
																			__eflags = _t1001 - _t1261;
																			_v1892 = _t1221;
																			_t986 = _v1864;
																			if(_t1001 != _t1261) {
																				continue;
																			} else {
																				goto L162;
																			}
																			while(1) {
																				L162:
																				__eflags = _t1221;
																				if(_t1221 == 0) {
																					goto L167;
																				}
																				__eflags = _t1156 - 0x73;
																				if(_t1156 == 0x73) {
																					L179:
																					__eflags = 0;
																					_t1294 = 0x1cc;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t993 =  &_v2404;
																					goto L180;
																				} else {
																					__eflags = _t1156 - _t986;
																					if(_t1156 == _t986) {
																						_t394 = _t1310 + _t1156 * 4 - 0x740;
																						 *_t394 =  *(_t1310 + _t1156 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t394;
																						_t400 = _t1156 + 1; // 0x1
																						_v1864 = _t400;
																					}
																					_t995 = _t1221;
																					_t1221 = 0;
																					 *(_t1310 + _t1156 * 4 - 0x740) =  *(_t1310 + _t1156 * 4 - 0x740) + _t995;
																					_t986 = _v1864;
																					asm("adc edx, edx");
																					_t1156 = _t1156 + 1;
																					continue;
																				}
																				goto L173;
																			}
																			goto L167;
																		}
																		goto L162;
																	}
																} else {
																	__eflags = _t1299 - _t986;
																	if(_t1299 == _t986) {
																		 *(_t1310 + _t1299 * 4 - 0x740) =  *(_t1310 + _t1299 * 4 - 0x740) & 0x00000000;
																		_t357 = _t1299 + 1; // 0x1
																		_t986 = _t357;
																		_v1864 = _t986;
																	}
																	goto L169;
																}
																goto L173;
																L169:
																_t1299 = _t1299 + 1;
																__eflags = _t1299 - _t1155;
															} while (_t1299 != _t1155);
															goto L170;
														}
													} else {
														_t1294 = 0x1cc;
														_v1880 = _v932;
														_push(_t1261 << 2);
														_v936 = _t1261;
														_push( &_v1396);
														_push(0x1cc);
														_push( &_v932);
														L314();
														_t1011 = _v1880;
														_t1321 =  &(_t1321[4]);
														__eflags = _t1011;
														if(_t1011 != 0) {
															__eflags = _t1011 - _t1103;
															if(_t1011 == _t1103) {
																goto L172;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L172;
																} else {
																	_v1884 = _v936;
																	_t1158 = 0;
																	_t1262 = 0;
																	__eflags = 0;
																	do {
																		_t1219 = _t1011 *  *(_t1310 + _t1262 * 4 - 0x3a0) >> 0x20;
																		 *(_t1310 + _t1262 * 4 - 0x3a0) = _t1011 *  *(_t1310 + _t1262 * 4 - 0x3a0) + _t1158;
																		_t1011 = _v1880;
																		asm("adc edx, 0x0");
																		_t1262 = _t1262 + 1;
																		_t1158 = _t1219;
																		__eflags = _t1262 - _v1884;
																	} while (_t1262 != _v1884);
																	__eflags = _t1158;
																	if(_t1158 == 0) {
																		goto L172;
																	} else {
																		_t1014 = _v936;
																		__eflags = _t1014 - 0x73;
																		if(_t1014 >= 0x73) {
																			_v1400 = 0;
																			_v936 = 0;
																			_push(0);
																			_t993 =  &_v1396;
																			L180:
																			_push(_t993);
																			_push(_t1294);
																			_push( &_v932);
																			L314();
																			_t1321 =  &(_t1321[4]);
																			_t990 = 0;
																		} else {
																			 *(_t1310 + _t1014 * 4 - 0x3a0) = _t1158;
																			_v936 = _v936 + 1;
																			goto L172;
																		}
																	}
																}
															}
														} else {
															_v1400 = _t1011;
															_v936 = _t1011;
															_push(_t1011);
															_t988 =  &_v1396;
															L171:
															_push(_t988);
															_push(_t1294);
															_push( &_v932);
															L314();
															_t1321 =  &(_t1321[4]);
															L172:
															_t990 = _t1103;
														}
													}
												} else {
													_t1263 = _v1396;
													__eflags = _t1263;
													if(_t1263 != 0) {
														__eflags = _t1263 - _t1103;
														if(_t1263 == _t1103) {
															goto L123;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L123;
															} else {
																_t1159 = 0;
																_v1884 = _v936;
																_t1300 = 0;
																__eflags = 0;
																do {
																	_t1017 = _t1263;
																	_t1220 = _t1017 *  *(_t1310 + _t1300 * 4 - 0x3a0) >> 0x20;
																	 *(_t1310 + _t1300 * 4 - 0x3a0) = _t1017 *  *(_t1310 + _t1300 * 4 - 0x3a0) + _t1159;
																	asm("adc edx, 0x0");
																	_t1300 = _t1300 + 1;
																	_t1159 = _t1220;
																	__eflags = _t1300 - _v1884;
																} while (_t1300 != _v1884);
																__eflags = _t1159;
																if(_t1159 == 0) {
																	goto L123;
																} else {
																	_t1020 = _v936;
																	__eflags = _t1020 - 0x73;
																	if(_t1020 >= 0x73) {
																		_push(0);
																		_v1400 = 0;
																		_v936 = 0;
																		_push( &_v1396);
																		_push(0x1cc);
																		_push( &_v932);
																		L314();
																		_t1321 =  &(_t1321[4]);
																		_t990 = 0;
																		goto L124;
																	} else {
																		 *(_t1310 + _t1020 * 4 - 0x3a0) = _t1159;
																		_v936 = _v936 + 1;
																		goto L123;
																	}
																}
															}
														}
														goto L263;
													} else {
														__eflags = 0;
														_push(0);
														_v1864 = 0;
														_v936 = 0;
														_push( &_v1860);
														_push(0x1cc);
														_push( &_v932);
														L314();
														_t1321 =  &(_t1321[4]);
														L123:
														_t990 = _t1103;
													}
													L124:
													_t1294 = 0x1cc;
												}
												L173:
												__eflags = _t990;
												if(_t990 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t429 =  &_v936;
													 *_t429 = _v936 & 0x00000000;
													__eflags =  *_t429;
													_push(0);
													L182:
													_push( &_v2404);
													_t911 =  &_v932;
													L262:
													_push(_t1294);
													_push(_t911);
													L314();
													_t1321 =  &(_t1321[4]);
												} else {
													goto L174;
												}
												goto L263;
												L174:
												_t967 = _v1872 - _v1876;
												__eflags = _t967;
												_v1872 = _t967;
											} while (_t967 != 0);
											_t1151 = _v1920;
											goto L176;
										}
									}
									L263:
									_t1134 = _v472;
									_t1247 = _v1896;
									_v1868 = _t1247;
									__eflags = _t1134;
									if(_t1134 != 0) {
										_v1872 = _v1872 & 0x00000000;
										_t1251 = 0;
										__eflags = 0;
										do {
											_t901 =  *(_t1310 + _t1251 * 4 - 0x1d0);
											_t1207 = 0xa;
											_t1208 = _t901 * _t1207 >> 0x20;
											 *(_t1310 + _t1251 * 4 - 0x1d0) = _t901 * _t1207 + _v1872;
											asm("adc edx, 0x0");
											_t1251 = _t1251 + 1;
											_v1872 = _t1208;
											__eflags = _t1251 - _t1134;
										} while (_t1251 != _t1134);
										_t1247 = _v1868;
										__eflags = _t1208;
										if(_t1208 != 0) {
											_t904 = _v472;
											__eflags = _t904 - 0x73;
											if(_t904 >= 0x73) {
												__eflags = 0;
												_push(0);
												_v2408 = 0;
												_v472 = 0;
												_push( &_v2404);
												_push(_t1294);
												_push( &_v468);
												L314();
												_t1321 =  &(_t1321[4]);
											} else {
												 *(_t1310 + _t904 * 4 - 0x1d0) = _t1208;
												_v472 = _v472 + 1;
											}
										}
									}
									_t868 = E01154462( &_v472,  &_v936);
									_t1119 = _v1896;
									_t1199 = 0xa;
									__eflags = _t868 - _t1199;
									if(_t868 != _t1199) {
										__eflags = _t868;
										if(_t868 != 0) {
											_t1247 = _t1119 + 1;
											 *_t1119 = _t868 + 0x30;
											_v1868 = _t1247;
											goto L278;
										} else {
											_t870 = _v1904 - 1;
											goto L279;
										}
										goto L310;
									} else {
										_t893 = _v936;
										_t1247 = _t1119 + 1;
										_v1904 = _v1904 + 1;
										 *_t1119 = 0x31;
										_v1868 = _t1247;
										_v1884 = _t893;
										__eflags = _t893;
										if(_t893 != 0) {
											_t1250 = 0;
											_t1141 = 0;
											__eflags = 0;
											do {
												_t894 =  *(_t1310 + _t1141 * 4 - 0x3a0);
												 *(_t1310 + _t1141 * 4 - 0x3a0) = _t894 * _t1199 + _t1250;
												asm("adc edx, 0x0");
												_t1141 = _t1141 + 1;
												_t1250 = _t894 * _t1199 >> 0x20;
												_t1199 = 0xa;
												__eflags = _t1141 - _v1884;
											} while (_t1141 != _v1884);
											_v1884 = _t1250;
											__eflags = _t1250;
											_t1247 = _v1868;
											if(_t1250 != 0) {
												_t1142 = _v936;
												__eflags = _t1142 - 0x73;
												if(_t1142 >= 0x73) {
													_push(0);
													_v2408 = 0;
													_v936 = 0;
													_push( &_v2404);
													_push(_t1294);
													_push( &_v932);
													L314();
													_t1321 =  &(_t1321[4]);
												} else {
													 *((intOrPtr*)(_t1310 + _t1142 * 4 - 0x3a0)) = _v1884;
													_t723 =  &_v936;
													 *_t723 = _v936 + 1;
													__eflags =  *_t723;
												}
											}
											_t1119 = _v1896;
										}
										L278:
										_t870 = _v1904;
									}
									L279:
									 *((intOrPtr*)(_v1928 + 4)) = _t870;
									_t1193 = _v1916;
									__eflags = _t870;
									if(_t870 >= 0) {
										__eflags = _t1193 - 0x7fffffff;
										if(_t1193 <= 0x7fffffff) {
											_t1193 = _t1193 + _t870;
											__eflags = _t1193;
										}
									}
									_t872 = _a24 - 1;
									__eflags = _t872 - _t1193;
									if(_t872 >= _t1193) {
										_t872 = _t1193;
									}
									_t873 = _t872 + _t1119;
									_v1872 = _t873;
									__eflags = _t1247 - _t873;
									if(_t1247 != _t873) {
										while(1) {
											_t876 = _v472;
											__eflags = _t876;
											if(_t876 == 0) {
												goto L304;
											}
											_t1109 = 0;
											_t1248 = _t876;
											_t1137 = 0;
											__eflags = 0;
											do {
												_t877 =  *(_t1310 + _t1137 * 4 - 0x1d0);
												 *(_t1310 + _t1137 * 4 - 0x1d0) = _t877 * 0x3b9aca00 + _t1109;
												asm("adc edx, 0x0");
												_t1137 = _t1137 + 1;
												_t1109 = _t877 * 0x3b9aca00 >> 0x20;
												__eflags = _t1137 - _t1248;
											} while (_t1137 != _t1248);
											_t1249 = _v1868;
											__eflags = _t1109;
											if(_t1109 != 0) {
												_t888 = _v472;
												__eflags = _t888 - 0x73;
												if(_t888 >= 0x73) {
													__eflags = 0;
													_push(0);
													_v2408 = 0;
													_v472 = 0;
													_push( &_v2404);
													_push(_t1294);
													_push( &_v468);
													L314();
													_t1321 =  &(_t1321[4]);
												} else {
													 *(_t1310 + _t888 * 4 - 0x1d0) = _t1109;
													_v472 = _v472 + 1;
												}
											}
											_t882 = E01154462( &_v472,  &_v936);
											__eflags = _v472;
											_t1103 = _t1109 & 0xffffff00 | _v472 == 0x00000000;
											_v1916 = 8;
											_t1119 = _v1872 - _t1249;
											__eflags = _t1119;
											do {
												_t1204 = _t882 % _v1912;
												_v1920 = _t882 / _v1912;
												_v1884 = _t1204;
												_t885 = _t1204 + 0x30;
												_t1205 = _v1916;
												__eflags = _t1119 - _t1205;
												if(_t1119 >= _t1205) {
													 *(_t1205 + _t1249) = _t885;
												} else {
													__eflags = _t885 - 0x30;
													_t1103 = _t1103 & (_t885 & 0xffffff00 | _t885 != 0x00000030) - 0x00000001;
												}
												_t882 = _v1920;
												_t1193 = _t1205 - 1;
												_v1916 = _t1193;
												__eflags = _t1193 - 0xffffffff;
											} while (_t1193 != 0xffffffff);
											__eflags = _t1119 - 9;
											if(_t1119 > 9) {
												_t1119 = 9;
											}
											_t1247 = _t1249 + _t1119;
											_v1868 = _t1247;
											__eflags = _t1247 - _v1872;
											if(_t1247 != _v1872) {
												continue;
											}
											goto L304;
										}
									}
									L304:
									 *_t1247 = 0;
									__eflags = _t1103;
									_t875 = 0 | __eflags != 0x00000000;
									_v1884 = _t875;
									_t1103 = _t875;
									goto L310;
								}
							}
						}
					}
				} else {
					_t1119 = _t1281 & 0x000fffff;
					if((_a4 | _t1281 & 0x000fffff) == 0 || (_v1944 & 0x01000000) != 0) {
						_push(0x11f9cfc);
						 *((intOrPtr*)(_v1928 + 4)) =  *(_v1928 + 4) & 0x00000000;
						L14:
						_push(_a24);
						_push(_v1896);
						if(L01155B19() != 0) {
							L313:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							L0115342C();
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t1310);
							_push(_t1281);
							_t1282 = _v2424;
							__eflags = _t1282;
							if(_t1282 != 0) {
								_t820 = _v0;
								__eflags = _v0;
								if(__eflags != 0) {
									_push(_t1237);
									_t1238 = _a8;
									__eflags = _t1238;
									if(_t1238 == 0) {
										L321:
										L01152F9A(_t1238, _t820, 0, _a4);
										__eflags = _t1238;
										if(__eflags != 0) {
											__eflags = _a4 - _t1282;
											if(__eflags >= 0) {
												_t822 = 0x16;
											} else {
												_t823 = L01153792(__eflags);
												_push(0x22);
												goto L325;
											}
										} else {
											_t823 = L01153792(__eflags);
											_push(0x16);
											L325:
											_pop(_t1284);
											 *_t823 = _t1284;
											L01153567();
											_t822 = _t1284;
										}
									} else {
										__eflags = _a4 - _t1282;
										if(_a4 < _t1282) {
											goto L321;
										} else {
											L01155385(_t820, _t1238, _t1282);
											_t822 = 0;
										}
									}
								} else {
									_t826 = L01153792(__eflags);
									_t1285 = 0x16;
									 *_t826 = _t1285;
									L01153567();
									_t822 = _t1285;
								}
							} else {
								_t822 = 0;
							}
							return _t822;
						} else {
							L310:
							_t1331 = _v1932;
							_pop(_t1240);
							_pop(_t1286);
							if(_v1932 != 0) {
								E01154188(_t1119, _t1331,  &_v1940);
							}
							_pop(_t1104);
							return L01152ECD(_t1103, _t1104, _v8 ^ _t1310, _t1193, _t1240, _t1286);
						}
					} else {
						goto L16;
					}
				}
			}













































































































































































































































          0x0115510a
          0x011e0012
          0x011e0014
          0x011e001a
          0x011e0021
          0x011e0027
          0x011e0030
          0x011e003c
          0x011e003e
          0x011e004e
          0x011e0052
          0x011e0064
          0x011e006a
          0x011e0054
          0x011e0054
          0x011e0054
          0x011e0071
          0x011e0077
          0x011e0078
          0x011e007a
          0x011e0089
          0x011e0084
          0x011e0086
          0x011e0086
          0x011e008b
          0x011e0095
          0x011e009d
          0x011e00a7
          0x011e00b6
          0x011e00bb
          0x011e0105
          0x011e0109
          0x011e010e
          0x011e010f
          0x011e0111
          0x011e0113
          0x011e0119
          0x011e0119
          0x011e011c
          0x011e011c
          0x011e011f
          0x011e14d4
          0x011e14dc
          0x011e14de
          0x00000000
          0x011e14e0
          0x011e14e0
          0x011e14e0
          0x00000000
          0x011e14e0
          0x011e0125
          0x011e0125
          0x011e0125
          0x011e0128
          0x011e14bc
          0x00000000
          0x011e012e
          0x011e012e
          0x011e012e
          0x011e0131
          0x011e14b2
          0x00000000
          0x011e0137
          0x011e0137
          0x011e013a
          0x011e14a8
          0x00000000
          0x011e0140
          0x011e0149
          0x011e0156
          0x011e015a
          0x011e015d
          0x011e0163
          0x011e016b
          0x011e0171
          0x011e017b
          0x011e017b
          0x011e017e
          0x011e018a
          0x011e018c
          0x011e0191
          0x011e0191
          0x011e0191
          0x011e0180
          0x011e0180
          0x011e0182
          0x011e0182
          0x011e019d
          0x011e01ab
          0x011e01b1
          0x011e01b3
          0x011e01bb
          0x011e01c1
          0x011e01c6
          0x011e01c7
          0x011e01c8
          0x011e01cb
          0x011e01d2
          0x011e01d7
          0x011e01df
          0x011e01e0
          0x011e01e5
          0x011e01ee
          0x011e01ee
          0x011e01f0
          0x011e01e7
          0x011e01e7
          0x011e01ec
          0x00000000
          0x00000000
          0x011e01ec
          0x011e01f6
          0x011e0204
          0x011e0206
          0x011e020f
          0x011e0215
          0x011e0216
          0x011e021c
          0x011e0222
          0x011e0228
          0x011e05c7
          0x011e05ca
          0x011e06e4
          0x011e06e6
          0x011e06eb
          0x011e06eb
          0x011e06eb
          0x011e06f9
          0x011e0700
          0x011e0703
          0x011e0708
          0x011e0708
          0x011e0705
          0x011e0705
          0x011e0705
          0x011e070c
          0x011e070e
          0x011e0712
          0x011e0714
          0x011e0717
          0x011e0746
          0x011e0749
          0x011e074c
          0x011e074e
          0x011e0751
          0x011e0751
          0x011e0753
          0x011e075e
          0x011e075e
          0x011e0755
          0x011e0755
          0x011e0755
          0x011e0760
          0x011e0762
          0x011e076d
          0x011e076d
          0x011e0764
          0x011e0764
          0x011e0764
          0x011e0776
          0x011e077d
          0x011e077e
          0x011e077f
          0x011e0782
          0x00000000
          0x00000000
          0x011e0784
          0x011e0784
          0x011e0751
          0x011e078c
          0x011e078c
          0x011e0719
          0x011e0719
          0x011e0726
          0x011e072d
          0x011e072f
          0x011e0736
          0x011e073b
          0x011e073c
          0x011e0741
          0x011e0741
          0x011e07a5
          0x011e07b1
          0x011e07be
          0x011e07c0
          0x011e05d0
          0x011e05d0
          0x011e05d7
          0x011e05e1
          0x011e05eb
          0x011e05ed
          0x011e05f3
          0x011e05f3
          0x011e05f5
          0x011e05f5
          0x011e05fc
          0x011e0603
          0x00000000
          0x00000000
          0x011e0609
          0x011e060c
          0x011e060f
          0x00000000
          0x011e0611
          0x011e0611
          0x011e0613
          0x011e0616
          0x011e061c
          0x011e0621
          0x011e061e
          0x011e061e
          0x011e061e
          0x011e0625
          0x011e0628
          0x011e062c
          0x011e062e
          0x011e0631
          0x011e065d
          0x011e0660
          0x011e0663
          0x011e0665
          0x011e0668
          0x011e0668
          0x011e066a
          0x011e0675
          0x011e066c
          0x011e066c
          0x011e066c
          0x011e0677
          0x011e0679
          0x011e0684
          0x011e067b
          0x011e067b
          0x011e067b
          0x011e068e
          0x011e0695
          0x011e0696
          0x011e0697
          0x011e069a
          0x00000000
          0x00000000
          0x011e069c
          0x011e069c
          0x011e0668
          0x011e06a4
          0x011e06a4
          0x011e0633
          0x011e0633
          0x011e063a
          0x011e0640
          0x011e0647
          0x011e064d
          0x011e0652
          0x011e0653
          0x011e0658
          0x011e0658
          0x011e06bd
          0x011e06c9
          0x011e06d8
          0x011e06d8
          0x00000000
          0x011e060f
          0x011e05f5
          0x00000000
          0x011e05ed
          0x011e07c7
          0x011e07c7
          0x011e07ca
          0x011e07cf
          0x011e07d5
          0x011e07de
          0x011e07e5
          0x011e07ec
          0x011e07ed
          0x011e07ee
          0x011e07f5
          0x011e07f8
          0x011e07f8
          0x011e022e
          0x011e022e
          0x011e0235
          0x011e023f
          0x011e0249
          0x011e024b
          0x011e042f
          0x011e042f
          0x011e043b
          0x011e0443
          0x011e0449
          0x011e0453
          0x011e0459
          0x011e045e
          0x011e0464
          0x011e0465
          0x011e0465
          0x011e0465
          0x011e046c
          0x011e0472
          0x011e0474
          0x011e0481
          0x011e0484
          0x011e048f
          0x011e048f
          0x011e048f
          0x011e0486
          0x011e0487
          0x011e0487
          0x011e0496
          0x011e049c
          0x011e04a1
          0x011e04a4
          0x011e04a7
          0x011e04da
          0x011e04e0
          0x011e04e6
          0x011e04e8
          0x011e04ee
          0x011e04f1
          0x00000000
          0x011e04f3
          0x011e04f3
          0x011e04f6
          0x011e04f7
          0x011e04fd
          0x011e0503
          0x011e0505
          0x011e050d
          0x011e050d
          0x011e0515
          0x011e0518
          0x011e051e
          0x011e051e
          0x011e0520
          0x011e0527
          0x011e0527
          0x011e0522
          0x011e0522
          0x011e0522
          0x011e0529
          0x011e052f
          0x011e0532
          0x011e0534
          0x011e053a
          0x011e053a
          0x011e0536
          0x011e0536
          0x011e0536
          0x011e055e
          0x011e0566
          0x011e0575
          0x011e0576
          0x011e0579
          0x011e057f
          0x011e0580
          0x011e0586
          0x011e058c
          0x00000000
          0x00000000
          0x011e058e
          0x011e058e
          0x011e0596
          0x011e0596
          0x011e059c
          0x011e059e
          0x011e05a0
          0x011e05a8
          0x011e05a8
          0x011e05a8
          0x011e05b0
          0x011e05b0
          0x011e04a9
          0x011e04a9
          0x011e04ab
          0x011e04ac
          0x011e04b2
          0x011e04be
          0x011e04c5
          0x011e04c6
          0x011e04c7
          0x011e04cc
          0x011e04cc
          0x011e05b6
          0x011e05c0
          0x011e0251
          0x011e0251
          0x011e0251
          0x011e0253
          0x011e025a
          0x011e0261
          0x00000000
          0x00000000
          0x011e0267
          0x011e026a
          0x011e026d
          0x00000000
          0x011e026f
          0x011e026f
          0x011e027b
          0x011e0283
          0x011e0289
          0x011e0293
          0x011e0299
          0x011e029e
          0x011e02a4
          0x011e02a5
          0x011e02a5
          0x011e02a5
          0x011e02ac
          0x011e02b2
          0x011e02b4
          0x011e02c1
          0x011e02c4
          0x011e02cf
          0x011e02cf
          0x011e02cf
          0x011e02c6
          0x011e02c7
          0x011e02c7
          0x011e02d6
          0x011e02dc
          0x011e02e1
          0x011e02e4
          0x011e02e7
          0x011e031a
          0x011e0320
          0x011e0326
          0x011e0328
          0x011e032e
          0x011e0331
          0x00000000
          0x011e0333
          0x011e0333
          0x011e0336
          0x011e0337
          0x011e033d
          0x011e0343
          0x011e0345
          0x011e034d
          0x011e034d
          0x011e0355
          0x011e0358
          0x011e035e
          0x011e035e
          0x011e0360
          0x011e0367
          0x011e0367
          0x011e0362
          0x011e0362
          0x011e0362
          0x011e0369
          0x011e036f
          0x011e0372
          0x011e0374
          0x011e037a
          0x011e037a
          0x011e0376
          0x011e0376
          0x011e0376
          0x011e039e
          0x011e03a6
          0x011e03b5
          0x011e03b6
          0x011e03b9
          0x011e03bf
          0x011e03c0
          0x011e03c6
          0x011e03cc
          0x00000000
          0x00000000
          0x011e03ce
          0x011e03ce
          0x011e03d6
          0x011e03d6
          0x011e03dc
          0x011e03de
          0x011e03e0
          0x011e03e8
          0x011e03e8
          0x011e03e8
          0x011e03f0
          0x011e03f0
          0x011e02e9
          0x011e02e9
          0x011e02eb
          0x011e02ec
          0x011e02f2
          0x011e02fe
          0x011e0305
          0x011e0306
          0x011e0307
          0x011e030c
          0x011e030c
          0x011e03f8
          0x011e03f9
          0x011e03ff
          0x011e03ff
          0x00000000
          0x011e026d
          0x00000000
          0x011e0253
          0x011e0400
          0x011e0400
          0x011e040d
          0x011e0414
          0x011e041a
          0x011e041b
          0x011e041c
          0x011e0422
          0x011e0427
          0x011e0427
          0x011e07f9
          0x011e0803
          0x011e0804
          0x011e080a
          0x011e080c
          0x011e0cef
          0x011e0cf1
          0x011e0cf3
          0x011e0cf9
          0x011e0cfb
          0x011e0d01
          0x011e0d03
          0x011e10d1
          0x011e10d1
          0x011e10d3
          0x011e10d9
          0x011e10e0
          0x011e10e6
          0x011e10e8
          0x011e119b
          0x011e119b
          0x011e119d
          0x011e119e
          0x011e11a4
          0x00000000
          0x011e10ee
          0x011e10ee
          0x011e10f0
          0x011e10f6
          0x011e10fc
          0x011e10fe
          0x011e1104
          0x011e110b
          0x011e110b
          0x011e110d
          0x011e110d
          0x011e111a
          0x011e1121
          0x011e1127
          0x011e112a
          0x011e112b
          0x011e1131
          0x011e1131
          0x011e1135
          0x011e1137
          0x011e113d
          0x011e1143
          0x011e1146
          0x00000000
          0x011e1148
          0x011e1148
          0x011e114f
          0x011e114f
          0x011e1146
          0x011e1137
          0x011e10fe
          0x011e10f0
          0x011e10e8
          0x011e0d09
          0x011e0d09
          0x011e0d09
          0x011e0d0c
          0x011e0d10
          0x011e0d10
          0x011e0d11
          0x011e0d23
          0x011e0d30
          0x011e0d3f
          0x011e0d69
          0x011e0d6e
          0x011e0d74
          0x011e0d77
          0x011e0d79
          0x011e0e4b
          0x011e0e51
          0x011e0f1f
          0x011e0f25
          0x011e0f2b
          0x011e0f2b
          0x011e0f2b
          0x011e0f2e
          0x011e0f30
          0x011e0f30
          0x011e0f36
          0x011e0f3c
          0x011e0f42
          0x011e0f44
          0x011e0f46
          0x011e0f46
          0x011e0f4c
          0x011e0f52
          0x011e0f54
          0x011e0f60
          0x011e0f66
          0x011e0f56
          0x011e0f56
          0x011e0f58
          0x011e0f58
          0x011e0f6c
          0x011e0f6e
          0x011e0f70
          0x011e0f70
          0x011e0f76
          0x011e0f78
          0x011e0f7a
          0x011e0f80
          0x011e0f82
          0x011e1083
          0x011e1083
          0x011e1089
          0x011e108e
          0x011e108e
          0x011e1091
          0x011e1092
          0x00000000
          0x011e0f88
          0x011e0f88
          0x011e0f88
          0x011e0f8c
          0x011e0fac
          0x011e0fae
          0x011e0fb0
          0x011e0fb6
          0x011e0fbc
          0x011e0fbe
          0x011e1065
          0x011e1065
          0x011e1068
          0x00000000
          0x011e106e
          0x011e106e
          0x011e1074
          0x00000000
          0x011e1074
          0x011e0fc4
          0x011e0fc4
          0x011e0fc4
          0x011e0fc7
          0x00000000
          0x00000000
          0x011e0fc9
          0x011e0fcb
          0x011e0fd3
          0x011e0fdc
          0x011e0fdc
          0x011e0fde
          0x011e0fde
          0x011e0ff0
          0x011e0ff3
          0x011e0ff9
          0x011e1002
          0x011e1005
          0x011e1012
          0x011e1015
          0x011e1016
          0x011e1017
          0x011e101d
          0x011e101f
          0x011e1025
          0x011e102b
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011e102d
          0x011e102d
          0x011e102d
          0x011e102f
          0x00000000
          0x00000000
          0x011e1031
          0x011e1034
          0x011e1157
          0x011e1157
          0x00000000
          0x011e103a
          0x011e103a
          0x011e103c
          0x011e103e
          0x011e103e
          0x011e103e
          0x011e1046
          0x011e1049
          0x011e1049
          0x011e104f
          0x011e1051
          0x011e1053
          0x011e105a
          0x011e1060
          0x011e1062
          0x00000000
          0x011e1062
          0x00000000
          0x011e1034
          0x00000000
          0x011e102d
          0x00000000
          0x011e0fc4
          0x011e0f8e
          0x011e0f8e
          0x011e0f90
          0x011e0f96
          0x011e0f9e
          0x011e0f9e
          0x011e0fa1
          0x011e0fa1
          0x00000000
          0x011e0f90
          0x00000000
          0x011e107a
          0x011e107a
          0x011e107b
          0x011e107b
          0x00000000
          0x011e0f88
          0x011e0e57
          0x011e0e5d
          0x011e0e62
          0x011e0e6d
          0x011e0e74
          0x011e0e7a
          0x011e0e81
          0x011e0e82
          0x011e0e83
          0x011e0e88
          0x011e0e8e
          0x011e0e91
          0x011e0e93
          0x011e0ead
          0x011e0eaf
          0x00000000
          0x011e0eb5
          0x011e0eb5
          0x011e0ebc
          0x00000000
          0x011e0ec2
          0x011e0ec8
          0x011e0ece
          0x011e0ed0
          0x011e0ed0
          0x011e0ed2
          0x011e0ed2
          0x011e0edb
          0x011e0ee2
          0x011e0ee8
          0x011e0eeb
          0x011e0eec
          0x011e0eee
          0x011e0eee
          0x011e0ef6
          0x011e0ef8
          0x00000000
          0x011e0efe
          0x011e0efe
          0x011e0f04
          0x011e0f07
          0x011e115c
          0x011e115e
          0x011e115f
          0x011e1165
          0x011e1171
          0x011e1178
          0x011e1179
          0x011e117a
          0x011e117f
          0x011e1182
          0x011e0f0d
          0x011e0f0d
          0x011e0f14
          0x00000000
          0x011e0f14
          0x011e0f07
          0x011e0ef8
          0x011e0ebc
          0x011e0e95
          0x011e0e95
          0x011e0e9b
          0x011e0ea1
          0x011e0ea2
          0x011e1098
          0x011e1098
          0x011e109f
          0x011e10a0
          0x011e10a1
          0x011e10a6
          0x011e10a9
          0x011e10a9
          0x011e10a9
          0x011e0e93
          0x011e0d7f
          0x011e0d7f
          0x011e0d85
          0x011e0d87
          0x011e0dbf
          0x011e0dc1
          0x00000000
          0x011e0dc3
          0x011e0dc3
          0x011e0dca
          0x00000000
          0x011e0dcc
          0x011e0dd2
          0x011e0dd4
          0x011e0dda
          0x011e0dda
          0x011e0ddc
          0x011e0ddc
          0x011e0dde
          0x011e0de7
          0x011e0dee
          0x011e0df1
          0x011e0df2
          0x011e0df4
          0x011e0df4
          0x011e0dfc
          0x011e0dfe
          0x00000000
          0x011e0e00
          0x011e0e00
          0x011e0e06
          0x011e0e09
          0x011e0e1c
          0x011e0e1d
          0x011e0e23
          0x011e0e2f
          0x011e0e36
          0x011e0e3b
          0x011e0e3c
          0x011e0e41
          0x011e0e44
          0x00000000
          0x011e0e0b
          0x011e0e0b
          0x011e0e12
          0x00000000
          0x011e0e12
          0x011e0e09
          0x011e0dfe
          0x011e0dca
          0x00000000
          0x011e0d89
          0x011e0d89
          0x011e0d8b
          0x011e0d8c
          0x011e0d92
          0x011e0d9e
          0x011e0da5
          0x011e0daa
          0x011e0dab
          0x011e0db0
          0x011e0db3
          0x011e0db3
          0x011e0db3
          0x011e0db5
          0x011e0db5
          0x011e0db5
          0x011e10ab
          0x011e10ab
          0x011e10ad
          0x011e1189
          0x011e1190
          0x011e1197
          0x011e11aa
          0x011e11b0
          0x011e11b1
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011e10b3
          0x011e10b9
          0x011e10b9
          0x011e10bf
          0x011e10bf
          0x011e10cb
          0x00000000
          0x011e10cb
          0x011e0812
          0x011e0812
          0x011e0814
          0x011e081a
          0x011e081c
          0x011e0822
          0x011e0824
          0x011e0c04
          0x011e0c04
          0x011e0c06
          0x011e0c0c
          0x011e0c13
          0x011e0c19
          0x011e0c1b
          0x011e0c7f
          0x011e0c81
          0x011e0c87
          0x011e0c8d
          0x011e0c8f
          0x011e0c95
          0x011e0c9c
          0x011e0c9c
          0x011e0c9e
          0x011e0c9e
          0x011e0cab
          0x011e0cb2
          0x011e0cb8
          0x011e0cbb
          0x011e0cbc
          0x011e0cc2
          0x011e0cc2
          0x011e0cc6
          0x011e0cc8
          0x011e0cce
          0x011e0cd4
          0x011e0cd7
          0x00000000
          0x011e0cdd
          0x011e0cdd
          0x011e0ce4
          0x011e0ce4
          0x011e0cd7
          0x011e0cc8
          0x011e0c8f
          0x011e0c1d
          0x011e0c1d
          0x011e0c1f
          0x011e0c25
          0x011e0c2b
          0x00000000
          0x011e0c2b
          0x011e0c1b
          0x011e082a
          0x011e082a
          0x011e082a
          0x011e082d
          0x011e0831
          0x011e0831
          0x011e0832
          0x011e0844
          0x011e0851
          0x011e0860
          0x011e088a
          0x011e088f
          0x011e0895
          0x011e0898
          0x011e089a
          0x011e096c
          0x011e0972
          0x011e0a56
          0x011e0a5c
          0x011e0a62
          0x011e0a62
          0x011e0a62
          0x011e0a65
          0x011e0a67
          0x011e0a67
          0x011e0a6d
          0x011e0a73
          0x011e0a79
          0x011e0a7b
          0x011e0a7d
          0x011e0a7d
          0x011e0a83
          0x011e0a89
          0x011e0a8b
          0x011e0a97
          0x011e0a9d
          0x011e0a8d
          0x011e0a8d
          0x011e0a8f
          0x011e0a8f
          0x011e0aa3
          0x011e0aa5
          0x011e0aa7
          0x011e0aa7
          0x011e0aad
          0x011e0aaf
          0x011e0ab1
          0x011e0ab7
          0x011e0ab9
          0x011e0bba
          0x011e0bba
          0x011e0bc0
          0x011e0bc5
          0x011e0bc5
          0x011e0bc8
          0x011e0bc9
          0x00000000
          0x011e0abf
          0x011e0abf
          0x011e0abf
          0x011e0ac3
          0x011e0ae3
          0x011e0ae5
          0x011e0ae7
          0x011e0aed
          0x011e0af3
          0x011e0af5
          0x011e0b9c
          0x011e0b9c
          0x011e0b9f
          0x00000000
          0x011e0ba5
          0x011e0ba5
          0x011e0bab
          0x00000000
          0x011e0bab
          0x011e0afb
          0x011e0afb
          0x011e0afb
          0x011e0afe
          0x00000000
          0x00000000
          0x011e0b00
          0x011e0b02
          0x011e0b0a
          0x011e0b13
          0x011e0b13
          0x011e0b15
          0x011e0b15
          0x011e0b27
          0x011e0b2a
          0x011e0b30
          0x011e0b39
          0x011e0b3c
          0x011e0b49
          0x011e0b4c
          0x011e0b4d
          0x011e0b4e
          0x011e0b54
          0x011e0b56
          0x011e0b5c
          0x011e0b62
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011e0b64
          0x011e0b64
          0x011e0b64
          0x011e0b66
          0x00000000
          0x00000000
          0x011e0b68
          0x011e0b6b
          0x011e0c2e
          0x011e0c2e
          0x011e0c30
          0x011e0c35
          0x011e0c3b
          0x011e0c41
          0x011e0c42
          0x00000000
          0x011e0b71
          0x011e0b71
          0x011e0b73
          0x011e0b75
          0x011e0b75
          0x011e0b75
          0x011e0b7d
          0x011e0b80
          0x011e0b80
          0x011e0b86
          0x011e0b88
          0x011e0b8a
          0x011e0b91
          0x011e0b97
          0x011e0b99
          0x00000000
          0x011e0b99
          0x00000000
          0x011e0b6b
          0x00000000
          0x011e0b64
          0x00000000
          0x011e0afb
          0x011e0ac5
          0x011e0ac5
          0x011e0ac7
          0x011e0acd
          0x011e0ad5
          0x011e0ad5
          0x011e0ad8
          0x011e0ad8
          0x00000000
          0x011e0ac7
          0x00000000
          0x011e0bb1
          0x011e0bb1
          0x011e0bb2
          0x011e0bb2
          0x00000000
          0x011e0abf
          0x011e0978
          0x011e097e
          0x011e0983
          0x011e098e
          0x011e0995
          0x011e099b
          0x011e09a2
          0x011e09a3
          0x011e09a4
          0x011e09a9
          0x011e09af
          0x011e09b2
          0x011e09b4
          0x011e09ce
          0x011e09d0
          0x00000000
          0x011e09d6
          0x011e09d6
          0x011e09dd
          0x00000000
          0x011e09e3
          0x011e09e9
          0x011e09ef
          0x011e09f1
          0x011e09f1
          0x011e09f3
          0x011e09f3
          0x011e09fc
          0x011e0a03
          0x011e0a09
          0x011e0a0c
          0x011e0a0d
          0x011e0a0f
          0x011e0a0f
          0x011e0a17
          0x011e0a19
          0x00000000
          0x011e0a1f
          0x011e0a1f
          0x011e0a25
          0x011e0a28
          0x011e0a3e
          0x011e0a44
          0x011e0a4a
          0x011e0a4b
          0x011e0c48
          0x011e0c48
          0x011e0c4f
          0x011e0c50
          0x011e0c51
          0x011e0c56
          0x011e0c59
          0x011e0a2a
          0x011e0a2a
          0x011e0a31
          0x00000000
          0x011e0a31
          0x011e0a28
          0x011e0a19
          0x011e09dd
          0x011e09b6
          0x011e09b6
          0x011e09bc
          0x011e09c2
          0x011e09c3
          0x011e0bcf
          0x011e0bcf
          0x011e0bd6
          0x011e0bd7
          0x011e0bd8
          0x011e0bdd
          0x011e0be0
          0x011e0be0
          0x011e0be0
          0x011e09b4
          0x011e08a0
          0x011e08a0
          0x011e08a6
          0x011e08a8
          0x011e08e0
          0x011e08e2
          0x00000000
          0x011e08e4
          0x011e08e4
          0x011e08eb
          0x00000000
          0x011e08ed
          0x011e08f3
          0x011e08f5
          0x011e08fb
          0x011e08fb
          0x011e08fd
          0x011e08fd
          0x011e08ff
          0x011e0908
          0x011e090f
          0x011e0912
          0x011e0913
          0x011e0915
          0x011e0915
          0x011e091d
          0x011e091f
          0x00000000
          0x011e0921
          0x011e0921
          0x011e0927
          0x011e092a
          0x011e093d
          0x011e093e
          0x011e0944
          0x011e0950
          0x011e0957
          0x011e095c
          0x011e095d
          0x011e0962
          0x011e0965
          0x00000000
          0x011e092c
          0x011e092c
          0x011e0933
          0x00000000
          0x011e0933
          0x011e092a
          0x011e091f
          0x011e08eb
          0x00000000
          0x011e08aa
          0x011e08aa
          0x011e08ac
          0x011e08ad
          0x011e08b3
          0x011e08bf
          0x011e08c6
          0x011e08cb
          0x011e08cc
          0x011e08d1
          0x011e08d4
          0x011e08d4
          0x011e08d4
          0x011e08d6
          0x011e08d6
          0x011e08d6
          0x011e0be2
          0x011e0be2
          0x011e0be4
          0x011e0c5d
          0x011e0c64
          0x011e0c64
          0x011e0c64
          0x011e0c6b
          0x011e0c6d
          0x011e0c73
          0x011e0c74
          0x011e11b7
          0x011e11b7
          0x011e11b8
          0x011e11b9
          0x011e11be
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011e0be6
          0x011e0bec
          0x011e0bec
          0x011e0bf2
          0x011e0bf2
          0x011e0bfe
          0x00000000
          0x011e0bfe
          0x011e0824
          0x011e11c1
          0x011e11c1
          0x011e11c7
          0x011e11cd
          0x011e11d3
          0x011e11d5
          0x011e11d7
          0x011e11de
          0x011e11de
          0x011e11e0
          0x011e11e0
          0x011e11e9
          0x011e11ea
          0x011e11f2
          0x011e11f9
          0x011e11fc
          0x011e11fd
          0x011e1203
          0x011e1203
          0x011e1207
          0x011e120d
          0x011e120f
          0x011e1211
          0x011e1217
          0x011e121a
          0x011e122b
          0x011e122d
          0x011e122e
          0x011e1234
          0x011e1240
          0x011e1247
          0x011e1248
          0x011e1249
          0x011e124e
          0x011e121c
          0x011e121c
          0x011e1223
          0x011e1223
          0x011e121a
          0x011e120f
          0x011e125f
          0x011e1266
          0x011e126e
          0x011e126f
          0x011e1271
          0x011e13bd
          0x011e13bf
          0x011e13cf
          0x011e13d2
          0x011e13d4
          0x00000000
          0x011e13c1
          0x011e13c7
          0x00000000
          0x011e13c7
          0x00000000
          0x011e1277
          0x011e1277
          0x011e127d
          0x011e1280
          0x011e1286
          0x011e1289
          0x011e128f
          0x011e1295
          0x011e1297
          0x011e1299
          0x011e129b
          0x011e129b
          0x011e129d
          0x011e129d
          0x011e12aa
          0x011e12b1
          0x011e12b4
          0x011e12b5
          0x011e12b7
          0x011e12b8
          0x011e12b8
          0x011e12c0
          0x011e12c6
          0x011e12c8
          0x011e12ce
          0x011e12d0
          0x011e12d6
          0x011e12d9
          0x011e1394
          0x011e1395
          0x011e139b
          0x011e13a7
          0x011e13ae
          0x011e13af
          0x011e13b0
          0x011e13b5
          0x011e12df
          0x011e12e5
          0x011e12ec
          0x011e12ec
          0x011e12ec
          0x011e12ec
          0x011e12d9
          0x011e12f2
          0x011e12f2
          0x011e12f8
          0x011e12f8
          0x011e12f8
          0x011e12fe
          0x011e1304
          0x011e1307
          0x011e130d
          0x011e130f
          0x011e1311
          0x011e1317
          0x011e1319
          0x011e1319
          0x011e1319
          0x011e1317
          0x011e131e
          0x011e131f
          0x011e1321
          0x011e1323
          0x011e1323
          0x011e1325
          0x011e1327
          0x011e132d
          0x011e132f
          0x011e1335
          0x011e1335
          0x011e133b
          0x011e133d
          0x00000000
          0x00000000
          0x011e1343
          0x011e1345
          0x011e1347
          0x011e1347
          0x011e1349
          0x011e1349
          0x011e1359
          0x011e1360
          0x011e1363
          0x011e1364
          0x011e1366
          0x011e1366
          0x011e136a
          0x011e1370
          0x011e1372
          0x011e1378
          0x011e137e
          0x011e1381
          0x011e13df
          0x011e13e1
          0x011e13e2
          0x011e13e8
          0x011e13f4
          0x011e13fb
          0x011e13fc
          0x011e13fd
          0x011e1402
          0x011e1383
          0x011e1383
          0x011e138a
          0x011e138a
          0x011e1381
          0x011e1413
          0x011e1418
          0x011e1427
          0x011e142a
          0x011e1434
          0x011e1434
          0x011e1436
          0x011e1438
          0x011e143e
          0x011e1446
          0x011e144c
          0x011e144e
          0x011e1454
          0x011e1456
          0x011e1463
          0x011e1458
          0x011e1458
          0x011e145f
          0x011e145f
          0x011e1466
          0x011e146c
          0x011e146d
          0x011e1473
          0x011e1473
          0x011e1478
          0x011e147b
          0x011e147f
          0x011e147f
          0x011e1480
          0x011e1482
          0x011e1488
          0x011e148e
          0x00000000
          0x00000000
          0x00000000
          0x011e148e
          0x011e1335
          0x011e1494
          0x011e1496
          0x011e1499
          0x011e149b
          0x011e149e
          0x011e14a4
          0x00000000
          0x011e14a4
          0x011e013a
          0x011e0131
          0x011e0128
          0x011e00bd
          0x011e00c2
          0x011e00ca
          0x011e00de
          0x011e00e3
          0x011e00e7
          0x011e00e7
          0x011e00ea
          0x011e00fa
          0x011e1509
          0x011e150b
          0x011e150c
          0x011e150d
          0x011e150e
          0x011e150f
          0x011e1510
          0x011e1515
          0x011e1516
          0x011e1517
          0x011e1518
          0x011e1519
          0x011e151a
          0x011e151b
          0x011e151c
          0x011e151d
          0x011e151e
          0x011e151f
          0x011e1520
          0x011e1521
          0x011e1522
          0x011e1523
          0x011e1524
          0x011e1525
          0x011e1526
          0x011e1527
          0x011e1528
          0x011e1529
          0x011e152a
          0x011e152b
          0x011e152c
          0x011e152d
          0x011e152e
          0x011e152f
          0x011e1530
          0x011e1531
          0x011e1532
          0x011e1533
          0x011e1534
          0x011e1535
          0x011e1536
          0x011e1537
          0x011e1538
          0x011e1539
          0x011e153a
          0x011e153b
          0x011e153c
          0x011e153d
          0x011e153e
          0x011e153f
          0x011e1540
          0x011e1541
          0x011e1542
          0x011e1543
          0x011e1544
          0x011e1545
          0x011e1546
          0x011e1547
          0x011e1548
          0x011e1549
          0x011e154a
          0x011e154b
          0x011e154c
          0x011e154d
          0x011e154e
          0x011e154f
          0x011e1550
          0x011e1551
          0x011e1552
          0x011e1553
          0x011e1554
          0x011e1555
          0x011e1556
          0x011e1557
          0x011e1558
          0x011e1559
          0x011e155a
          0x011e155b
          0x011e155c
          0x011e155d
          0x011e155e
          0x011e155f
          0x011e1560
          0x011e1561
          0x011e1562
          0x011e1563
          0x011e1564
          0x011e1565
          0x011e1566
          0x011e1567
          0x011e1568
          0x011e1569
          0x011e156a
          0x011e156b
          0x011e156c
          0x011e156d
          0x011e156e
          0x011e156f
          0x011e1570
          0x011e1571
          0x011e1572
          0x011e1573
          0x011e1574
          0x011e1575
          0x011e1576
          0x011e1577
          0x011e1578
          0x011e1579
          0x011e157a
          0x011e157b
          0x011e157c
          0x011e157d
          0x011e157e
          0x011e157f
          0x011e1580
          0x011e1581
          0x011e1582
          0x011e1583
          0x011e1584
          0x011e1585
          0x011e1586
          0x011e1587
          0x011e1588
          0x011e1589
          0x011e158a
          0x011e158b
          0x011e158c
          0x011e158d
          0x011e158e
          0x011e158f
          0x011e1590
          0x011e1591
          0x011e1592
          0x011e1593
          0x011e1594
          0x011e1595
          0x011e1596
          0x011e1597
          0x011e1598
          0x011e1599
          0x011e159a
          0x011e159b
          0x011e159c
          0x011e159d
          0x011e159e
          0x011e159f
          0x011e15a0
          0x011e15a1
          0x011e15a2
          0x011e15a3
          0x011e15a4
          0x011e15a5
          0x011e15a6
          0x011e15a7
          0x011e15a8
          0x011e15a9
          0x011e15aa
          0x011e15ab
          0x011e15ac
          0x011e15ad
          0x011e15ae
          0x011e15af
          0x011e15b0
          0x011e15b1
          0x011e15b2
          0x011e15b3
          0x011e15b4
          0x011e15b5
          0x011e15b6
          0x011e15b7
          0x011e15b8
          0x011e15b9
          0x011e15ba
          0x011e15bb
          0x011e15bc
          0x011e15bd
          0x011e15be
          0x011e15bf
          0x011e15c0
          0x011e15c1
          0x011e15c2
          0x011e15c3
          0x011e15c4
          0x011e15c5
          0x011e15c6
          0x011e15c7
          0x011e15c8
          0x011e15c9
          0x011e15ca
          0x011e15cb
          0x011e15cc
          0x011e15cd
          0x011e15ce
          0x011e15cf
          0x011e15d0
          0x011e15d1
          0x011e15d2
          0x011e15d3
          0x011e15d4
          0x011e15d5
          0x011e15d6
          0x011e15d7
          0x011e15d8
          0x011e15d9
          0x011e15da
          0x011e15db
          0x011e15dc
          0x011e15dd
          0x011e15de
          0x011e15df
          0x011e15e0
          0x011e15e1
          0x011e15e2
          0x011e15e3
          0x011e15e4
          0x011e15e5
          0x011e15e6
          0x011e15e7
          0x011e15e8
          0x011e15e9
          0x011e15ea
          0x011e15eb
          0x011e15ec
          0x011e15ed
          0x011e15ee
          0x011e15ef
          0x011e15f0
          0x011e15f1
          0x011e15f2
          0x011e15f3
          0x011e15f4
          0x011e15f5
          0x011e15f6
          0x011e15f7
          0x011e15f8
          0x011e15f9
          0x011e15fa
          0x011e15fb
          0x011e15fc
          0x011e15fd
          0x011e15fe
          0x011e15ff
          0x011e1600
          0x011e1601
          0x011e1602
          0x011e1603
          0x011e1604
          0x011e1605
          0x011e1606
          0x011e1607
          0x011e1608
          0x011e1609
          0x011e160a
          0x011e160b
          0x011e160c
          0x011e160d
          0x011e160e
          0x011e160f
          0x011e1610
          0x011e1611
          0x011e1612
          0x011e1613
          0x011e1614
          0x011e1615
          0x011e1616
          0x011e1617
          0x011e1618
          0x011e1619
          0x011e161a
          0x011e161b
          0x011e161c
          0x011e161d
          0x011e161e
          0x011e161f
          0x011e1620
          0x011e1621
          0x011e1622
          0x011e1623
          0x011e1624
          0x011e1625
          0x011e1626
          0x011e1627
          0x011e1628
          0x011e1629
          0x011e162a
          0x011e162b
          0x011e162c
          0x011e162d
          0x011e162e
          0x011e162f
          0x011e1630
          0x011e1631
          0x011e1632
          0x011e1633
          0x011e1634
          0x011e1635
          0x011e1636
          0x011e1637
          0x011e1638
          0x011e1639
          0x011e163a
          0x011e163b
          0x011e163c
          0x011e163d
          0x011e163e
          0x011e163f
          0x011e1640
          0x011e1641
          0x011e1642
          0x011e1643
          0x011e1644
          0x011e1645
          0x011e1646
          0x011e1647
          0x011e1648
          0x011e1649
          0x011e164a
          0x011e164b
          0x011e164c
          0x011e164d
          0x011e164e
          0x011e164f
          0x011e1650
          0x011e1651
          0x011e1652
          0x011e1653
          0x011e1654
          0x011e1655
          0x011e1656
          0x011e1657
          0x011e1658
          0x011e1659
          0x011e165a
          0x011e165b
          0x011e165c
          0x011e165d
          0x011e165e
          0x011e165f
          0x011e1660
          0x011e1661
          0x011e1662
          0x011e1663
          0x011e1664
          0x011e1665
          0x011e1666
          0x011e1667
          0x011e1668
          0x011e1669
          0x011e166a
          0x011e166b
          0x011e166c
          0x011e166d
          0x011e166e
          0x011e166f
          0x011e1670
          0x011e1671
          0x011e1672
          0x011e1673
          0x011e1674
          0x011e1675
          0x011e1676
          0x011e1677
          0x011e1678
          0x011e1679
          0x011e167a
          0x011e167b
          0x011e167c
          0x011e167d
          0x011e167e
          0x011e167f
          0x011e1680
          0x011e1681
          0x011e1682
          0x011e1683
          0x011e1684
          0x011e1685
          0x011e1686
          0x011e1687
          0x011e1688
          0x011e1689
          0x011e168a
          0x011e168b
          0x011e168c
          0x011e168d
          0x011e168e
          0x011e168f
          0x011e1690
          0x011e1691
          0x011e1692
          0x011e1693
          0x011e1694
          0x011e1695
          0x011e1696
          0x011e1697
          0x011e1698
          0x011e1699
          0x011e169a
          0x011e169b
          0x011e169c
          0x011e169d
          0x011e169e
          0x011e169f
          0x011e16a0
          0x011e16a1
          0x011e16a2
          0x011e16a3
          0x011e16a4
          0x011e16a5
          0x011e16a6
          0x011e16a7
          0x011e16a8
          0x011e16a9
          0x011e16aa
          0x011e16ab
          0x011e16ac
          0x011e16ad
          0x011e16ae
          0x011e16af
          0x011e16b0
          0x011e16b1
          0x011e16b2
          0x011e16b3
          0x011e16b4
          0x011e16b5
          0x011e16b6
          0x011e16b7
          0x011e16b8
          0x011e16b9
          0x011e16ba
          0x011e16bb
          0x011e16bc
          0x011e16bd
          0x011e16be
          0x011e16bf
          0x011e16c0
          0x011e16c1
          0x011e16c2
          0x011e16c3
          0x011e16c4
          0x011e16c5
          0x011e16c6
          0x011e16c7
          0x011e16c8
          0x011e16c9
          0x011e16ca
          0x011e16cb
          0x011e16cc
          0x011e16cd
          0x011e16ce
          0x011e16cf
          0x011e16d0
          0x011e16d1
          0x011e16d2
          0x011e16d3
          0x011e16d4
          0x011e16d5
          0x011e16d6
          0x011e16d7
          0x011e16d8
          0x011e16d9
          0x011e16da
          0x011e16db
          0x011e16dc
          0x011e16dd
          0x011e16de
          0x011e16df
          0x011e16e0
          0x011e16e1
          0x011e16e2
          0x011e16e3
          0x011e16e4
          0x011e16e5
          0x011e16e6
          0x011e16e7
          0x011e16e8
          0x011e16e9
          0x011e16ea
          0x011e16eb
          0x011e16ec
          0x011e16ed
          0x011e16ee
          0x011e16ef
          0x011e16f0
          0x011e16f1
          0x011e16f2
          0x011e16f3
          0x011e16f4
          0x011e16f5
          0x011e16f6
          0x011e16f7
          0x011e16f8
          0x011e16f9
          0x011e16fa
          0x011e16fb
          0x011e16fc
          0x011e16fd
          0x011e16fe
          0x011e16ff
          0x011e1700
          0x011e1701
          0x011e1702
          0x011e1703
          0x011e1704
          0x011e1705
          0x011e1706
          0x011e1707
          0x011e1708
          0x011e1709
          0x011e170a
          0x011e170b
          0x011e170c
          0x011e170d
          0x011e170e
          0x011e170f
          0x011e1710
          0x011e1711
          0x011e1712
          0x011e1713
          0x011e1714
          0x011e1715
          0x011e1716
          0x011e1717
          0x011e1718
          0x011e1719
          0x011e171a
          0x011e171b
          0x011e171c
          0x011e171d
          0x011e171e
          0x011e171f
          0x011e1720
          0x011e1721
          0x011e1722
          0x011e1723
          0x011e1724
          0x011e1725
          0x011e1726
          0x011e1727
          0x011e1728
          0x011e1729
          0x011e172a
          0x011e172b
          0x011e172c
          0x011e172d
          0x011e172e
          0x011e172f
          0x011e1730
          0x011e1731
          0x011e1732
          0x011e1733
          0x011e1734
          0x011e1735
          0x011e1736
          0x011e1737
          0x011e1738
          0x011e1739
          0x011e173a
          0x011e173b
          0x011e173c
          0x011e173d
          0x011e173e
          0x011e173f
          0x011e1740
          0x011e1741
          0x011e1742
          0x011e1743
          0x011e1744
          0x011e1745
          0x011e1746
          0x011e1747
          0x011e1748
          0x011e1749
          0x011e174a
          0x011e174b
          0x011e174c
          0x011e174d
          0x011e174e
          0x011e174f
          0x011e1750
          0x011e1751
          0x011e1752
          0x011e1753
          0x011e1754
          0x011e1755
          0x011e1756
          0x011e1757
          0x011e1758
          0x011e1759
          0x011e175a
          0x011e175b
          0x011e175c
          0x011e175d
          0x011e175e
          0x011e175f
          0x011e1760
          0x011e1761
          0x011e1762
          0x011e1763
          0x011e1764
          0x011e1765
          0x011e1766
          0x011e1767
          0x011e1768
          0x011e1769
          0x011e176a
          0x011e176b
          0x011e176c
          0x011e176d
          0x011e176e
          0x011e176f
          0x011e1770
          0x011e1771
          0x011e1772
          0x011e1773
          0x011e1774
          0x011e1775
          0x011e1776
          0x011e1777
          0x011e1778
          0x011e1779
          0x011e177a
          0x011e177b
          0x011e177c
          0x011e177d
          0x011e177e
          0x011e177f
          0x011e1780
          0x011e1781
          0x011e1782
          0x011e1783
          0x011e1784
          0x011e1785
          0x011e1786
          0x011e1787
          0x011e1788
          0x011e1789
          0x011e178a
          0x011e178b
          0x011e178c
          0x011e178d
          0x011e178e
          0x011e178f
          0x011e1790
          0x011e1791
          0x011e1792
          0x011e1793
          0x011e1794
          0x011e1795
          0x011e1796
          0x011e1797
          0x011e1798
          0x011e1799
          0x011e179a
          0x011e179b
          0x011e179c
          0x011e179d
          0x011e179e
          0x011e179f
          0x011e17a0
          0x011e17a1
          0x011e17a2
          0x011e17a3
          0x011e17a4
          0x011e17a5
          0x011e17a6
          0x011e17a7
          0x011e17a8
          0x011e17a9
          0x011e17aa
          0x011e17ab
          0x011e17ac
          0x011e17ad
          0x011e17ae
          0x011e17af
          0x011e17b0
          0x011e17b1
          0x011e17b2
          0x011e17b3
          0x011e17b4
          0x011e17b5
          0x011e17b6
          0x011e17b7
          0x011e17b8
          0x011e17b9
          0x011e17ba
          0x011e17bb
          0x011e17bc
          0x011e17bd
          0x011e17be
          0x011e17bf
          0x011e17c0
          0x011e17c1
          0x011e17c2
          0x011e17c3
          0x011e17c4
          0x011e17c5
          0x011e17c6
          0x011e17c7
          0x011e17c8
          0x011e17c9
          0x011e17ca
          0x011e17cb
          0x011e17cc
          0x011e17cd
          0x011e17ce
          0x011e17cf
          0x011e17d0
          0x011e17d1
          0x011e17d2
          0x011e17d3
          0x011e17d4
          0x011e17d5
          0x011e17d6
          0x011e17d7
          0x011e17d8
          0x011e17d9
          0x011e17da
          0x011e17db
          0x011e17dc
          0x011e17dd
          0x011e17de
          0x011e17df
          0x011e17e0
          0x011e17e1
          0x011e17e2
          0x011e17e3
          0x011e17e4
          0x011e17e5
          0x011e17e6
          0x011e17e7
          0x011e17e8
          0x011e17e9
          0x011e17ea
          0x011e17eb
          0x011e17ec
          0x011e17ed
          0x011e17ee
          0x011e17ef
          0x011e17f0
          0x011e17f1
          0x011e17f2
          0x011e17f3
          0x011e17f4
          0x011e17f5
          0x011e17f6
          0x011e17f7
          0x011e17f8
          0x011e17f9
          0x011e17fa
          0x011e17fb
          0x011e17fc
          0x011e17fd
          0x011e17fe
          0x011e17ff
          0x011e1800
          0x011e1801
          0x011e1802
          0x011e1803
          0x011e1804
          0x011e1805
          0x011e1806
          0x011e1807
          0x011e1808
          0x011e1809
          0x011e180a
          0x011e180b
          0x011e180c
          0x011e180d
          0x011e180e
          0x011e180f
          0x011e1810
          0x011e1811
          0x011e1812
          0x011e1813
          0x011e1814
          0x011e1815
          0x011e1816
          0x011e1817
          0x011e1818
          0x011e1819
          0x011e181a
          0x011e181b
          0x011e181c
          0x011e181d
          0x011e181e
          0x011e181f
          0x011e1820
          0x011e1821
          0x011e1822
          0x011e1823
          0x011e1824
          0x011e1825
          0x011e1826
          0x011e1827
          0x011e1828
          0x011e1829
          0x011e182a
          0x011e182b
          0x011e182c
          0x011e182d
          0x011e182e
          0x011e182f
          0x011e1830
          0x011e1831
          0x011e1832
          0x011e1833
          0x011e1834
          0x011e1835
          0x011e1836
          0x011e1837
          0x011e1838
          0x011e1839
          0x011e183a
          0x011e183b
          0x011e183c
          0x011e183d
          0x011e183e
          0x011e183f
          0x011e1840
          0x011e1841
          0x011e1842
          0x011e1843
          0x011e1844
          0x011e1845
          0x011e1846
          0x011e1847
          0x011e1848
          0x011e1849
          0x011e184a
          0x011e184b
          0x011e184c
          0x011e184d
          0x011e184e
          0x011e184f
          0x011e1850
          0x011e1851
          0x011e1852
          0x011e1853
          0x011e1854
          0x011e1855
          0x011e1856
          0x011e1857
          0x011e1858
          0x011e1859
          0x011e185a
          0x011e185b
          0x011e185c
          0x011e185d
          0x011e185e
          0x011e185f
          0x011e1860
          0x011e1861
          0x011e1862
          0x011e1863
          0x011e1864
          0x011e1865
          0x011e1866
          0x011e1867
          0x011e1868
          0x011e1869
          0x011e186a
          0x011e186b
          0x011e186c
          0x011e186d
          0x011e186e
          0x011e186f
          0x011e1870
          0x011e1871
          0x011e1872
          0x011e1873
          0x011e1874
          0x011e1875
          0x011e1876
          0x011e1877
          0x011e1878
          0x011e1879
          0x011e187a
          0x011e187b
          0x011e187c
          0x011e187d
          0x011e187e
          0x011e187f
          0x011e1880
          0x011e1881
          0x011e1882
          0x011e1883
          0x011e1884
          0x011e1885
          0x011e1886
          0x011e1887
          0x011e1888
          0x011e1889
          0x011e188a
          0x011e188b
          0x011e188c
          0x011e188d
          0x011e188e
          0x011e188f
          0x011e1890
          0x011e1891
          0x011e1892
          0x011e1893
          0x011e1894
          0x011e1895
          0x011e1896
          0x011e1897
          0x011e1898
          0x011e1899
          0x011e189a
          0x011e189b
          0x011e189c
          0x011e189d
          0x011e189e
          0x011e189f
          0x011e18a0
          0x011e18a1
          0x011e18a2
          0x011e18a3
          0x011e18a4
          0x011e18a5
          0x011e18a6
          0x011e18a7
          0x011e18a8
          0x011e18a9
          0x011e18aa
          0x011e18ab
          0x011e18ac
          0x011e18ad
          0x011e18ae
          0x011e18af
          0x011e18b0
          0x011e18b1
          0x011e18b2
          0x011e18b3
          0x011e18b4
          0x011e18b5
          0x011e18b6
          0x011e18b7
          0x011e18b8
          0x011e18b9
          0x011e18ba
          0x011e18bb
          0x011e18bc
          0x011e18bd
          0x011e18be
          0x011e18bf
          0x011e18c0
          0x011e18c1
          0x011e18c2
          0x011e18c3
          0x011e18c4
          0x011e18c5
          0x011e18c6
          0x011e18c7
          0x011e18c8
          0x011e18c9
          0x011e18ca
          0x011e18cb
          0x011e18cc
          0x011e18cd
          0x011e18ce
          0x011e18cf
          0x011e18d0
          0x011e18d1
          0x011e18d2
          0x011e18d3
          0x011e18d4
          0x011e18d5
          0x011e18d6
          0x011e18d7
          0x011e18d8
          0x011e18d9
          0x011e18da
          0x011e18db
          0x011e18dc
          0x011e18dd
          0x011e18de
          0x011e18df
          0x011e18e0
          0x011e18e1
          0x011e18e2
          0x011e18e3
          0x011e18e4
          0x011e18e5
          0x011e18e6
          0x011e18e7
          0x011e18e8
          0x011e18e9
          0x011e18ea
          0x011e18eb
          0x011e18ec
          0x011e18ed
          0x011e18ee
          0x011e18ef
          0x011e18f0
          0x011e18f1
          0x011e18f2
          0x011e18f3
          0x011e18f4
          0x011e18f5
          0x011e18f6
          0x011e18f7
          0x011e18f8
          0x011e18f9
          0x011e18fa
          0x011e18fb
          0x011e18fc
          0x011e18fd
          0x011e18fe
          0x011e18ff
          0x011e1900
          0x011e1901
          0x011e1902
          0x011e1903
          0x011e1904
          0x011e1905
          0x011e1906
          0x011e1907
          0x011e1908
          0x011e1909
          0x011e190a
          0x011e190b
          0x011e190c
          0x011e190d
          0x011e190e
          0x011e190f
          0x011e1910
          0x011e1911
          0x011e1912
          0x011e1913
          0x011e1914
          0x011e1915
          0x011e1916
          0x011e1917
          0x011e1918
          0x011e1919
          0x011e191a
          0x011e191b
          0x011e191c
          0x011e191d
          0x011e191e
          0x011e191f
          0x011e1920
          0x011e1921
          0x011e1922
          0x011e1923
          0x011e1924
          0x011e1925
          0x011e1926
          0x011e1927
          0x011e1928
          0x011e1929
          0x011e192a
          0x011e192b
          0x011e192c
          0x011e192d
          0x011e192e
          0x011e192f
          0x011e1930
          0x011e1931
          0x011e1932
          0x011e1933
          0x011e1934
          0x011e1935
          0x011e1936
          0x011e1937
          0x011e1938
          0x011e1939
          0x011e193a
          0x011e193b
          0x011e193c
          0x011e193d
          0x011e193e
          0x011e193f
          0x011e1940
          0x011e1941
          0x011e1942
          0x011e1943
          0x011e1944
          0x011e1945
          0x011e1946
          0x011e1947
          0x011e1948
          0x011e1949
          0x011e194a
          0x011e194b
          0x011e194c
          0x011e194d
          0x011e194e
          0x011e194f
          0x011e1950
          0x011e1951
          0x011e1952
          0x011e1953
          0x011e1954
          0x011e1955
          0x011e1956
          0x011e1957
          0x011e1958
          0x011e1959
          0x011e195a
          0x011e195b
          0x011e195c
          0x011e195d
          0x011e195e
          0x011e195f
          0x011e1960
          0x011e1961
          0x011e1962
          0x011e1963
          0x011e1964
          0x011e1965
          0x011e1966
          0x011e1967
          0x011e1968
          0x011e1969
          0x011e196a
          0x011e196b
          0x011e196c
          0x011e196d
          0x011e196e
          0x011e196f
          0x011e1970
          0x011e1971
          0x011e1972
          0x011e1973
          0x011e1974
          0x011e1975
          0x011e1976
          0x011e1977
          0x011e1978
          0x011e1979
          0x011e197a
          0x011e197b
          0x011e197c
          0x011e197d
          0x011e197e
          0x011e197f
          0x011e1980
          0x011e1981
          0x011e1982
          0x011e1983
          0x011e1984
          0x011e1985
          0x011e1986
          0x011e1987
          0x011e1988
          0x011e1989
          0x011e198a
          0x011e198b
          0x011e198c
          0x011e198d
          0x011e198e
          0x011e198f
          0x011e1990
          0x011e1991
          0x011e1992
          0x011e1993
          0x011e1994
          0x011e1995
          0x011e1996
          0x011e1997
          0x011e1998
          0x011e1999
          0x011e199a
          0x011e199b
          0x011e199c
          0x011e199d
          0x011e199e
          0x011e199f
          0x011e19a0
          0x011e19a1
          0x011e19a2
          0x011e19a3
          0x011e19a4
          0x011e19a5
          0x011e19a6
          0x011e19a7
          0x011e19a8
          0x011e19a9
          0x011e19aa
          0x011e19ab
          0x011e19ac
          0x011e19ad
          0x011e19ae
          0x011e19af
          0x011e19b0
          0x011e19b1
          0x011e19b2
          0x011e19b3
          0x011e19b4
          0x011e19b5
          0x011e19b6
          0x011e19b7
          0x011e19b8
          0x011e19b9
          0x011e19ba
          0x011e19bb
          0x011e19bc
          0x011e19bd
          0x011e19be
          0x011e19bf
          0x011e19c0
          0x011e19c1
          0x011e19c2
          0x011e19c3
          0x011e19c4
          0x011e19c5
          0x011e19c6
          0x011e19c7
          0x011e19c8
          0x011e19c9
          0x011e19ca
          0x011e19cb
          0x011e19cc
          0x011e19cd
          0x011e19ce
          0x011e19cf
          0x011e19d0
          0x011e19d1
          0x011e19d2
          0x011e19d3
          0x011e19d4
          0x011e19d5
          0x011e19d6
          0x011e19d7
          0x011e19d8
          0x011e19d9
          0x011e19da
          0x011e19db
          0x011e19dc
          0x011e19dd
          0x011e19de
          0x011e19df
          0x011e19e0
          0x011e19e1
          0x011e19e2
          0x011e19e3
          0x011e19e4
          0x011e19e5
          0x011e19e6
          0x011e19e7
          0x011e19e8
          0x011e19e9
          0x011e19ea
          0x011e19eb
          0x011e19ec
          0x011e19ed
          0x011e19ee
          0x011e19ef
          0x011e19f0
          0x011e19f1
          0x011e19f2
          0x011e19f3
          0x011e19f4
          0x011e19f5
          0x011e19f6
          0x011e19f7
          0x011e19f8
          0x011e19f9
          0x011e19fa
          0x011e19fb
          0x011e19fc
          0x011e19fd
          0x011e19fe
          0x011e19ff
          0x011e1a00
          0x011e1a01
          0x011e1a02
          0x011e1a03
          0x011e1a04
          0x011e1a05
          0x011e1a06
          0x011e1a07
          0x011e1a08
          0x011e1a09
          0x011e1a0a
          0x011e1a0b
          0x011e1a0c
          0x011e1a0d
          0x011e1a0e
          0x011e1a0f
          0x011e1a10
          0x011e1a11
          0x011e1a12
          0x011e1a13
          0x011e1a14
          0x011e1a15
          0x011e1a16
          0x011e1a17
          0x011e1a18
          0x011e1a19
          0x011e1a1a
          0x011e1a1b
          0x011e1a1c
          0x011e1a1d
          0x011e1a1e
          0x011e1a1f
          0x011e1a20
          0x011e1a21
          0x011e1a22
          0x011e1a23
          0x011e1a24
          0x011e1a25
          0x011e1a26
          0x011e1a27
          0x011e1a28
          0x011e1a29
          0x011e1a2a
          0x011e1a2b
          0x011e1a2c
          0x011e1a2d
          0x011e1a2e
          0x011e1a2f
          0x011e1a30
          0x011e1a31
          0x011e1a32
          0x011e1a33
          0x011e1a34
          0x011e1a35
          0x011e1a36
          0x011e1a37
          0x011e1a38
          0x011e1a39
          0x011e1a3a
          0x011e1a3b
          0x011e1a3c
          0x011e1a3d
          0x011e1a3e
          0x011e1a3f
          0x011e1a40
          0x011e1a41
          0x011e1a42
          0x011e1a43
          0x011e1a44
          0x011e1a45
          0x011e1a46
          0x011e1a47
          0x011e1a48
          0x011e1a49
          0x011e1a4a
          0x011e1a4b
          0x011e1a4c
          0x011e1a4d
          0x011e1a4e
          0x011e1a4f
          0x011e1a50
          0x011e1a51
          0x011e1a52
          0x011e1a53
          0x011e1a54
          0x011e1a55
          0x011e1a56
          0x011e1a59
          0x011e1a5c
          0x011e1a5d
          0x011e1a60
          0x011e1a62
          0x011e1a68
          0x011e1a6b
          0x011e1a6d
          0x011e1a82
          0x011e1a83
          0x011e1a86
          0x011e1a88
          0x011e1a9e
          0x011e1aa4
          0x011e1aac
          0x011e1aae
          0x011e1ab9
          0x011e1abc
          0x011e1ad3
          0x011e1abe
          0x011e1abe
          0x011e1ac3
          0x00000000
          0x011e1ac3
          0x011e1ab0
          0x011e1ab0
          0x011e1ab5
          0x011e1ac5
          0x011e1ac5
          0x011e1ac6
          0x011e1ac8
          0x011e1acd
          0x011e1acd
          0x011e1a8a
          0x011e1a8a
          0x011e1a8d
          0x00000000
          0x011e1a8f
          0x011e1a92
          0x011e1a9a
          0x011e1a9a
          0x011e1a8d
          0x011e1a6f
          0x011e1a6f
          0x011e1a76
          0x011e1a77
          0x011e1a79
          0x011e1a7e
          0x011e1a7e
          0x011e1a64
          0x011e1a64
          0x011e1a64
          0x011e1ad7
          0x011e0100
          0x011e14e2
          0x011e14e2
          0x011e14e9
          0x011e14ea
          0x011e14eb
          0x011e14f4
          0x011e14f9
          0x011e1501
          0x011e1508
          0x011e1508
          0x00000000
          0x00000000
          0x00000000
          0x011e00ca

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
          • API String ID: 0-2761157908
          • Opcode ID: ba0e3e49e5553f6823ef4c28842ac6a357be0230d5eeb19d6d9e7ad473dcf2db
          • Instruction ID: 59bbd33a4ec1453ca80d5001552419b8ba4088325d13a9c579f967193c9a156d
          • Opcode Fuzzy Hash: ba0e3e49e5553f6823ef4c28842ac6a357be0230d5eeb19d6d9e7ad473dcf2db
          • Instruction Fuzzy Hash: B3D23A71E08A299FDB69CE68DD447EAB7F5EB88304F1441EAE40DE7240D774AE818F41
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01153431 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 378COMMON
          Download Yara Rule
          C-Code - Quality: 17%
          			E01153431(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t33;
				short* _t34;
				intOrPtr* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed short _t39;
				signed short* _t42;
				intOrPtr _t45;
				void* _t47;
				signed int _t50;
				void* _t52;
				signed int _t56;
				void* _t68;
				void* _t72;
				void* _t73;
				void* _t77;
				intOrPtr* _t84;
				short* _t86;
				void* _t88;
				intOrPtr* _t91;
				intOrPtr* _t95;
				signed int _t113;
				void* _t114;
				intOrPtr* _t116;
				intOrPtr _t119;
				signed int* _t120;
				void* _t121;
				intOrPtr* _t123;
				signed short _t125;
				int _t127;
				void* _t128;
				void* _t131;
				signed int _t132;

				_push(__ecx);
				_push(__ecx);
				_t84 = _a4;
				_t33 = L0115407F(__ecx, __edx);
				_t113 = 0;
				_v12 = 0;
				_t3 = _t33 + 0x50; // 0x50
				_t123 = _t3;
				_t4 = _t123 + 0x250; // 0x2a0
				_t34 = _t4;
				 *((intOrPtr*)(_t123 + 8)) = 0;
				 *_t34 = 0;
				_t6 = _t123 + 4; // 0x54
				_t116 = _t6;
				_v8 = _t34;
				_t91 = _t84;
				_t35 = _t84 + 0x80;
				 *_t123 = _t84;
				 *_t116 = _t35;
				if( *_t35 != 0) {
					E011DB609(0x11f8e38, 0x16, _t116);
					_t91 =  *_t123;
					_t131 = _t131 + 0xc;
					_t113 = 0;
				}
				_push(_t123);
				if( *_t91 == _t113) {
					E011DAD82(_t84, _t91);
					goto L13;
				} else {
					if( *((intOrPtr*)( *_t116)) == _t113) {
						E011DAEE9();
					} else {
						E011DAE2A(_t91);
					}
					if( *((intOrPtr*)(_t123 + 8)) == 0) {
						_t77 = E011DB609(0x11f8a88, 0x40, _t123);
						_t131 = _t131 + 0xc;
						if(_t77 != 0) {
							_push(_t123);
							if( *((intOrPtr*)( *_t116)) == 0) {
								E011DAEE9();
							} else {
								E011DAE2A(0);
							}
							L13:
						}
					}
				}
				if( *((intOrPtr*)(_t123 + 8)) == 0) {
					L38:
					_t37 = 0;
					goto L39;
				} else {
					_t38 = _t84 + 0x100;
					if( *_t84 != 0 ||  *_t38 != 0) {
						_t39 = E011DB41F(_t38, _t123);
					} else {
						_t39 = GetACP();
					}
					_t125 = _t39;
					if(_t125 == 0 || _t125 == 0xfde8 || IsValidCodePage(_t125 & 0x0000ffff) == 0) {
						goto L38;
					} else {
						_t42 = _a8;
						if(_t42 != 0) {
							 *_t42 = _t125;
						}
						_t119 = _a12;
						if(_t119 == 0) {
							L37:
							_t37 = 1;
							L39:
							return _t37;
						} else {
							_t95 = _v8;
							_t86 = _t119 + 0x120;
							 *_t86 = 0;
							_t114 = _t95 + 2;
							do {
								_t45 =  *_t95;
								_t95 = _t95 + 2;
							} while (_t45 != _v12);
							_t97 = _t95 - _t114 >> 1;
							_push((_t95 - _t114 >> 1) + 1);
							_t47 = L0115569B(_t86, 0x55, _v8);
							_t132 = _t131 + 0x10;
							if(_t47 != 0) {
								L40:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								L0115342C();
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_t130 = _t132;
								_t50 =  *0x14efcac; // 0x473d9cf5
								_v52 = _t50 ^ _t132;
								_push(_t86);
								_push(_t125);
								_push(_t119);
								_t52 = L0115407F(_t97, _t114);
								_t87 = _t52;
								_t120 =  *(L0115407F(_t97, _t114) + 0x34c);
								_t127 = L011DBFBB(_v40);
								asm("sbb ecx, ecx");
								_t56 = GetLocaleInfoW(_t127, ( ~( *(_t52 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								if(_t56 != 0) {
									if(L01153503(_t120, _t127,  *((intOrPtr*)(_t87 + 0x54)),  &_v252) == 0 && E011DC139(_t127) != 0) {
										 *_t120 =  *_t120 | 0x00000004;
										_t120[2] = _t127;
										_t120[1] = _t127;
									}
									_t62 =  !( *_t120 >> 2) & 0x00000001;
								} else {
									 *_t120 =  *_t120 & _t56;
									_t62 = _t56 + 1;
								}
								_pop(_t121);
								_pop(_t128);
								_pop(_t88);
								return L01152ECD(_t62, _t88, _v12 ^ _t130, _t114, _t121, _t128);
							} else {
								if(L0115444E(_t86, 0x1001, _t119, 0x40) == 0) {
									goto L38;
								} else {
									_t86 = _t119 + 0x80;
									if(L0115444E(_t119 + 0x120, 0x1002, _t86, 0x40) == 0) {
										goto L38;
									} else {
										_t68 = L01154CC8(_t86, 0x5f);
										_pop(_t97);
										if(_t68 != 0) {
											L32:
											if(L0115444E(_t119 + 0x120, 7, _t86, 0x40) == 0) {
												goto L38;
											} else {
												goto L33;
											}
										} else {
											_t73 = L01154CC8(_t86, 0x2e);
											_pop(_t97);
											if(_t73 == 0) {
												L33:
												_t119 = _t119 + 0x100;
												if(_t125 != 0xfde9) {
													L011541A1(_t97, _t125, _t119, 0x10, 0xa);
													goto L37;
												} else {
													_push(5);
													_t72 = L0115569B(_t119, 0x10, L"utf8");
													_t132 = _t132 + 0x10;
													if(_t72 != 0) {
														goto L40;
													} else {
														goto L37;
													}
												}
											} else {
												goto L32;
											}
										}
									}
								}
							}
						}
					}
				}
			}














































          0x011db696
          0x011db697
          0x011db699
          0x011db69e
          0x011db6a5
          0x011db6a7
          0x011db6aa
          0x011db6aa
          0x011db6ad
          0x011db6ad
          0x011db6b3
          0x011db6b6
          0x011db6b9
          0x011db6b9
          0x011db6bc
          0x011db6bf
          0x011db6c1
          0x011db6c7
          0x011db6c9
          0x011db6ce
          0x011db6d8
          0x011db6dd
          0x011db6df
          0x011db6e2
          0x011db6e2
          0x011db6e4
          0x011db6e8
          0x011db731
          0x00000000
          0x011db6ea
          0x011db6ef
          0x011db6f8
          0x011db6f1
          0x011db6f1
          0x011db6f1
          0x011db703
          0x011db70d
          0x011db712
          0x011db717
          0x011db71d
          0x011db721
          0x011db72a
          0x011db723
          0x011db723
          0x011db723
          0x011db736
          0x011db736
          0x011db717
          0x011db703
          0x011db73c
          0x011db878
          0x011db878
          0x00000000
          0x011db742
          0x011db742
          0x011db74b
          0x011db75c
          0x011db752
          0x011db752
          0x011db752
          0x011db763
          0x011db767
          0x00000000
          0x011db78b
          0x011db78b
          0x011db790
          0x011db792
          0x011db792
          0x011db794
          0x011db799
          0x011db873
          0x011db875
          0x011db87a
          0x011db87e
          0x011db79f
          0x011db79f
          0x011db7a2
          0x011db7aa
          0x011db7ad
          0x011db7b0
          0x011db7b0
          0x011db7b3
          0x011db7b6
          0x011db7be
          0x011db7c3
          0x011db7ca
          0x011db7cf
          0x011db7d4
          0x011db87f
          0x011db881
          0x011db882
          0x011db883
          0x011db884
          0x011db885
          0x011db886
          0x011db88b
          0x011db88c
          0x011db88d
          0x011db88e
          0x011db88f
          0x011db890
          0x011db891
          0x011db892
          0x011db893
          0x011db894
          0x011db895
          0x011db896
          0x011db897
          0x011db898
          0x011db899
          0x011db89a
          0x011db89b
          0x011db89c
          0x011db89d
          0x011db89e
          0x011db89f
          0x011db8a0
          0x011db8a1
          0x011db8a2
          0x011db8a3
          0x011db8a4
          0x011db8a5
          0x011db8a6
          0x011db8a7
          0x011db8a8
          0x011db8a9
          0x011db8aa
          0x011db8ab
          0x011db8ac
          0x011db8ad
          0x011db8ae
          0x011db8af
          0x011db8b0
          0x011db8b1
          0x011db8b2
          0x011db8b3
          0x011db8b4
          0x011db8b5
          0x011db8b6
          0x011db8b7
          0x011db8b8
          0x011db8b9
          0x011db8ba
          0x011db8bb
          0x011db8bc
          0x011db8bd
          0x011db8be
          0x011db8bf
          0x011db8c0
          0x011db8c1
          0x011db8c2
          0x011db8c3
          0x011db8c4
          0x011db8c5
          0x011db8c6
          0x011db8c7
          0x011db8c8
          0x011db8c9
          0x011db8ca
          0x011db8cb
          0x011db8cc
          0x011db8cd
          0x011db8ce
          0x011db8cf
          0x011db8d0
          0x011db8d1
          0x011db8d2
          0x011db8d3
          0x011db8d4
          0x011db8d5
          0x011db8d6
          0x011db8d7
          0x011db8d8
          0x011db8d9
          0x011db8da
          0x011db8db
          0x011db8dc
          0x011db8dd
          0x011db8de
          0x011db8df
          0x011db8e0
          0x011db8e1
          0x011db8e2
          0x011db8e3
          0x011db8e4
          0x011db8e5
          0x011db8e6
          0x011db8e7
          0x011db8e8
          0x011db8e9
          0x011db8ea
          0x011db8eb
          0x011db8ec
          0x011db8ed
          0x011db8ee
          0x011db8ef
          0x011db8f0
          0x011db8f1
          0x011db8f2
          0x011db8f3
          0x011db8f4
          0x011db8f5
          0x011db8f6
          0x011db8f7
          0x011db8f8
          0x011db8f9
          0x011db8fa
          0x011db8fb
          0x011db8fc
          0x011db8fd
          0x011db8fe
          0x011db8ff
          0x011db900
          0x011db901
          0x011db902
          0x011db903
          0x011db904
          0x011db905
          0x011db906
          0x011db907
          0x011db908
          0x011db909
          0x011db90d
          0x011db915
          0x011db91c
          0x011db91f
          0x011db920
          0x011db924
          0x011db925
          0x011db92a
          0x011db932
          0x011db941
          0x011db94d
          0x011db95e
          0x011db966
          0x011db980
          0x011db98d
          0x011db990
          0x011db993
          0x011db993
          0x011db99d
          0x011db968
          0x011db968
          0x011db96a
          0x011db96a
          0x011db9a3
          0x011db9a4
          0x011db9a7
          0x011db9ae
          0x011db7da
          0x011db7ea
          0x00000000
          0x011db7f0
          0x011db7f2
          0x011db80c
          0x00000000
          0x011db80e
          0x011db811
          0x011db817
          0x011db81a
          0x011db82a
          0x011db83d
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011db81c
          0x011db81f
          0x011db825
          0x011db828
          0x011db83f
          0x011db83f
          0x011db84b
          0x011db86b
          0x00000000
          0x011db84d
          0x011db84d
          0x011db857
          0x011db85c
          0x011db861
          0x00000000
          0x011db863
          0x00000000
          0x011db863
          0x011db861
          0x00000000
          0x00000000
          0x00000000
          0x011db828
          0x011db81a
          0x011db80c
          0x011db7ea
          0x011db7d4
          0x011db799
          0x011db767

          APIs
          • GetACP.KERNEL32 ref: 011DB752
          • IsValidCodePage.KERNEL32(00000000), ref: 011DB77D
          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 011DB95E
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: CodeInfoLocalePageValid
          • String ID: utf8
          • API String ID: 790303815-905460609
          • Opcode ID: 8c04b1f1945b0e37d6b76fe8e8ae6677b0969f216fe032295f44393bf156e236
          • Instruction ID: 267e0b5bb1e5be157d01ef97298a46d0166967391f423351aa74e550b900bc38
          • Opcode Fuzzy Hash: 8c04b1f1945b0e37d6b76fe8e8ae6677b0969f216fe032295f44393bf156e236
          • Instruction Fuzzy Hash: 41713931A04202EBEB2DEB39CC45BBB77A8EF56744F164429EA16DB180FB70D540C769
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0115384B Relevance: 6.1, APIs: 4, Instructions: 74COMMON
          Download Yara Rule
          C-Code - Quality: 85%
          			E0115384B(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				L01154C2D(_t34);
				 *_t60 = 0x2cc;
				_v632 = L01152F9A(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				L01152F9A(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return L01154C2D(_t49);
				}
				return _t49;
			}


































          0x0115384b
          0x0115384b
          0x0115384b
          0x01188380
          0x01188382
          0x01188385
          0x01188385
          0x01188389
          0x0118838e
          0x011883a6
          0x011883ac
          0x011883b2
          0x011883b8
          0x011883be
          0x011883c4
          0x011883ca
          0x011883d1
          0x011883d8
          0x011883df
          0x011883e6
          0x011883ed
          0x011883f4
          0x011883f5
          0x011883fe
          0x01188404
          0x01188407
          0x0118840d
          0x0118841c
          0x01188428
          0x01188433
          0x0118843a
          0x01188441
          0x0118844c
          0x01188454
          0x0118845d
          0x0118845f
          0x01188462
          0x01188464
          0x0118846e
          0x01188476
          0x0118847c
          0x00000000
          0x01188483
          0x01188486

          APIs
          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 01188378
          • IsDebuggerPresent.KERNEL32 ref: 01188444
          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01188464
          • UnhandledExceptionFilter.KERNEL32(?), ref: 0118846E
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
          • String ID:
          • API String ID: 254469556-0
          • Opcode ID: b783d0253b989bdddf05af35f7ed28a71bc14b186d94a89ac8d1644060f9dce3
          • Instruction ID: cbc09c3aa7354a8fc8a8c2c49337b3bfb600b0b1415528bb7b3eb22787603a23
          • Opcode Fuzzy Hash: b783d0253b989bdddf05af35f7ed28a71bc14b186d94a89ac8d1644060f9dce3
          • Instruction Fuzzy Hash: AF314BB5D05219DFDB60EFA4D9497CDBBB8BF08304F10419AE50DAB250EB709A84CF45
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01160C7A Relevance: 5.1, Strings: 4, Instructions: 135COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: FetP$Noad$bryA$qess
          • API String ID: 0-663226384
          • Opcode ID: c89ad99f0f8af1b2e5e425fce53544c60d97e9978b866c593c5863b7e14be573
          • Instruction ID: 581ba4fb44593c3ea98fdc1707202fefd05552e0672d890be9ed28905f08f2d2
          • Opcode Fuzzy Hash: c89ad99f0f8af1b2e5e425fce53544c60d97e9978b866c593c5863b7e14be573
          • Instruction Fuzzy Hash: B0418B72604609DFD764CF6CD880AA8B7E9FF98364B290269E904D3315E731FC61CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011C2752 Relevance: 4.5, APIs: 3, Instructions: 20COMMON
          Download Yara Rule
          C-Code - Quality: 100%
          			E011C2752(int _a4) {
				void* _t14;

				if(L0115626C(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E011C282A(_t14, _a4);
				ExitProcess(_a4);
			}




          0x011c275f
          0x011c277b
          0x011c277b
          0x011c2784
          0x011c278d

          APIs
          • GetCurrentProcess.KERNEL32(?,?,011C2738,?,?,?,?), ref: 011C2774
          • TerminateProcess.KERNEL32(00000000,?,011C2738,?,?,?,?), ref: 011C277B
          • ExitProcess.KERNEL32 ref: 011C278D
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: Process$CurrentExitTerminate
          • String ID:
          • API String ID: 1703294689-0
          • Opcode ID: f68a4b18820145fb5f06dbd694f6d3a1e701816d89c5541b309d9c08324d405b
          • Instruction ID: 72a6c2324b1658d523c96edaeb50153fa002d10b5338e8fa5a139e326832f223
          • Opcode Fuzzy Hash: f68a4b18820145fb5f06dbd694f6d3a1e701816d89c5541b309d9c08324d405b
          • Instruction Fuzzy Hash: 40E0B672400609AFCF266B58D988A4A3B69EB61651B150418FD0996235CF79DD92CB80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0115282E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
          Download Yara Rule
          Strings
          • GetEnabledXStateFeatures, xrefs: 011CC33A
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: GetEnabledXStateFeatures
          • API String ID: 0-1068256093
          • Opcode ID: b68c4fd3d9e9ae6119804ac4016acd2274ea46ad7e642350ea215e170905092b
          • Instruction ID: f8120e5ed353632e3961b3242c25e86e2050b3907be3d017f22b507d2ee28035
          • Opcode Fuzzy Hash: b68c4fd3d9e9ae6119804ac4016acd2274ea46ad7e642350ea215e170905092b
          • Instruction Fuzzy Hash: 46F04671644228BBCB2D3E25AC09FAE3E01AFA0F61F09041CFE1D6A210DB708D2187D1
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011D4A53 Relevance: 2.1, APIs: 1, Instructions: 584COMMON
          Download Yara Rule
          C-Code - Quality: 24%
          			E011D4A53(void* __eflags, signed short* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr* _v28;
				signed short _v32;
				signed int _v36;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v124;
				char _v528;
				intOrPtr _v532;
				char _v536;
				char _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t93;
				void* _t96;
				signed int _t101;
				signed int _t103;
				long _t105;
				signed int* _t108;
				signed int _t109;
				signed int _t117;
				signed int _t120;
				signed int _t123;
				signed short _t124;
				signed short _t129;
				void* _t131;
				void* _t141;
				signed int _t142;
				signed int _t144;
				void* _t146;
				void* _t147;
				signed int _t156;
				signed short _t158;
				void* _t159;
				void* _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				intOrPtr* _t167;
				signed short* _t169;
				intOrPtr* _t170;
				intOrPtr* _t171;
				signed int _t172;
				signed int _t186;
				signed short* _t188;
				signed short* _t194;
				void* _t199;
				signed int _t200;
				signed int _t201;
				signed short _t202;
				signed int _t203;
				signed short* _t204;
				signed int _t206;
				signed short* _t207;
				signed short _t208;
				signed short _t209;
				signed short* _t210;
				intOrPtr* _t211;
				signed int _t212;
				signed int _t214;
				signed int _t220;
				signed int _t224;
				signed int _t228;
				void* _t229;
				void* _t230;
				void* _t232;
				signed int _t233;
				void* _t234;
				signed int _t235;
				void* _t241;
				void* _t242;

				_v28 = E01153A85();
				_v12 = L01155C18();
				_t166 = 0;
				_v32 = 0;
				_v8 = 0;
				_v16 = 0;
				if(E01153094( &_v8) != 0 || E01154A34( &_v16) != 0) {
					L47:
					_push(_t166);
					_push(_t166);
					_push(_t166);
					_push(_t166);
					_push(_t166);
					L0115342C();
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t232 = _t234;
					_t235 = _t234 - 0xc;
					_push(_t166);
					_push(_t214);
					_push(_t210);
					_t211 = E01153A85();
					_t167 = L01155C18();
					_v76 = 0;
					_v80 = 0;
					_v84 = 0;
					_t82 = E01153094( &_v76);
					__eflags = _t82;
					if(_t82 != 0) {
						L60:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						L0115342C();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t232);
						_t233 = _t235;
						_t84 =  *0x14efcac; // 0x473d9cf5
						_v124 = _t84 ^ _t233;
						 *0x14f0304 =  *0x14f0304 | 0xffffffff;
						 *0x14f02f4 =  *0x14f02f4 | 0xffffffff;
						_push(_t167);
						_push(0);
						_push(_t211);
						 *0x14f3a38 = 0;
						_t88 = L0115547F(0, _t211, 0x11f8a2c, __eflags,  &_v640,  &_v636, 0x100, 0x11f8a2c);
						__eflags = _t88;
						if(_t88 != 0) {
							__eflags = _t88 - 0x22;
							if(_t88 == 0x22) {
								_t212 = L01153D87(_v532 + _v532);
								__eflags = _t212;
								if(__eflags != 0) {
									_t93 = L0115547F(0, _t212, 0x11f8a2c, __eflags,  &_v536, _t212, _v532, 0x11f8a2c);
									__eflags = _t93;
									if(_t93 == 0) {
										L01155E98(0);
									} else {
										_push(_t212);
										goto L68;
									}
								} else {
									_push(0);
									L68:
									L01155E98();
									_t212 = 0;
								}
							} else {
								_t212 = 0;
							}
						} else {
							_t212 =  &_v528;
						}
						asm("sbb esi, esi");
						_t220 =  ~(_t212 -  &_v528) & _t212;
						__eflags = _t212;
						if(_t212 == 0) {
							L76:
							L48();
						} else {
							__eflags =  *_t212;
							if(__eflags == 0) {
								goto L76;
							} else {
								_push(_t212);
								E011D4A53(__eflags);
							}
						}
						_t96 = L01155E98(_t220);
						__eflags = _v16 ^ _t233;
						return L01152ECD(_t96, 0, _v16 ^ _t233, _t205, _t212, _t220);
					} else {
						_t101 = E01154A34( &_v16);
						__eflags = _t101;
						if(_t101 != 0) {
							goto L60;
						} else {
							_t103 = E01154223( &_v20);
							__eflags = _t103;
							if(_t103 != 0) {
								goto L60;
							} else {
								L01155E98( *0x14f3a34);
								 *0x14f3a34 = 0;
								 *_t235 = 0x14f3a40;
								_t105 = GetTimeZoneInformation(??);
								__eflags = _t105 - 0xffffffff;
								if(_t105 != 0xffffffff) {
									_t206 =  *0x14f3a40 * 0x3c;
									_t186 = 1;
									__eflags =  *0x14f3a86; // 0x0
									_t224 =  *0x14f3a94; // 0x0
									 *0x14f3a38 = 1;
									_v12 = _t206;
									if(__eflags != 0) {
										_t120 = _t224 * 0x3c + _t206;
										__eflags = _t120;
										_v12 = _t120;
									}
									__eflags =  *0x14f3ada;
									if( *0x14f3ada == 0) {
										L57:
										_t109 = 0;
										_t186 = 0;
										__eflags = 0;
									} else {
										_t117 =  *0x14f3ae8; // 0x0
										__eflags = _t117;
										if(_t117 == 0) {
											goto L57;
										} else {
											_t109 = (_t117 - _t224) * 0x3c;
										}
									}
									_v16 = _t186;
									_v20 = _t109;
									L01152F9A(_t211,  *_t167, 0, 0x80);
									__eflags = 0;
									L01152F9A(_t211,  *((intOrPtr*)(_t167 + 4)), 0, 0x80);
									L01152F9A(_t211,  *_t211, 0, 0x40);
									L01152F9A(_t211,  *((intOrPtr*)(_t211 + 4)), 0, 0x40);
									_t227 = E01152E7D(_t206);
									E011D506A(_t167, _t206, _t211, _t114, 0x14f3a44,  *_t167,  *_t211, _t114);
									E011D506A(_t167, _t206, _t211, _t114, 0x14f3a98,  *((intOrPtr*)(_t167 + 4)),  *((intOrPtr*)(_t211 + 4)), _t227);
								}
								 *(E01153161()) = _v12;
								 *(E01153936()) = _v16;
								_t108 = L0115353A();
								 *_t108 = _v20;
								return _t108;
							}
						}
					}
				} else {
					_t123 =  *0x14f3a34; // 0x0
					_t210 = _a4;
					if(_t123 == 0) {
						L11:
						_t188 = _t210;
						_t11 =  &(_t188[1]); // 0x11d5015
						_t207 = _t11;
						do {
							_t124 =  *_t188;
							_t188 =  &(_t188[1]);
						} while (_t124 != _t166);
						_t228 = L01153D87(2 + (_t188 - _t207 >> 1) * 2);
						if(_t228 == 0) {
							L44:
							return L01155E98(_t228);
						}
						L01155E98( *0x14f3a34);
						_t194 = _t210;
						_t205 = _t228;
						_t214 = _t166;
						 *0x14f3a34 = _t228;
						_v24 = _t214;
						_t15 =  &(_t194[1]); // 0x11d5015
						_t169 = _t15;
						do {
							_t129 =  *_t194;
							_t194 =  &(_t194[1]);
						} while (_t129 != _v32);
						_t17 = (_t194 - _t169 >> 1) + 1; // 0x11d5012
						_t131 = L011536E3(_t205, _t17, _t210);
						_t234 = _t234 + 0xc;
						if(_t131 == 0) {
							_t170 = _v12;
							L01152F9A(_t210,  *_t170, _t131, 0x80);
							_t19 = _t170 + 4; // 0xfffffd81
							L01152F9A(_t210,  *_t19, 0, 0x80);
							_t171 = _v28;
							L01152F9A(_t210,  *_t171, 0, 0x40);
							L01152F9A(_t210,  *((intOrPtr*)(_t171 + 4)), 0, 0x40);
							_push(3);
							_push( *_t171);
							_push( *_v12);
							E011D49FB(_t205, _t210);
							_t241 = _t234 + 0x40;
							_t141 = 3;
							do {
								if( *_t210 != 0) {
									_t210 =  &(_t210[1]);
								}
								_t141 = _t141 - 1;
							} while (_t141 != 0);
							_t142 =  *_t210 & 0x0000ffff;
							_v36 = _t142;
							_t199 = 0x2d;
							if(_t142 == _t199) {
								_t210 =  &(_t210[1]);
							}
							_t144 = L01153436(_t199, _t210,  &_v20, 0xa);
							_t242 = _t241 + 0xc;
							_t172 = _t144 * 0xe10;
							_v8 = _t172;
							while(1) {
								_t200 =  *_t210 & 0x0000ffff;
								if(_t200 != 0x2b && _t200 - 0x30 > 9) {
									break;
								}
								_t210 =  &(_t210[1]);
							}
							_t146 = 0x3a;
							__eflags = _t200 - _t146;
							if(_t200 != _t146) {
								L39:
								_t147 = 0x2d;
								__eflags = _v36 - _t147;
								if(_v36 == _t147) {
									_t172 =  ~_t172;
									_v8 = _t172;
								}
								_t201 =  *_t210 & 0x0000ffff;
								__eflags = _t201;
								_v16 = 0 | _t201 != 0x00000000;
								__eflags = _t201;
								if(_t201 != 0) {
									_push(3);
									_push( *((intOrPtr*)(_v28 + 4)));
									_push( *((intOrPtr*)(_v12 + 4)));
									E011D49FB(_t205, _t210);
									_t172 = _v8;
								}
								 *(E01153161()) = _t172;
								 *(E01153936()) = _v16;
								goto L44;
							}
							_t210 =  &(_t210[1]);
							_t156 = L01153436(_t200, _t210,  &_v20, 0xa);
							_t242 = _t242 + 0xc;
							_t202 = 0x30;
							_t172 = _v8 + _t156 * 0x3c;
							_v32 = _t202;
							_t158 =  *_t210 & 0x0000ffff;
							_v8 = _t172;
							_t205 = _t158;
							__eflags = _t158 - _t202;
							if(_t158 < _t202) {
								L33:
								_t159 = 0x3a;
								__eflags = _t205 - _t159;
								if(_t205 != _t159) {
									goto L39;
								}
								_t210 =  &(_t210[1]);
								_t161 = L01153436(_t202, _t210,  &_v20, 0xa);
								_t242 = _t242 + 0xc;
								_t172 = _v8 + _t161;
								_t162 =  *_t210 & 0x0000ffff;
								_v8 = _t172;
								_t205 = 0x30;
								__eflags = _t162 - _t205;
								if(_t162 < _t205) {
									goto L39;
								}
								_t203 = _t162;
								_t229 = 0x39;
								while(1) {
									__eflags = _t203 - _t229;
									if(_t203 > _t229) {
										break;
									}
									_t210 =  &(_t210[1]);
									_t163 =  *_t210 & 0x0000ffff;
									_t203 = _t163;
									__eflags = _t163 - _t205;
									if(_t163 >= _t205) {
										continue;
									}
									break;
								}
								_t228 = _v24;
								goto L39;
							}
							_t202 = _t158;
							_t230 = 0x39;
							while(1) {
								_t205 = _t202 & 0x0000ffff;
								__eflags = _t202 - _t230;
								if(_t202 > _t230) {
									break;
								}
								_t210 =  &(_t210[1]);
								_t164 =  *_t210 & 0x0000ffff;
								_t202 = _t164;
								_t205 = _t164;
								__eflags = _t164 - _v32;
								if(_t164 >= _v32) {
									continue;
								}
								break;
							}
							_t228 = _v24;
							goto L33;
						}
						_t166 = 0;
						__eflags = 0;
						goto L47;
					} else {
						_t204 = _t210;
						while(1) {
							_t208 =  *_t204;
							if(_t208 !=  *_t123) {
								break;
							}
							if(_t208 == 0) {
								L8:
								_t165 = _t166;
							} else {
								_t9 =  &(_t204[1]); // 0xfd81e805
								_t209 =  *_t9;
								if(_t209 !=  *((intOrPtr*)(_t123 + 2))) {
									break;
								} else {
									_t204 =  &(_t204[2]);
									_t123 = _t123 + 4;
									if(_t209 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t165 == 0) {
								return _t165;
							} else {
								goto L11;
							}
							goto L78;
						}
						asm("sbb eax, eax");
						_t165 = _t123 | 0x00000001;
						__eflags = _t165;
						goto L10;
					}
				}
				L78:
			}






















































































          0x011d4a63
          0x011d4a6b
          0x011d4a6e
          0x011d4a73
          0x011d4a77
          0x011d4a7a
          0x011d4a85
          0x011d4ce9
          0x011d4ce9
          0x011d4cea
          0x011d4ceb
          0x011d4cec
          0x011d4ced
          0x011d4cee
          0x011d4cf3
          0x011d4cf4
          0x011d4cf5
          0x011d4cf6
          0x011d4cf7
          0x011d4cf8
          0x011d4cf9
          0x011d4cfa
          0x011d4cfb
          0x011d4cfc
          0x011d4cfd
          0x011d4cfe
          0x011d4cff
          0x011d4d00
          0x011d4d01
          0x011d4d02
          0x011d4d03
          0x011d4d04
          0x011d4d05
          0x011d4d06
          0x011d4d07
          0x011d4d08
          0x011d4d09
          0x011d4d0a
          0x011d4d0b
          0x011d4d0c
          0x011d4d0d
          0x011d4d0e
          0x011d4d0f
          0x011d4d10
          0x011d4d11
          0x011d4d12
          0x011d4d13
          0x011d4d14
          0x011d4d15
          0x011d4d16
          0x011d4d17
          0x011d4d18
          0x011d4d19
          0x011d4d1a
          0x011d4d1b
          0x011d4d1c
          0x011d4d1d
          0x011d4d1e
          0x011d4d1f
          0x011d4d20
          0x011d4d21
          0x011d4d22
          0x011d4d23
          0x011d4d24
          0x011d4d25
          0x011d4d26
          0x011d4d27
          0x011d4d28
          0x011d4d29
          0x011d4d2a
          0x011d4d2b
          0x011d4d2c
          0x011d4d2d
          0x011d4d2e
          0x011d4d2f
          0x011d4d30
          0x011d4d31
          0x011d4d32
          0x011d4d33
          0x011d4d34
          0x011d4d35
          0x011d4d36
          0x011d4d37
          0x011d4d38
          0x011d4d39
          0x011d4d3a
          0x011d4d3b
          0x011d4d3c
          0x011d4d3d
          0x011d4d3e
          0x011d4d3f
          0x011d4d40
          0x011d4d41
          0x011d4d42
          0x011d4d43
          0x011d4d44
          0x011d4d45
          0x011d4d46
          0x011d4d47
          0x011d4d48
          0x011d4d49
          0x011d4d4a
          0x011d4d4b
          0x011d4d4c
          0x011d4d4d
          0x011d4d4e
          0x011d4d4f
          0x011d4d50
          0x011d4d51
          0x011d4d52
          0x011d4d53
          0x011d4d54
          0x011d4d55
          0x011d4d56
          0x011d4d57
          0x011d4d58
          0x011d4d59
          0x011d4d5a
          0x011d4d5b
          0x011d4d5c
          0x011d4d5d
          0x011d4d5e
          0x011d4d5f
          0x011d4d60
          0x011d4d61
          0x011d4d62
          0x011d4d63
          0x011d4d64
          0x011d4d65
          0x011d4d66
          0x011d4d67
          0x011d4d68
          0x011d4d69
          0x011d4d6a
          0x011d4d6b
          0x011d4d6c
          0x011d4d6d
          0x011d4d6e
          0x011d4d6f
          0x011d4d70
          0x011d4d71
          0x011d4d72
          0x011d4d73
          0x011d4d74
          0x011d4d75
          0x011d4d76
          0x011d4d77
          0x011d4d78
          0x011d4d79
          0x011d4d7a
          0x011d4d7b
          0x011d4d7c
          0x011d4d7d
          0x011d4d7e
          0x011d4d7f
          0x011d4d80
          0x011d4d81
          0x011d4d82
          0x011d4d83
          0x011d4d84
          0x011d4d85
          0x011d4d86
          0x011d4d87
          0x011d4d88
          0x011d4d89
          0x011d4d8a
          0x011d4d8b
          0x011d4d8c
          0x011d4d8d
          0x011d4d8e
          0x011d4d8f
          0x011d4d90
          0x011d4d91
          0x011d4d92
          0x011d4d93
          0x011d4d94
          0x011d4d95
          0x011d4d96
          0x011d4d97
          0x011d4d98
          0x011d4d99
          0x011d4d9a
          0x011d4d9b
          0x011d4d9f
          0x011d4da1
          0x011d4da4
          0x011d4da5
          0x011d4da6
          0x011d4dac
          0x011d4db3
          0x011d4dba
          0x011d4dbe
          0x011d4dc1
          0x011d4dc4
          0x011d4dca
          0x011d4dcc
          0x011d4eeb
          0x011d4eeb
          0x011d4eec
          0x011d4eed
          0x011d4eee
          0x011d4eef
          0x011d4ef0
          0x011d4ef5
          0x011d4ef6
          0x011d4ef7
          0x011d4ef8
          0x011d4ef9
          0x011d4efa
          0x011d4efb
          0x011d4efc
          0x011d4efd
          0x011d4efe
          0x011d4eff
          0x011d4f00
          0x011d4f01
          0x011d4f02
          0x011d4f03
          0x011d4f04
          0x011d4f05
          0x011d4f06
          0x011d4f07
          0x011d4f08
          0x011d4f09
          0x011d4f0a
          0x011d4f0b
          0x011d4f0c
          0x011d4f0d
          0x011d4f0e
          0x011d4f0f
          0x011d4f10
          0x011d4f11
          0x011d4f12
          0x011d4f13
          0x011d4f14
          0x011d4f15
          0x011d4f16
          0x011d4f17
          0x011d4f18
          0x011d4f19
          0x011d4f1a
          0x011d4f1b
          0x011d4f1c
          0x011d4f1d
          0x011d4f1e
          0x011d4f1f
          0x011d4f20
          0x011d4f21
          0x011d4f22
          0x011d4f23
          0x011d4f24
          0x011d4f25
          0x011d4f26
          0x011d4f27
          0x011d4f28
          0x011d4f29
          0x011d4f2a
          0x011d4f2b
          0x011d4f2c
          0x011d4f2d
          0x011d4f2e
          0x011d4f2f
          0x011d4f30
          0x011d4f31
          0x011d4f32
          0x011d4f33
          0x011d4f34
          0x011d4f35
          0x011d4f36
          0x011d4f37
          0x011d4f38
          0x011d4f39
          0x011d4f3a
          0x011d4f3b
          0x011d4f3c
          0x011d4f3d
          0x011d4f3e
          0x011d4f3f
          0x011d4f40
          0x011d4f41
          0x011d4f42
          0x011d4f43
          0x011d4f44
          0x011d4f45
          0x011d4f46
          0x011d4f47
          0x011d4f48
          0x011d4f49
          0x011d4f4a
          0x011d4f4b
          0x011d4f4e
          0x011d4f4f
          0x011d4f57
          0x011d4f5e
          0x011d4f61
          0x011d4f6e
          0x011d4f75
          0x011d4f76
          0x011d4f77
          0x011d4f8c
          0x011d4f93
          0x011d4f9b
          0x011d4f9d
          0x011d4fa7
          0x011d4faa
          0x011d4fbe
          0x011d4fc1
          0x011d4fc3
          0x011d4fde
          0x011d4fe6
          0x011d4fe8
          0x011d4fee
          0x011d4fea
          0x011d4fea
          0x00000000
          0x011d4fea
          0x011d4fc5
          0x011d4fc5
          0x011d4fc6
          0x011d4fc6
          0x011d4fcb
          0x011d4fcb
          0x011d4fac
          0x011d4fac
          0x011d4fac
          0x011d4f9f
          0x011d4f9f
          0x011d4f9f
          0x011d5000
          0x011d5002
          0x011d5004
          0x011d5006
          0x011d5016
          0x011d5016
          0x011d5008
          0x011d5008
          0x011d500b
          0x00000000
          0x011d500d
          0x011d500d
          0x011d500e
          0x011d5013
          0x011d500b
          0x011d501c
          0x011d5027
          0x011d5030
          0x011d4dd2
          0x011d4dd6
          0x011d4ddc
          0x011d4dde
          0x00000000
          0x011d4de4
          0x011d4de8
          0x011d4dee
          0x011d4df0
          0x00000000
          0x011d4df6
          0x011d4dfc
          0x011d4e01
          0x011d4e07
          0x011d4e0e
          0x011d4e14
          0x011d4e17
          0x011d4e1d
          0x011d4e26
          0x011d4e27
          0x011d4e2e
          0x011d4e34
          0x011d4e3a
          0x011d4e3d
          0x011d4e42
          0x011d4e42
          0x011d4e44
          0x011d4e44
          0x011d4e47
          0x011d4e4f
          0x011d4e61
          0x011d4e61
          0x011d4e63
          0x011d4e63
          0x011d4e51
          0x011d4e51
          0x011d4e56
          0x011d4e58
          0x00000000
          0x011d4e5a
          0x011d4e5c
          0x011d4e5c
          0x011d4e58
          0x011d4e6a
          0x011d4e6e
          0x011d4e75
          0x011d4e7b
          0x011d4e81
          0x011d4e8b
          0x011d4e96
          0x011d4ea0
          0x011d4eac
          0x011d4ec0
          0x011d4ec5
          0x011d4ed0
          0x011d4eda
          0x011d4edf
          0x011d4ee5
          0x011d4eea
          0x011d4eea
          0x011d4df0
          0x011d4dde
          0x011d4a9d
          0x011d4a9d
          0x011d4aa2
          0x011d4aa7
          0x011d4ade
          0x011d4ade
          0x011d4ae0
          0x011d4ae0
          0x011d4ae3
          0x011d4ae3
          0x011d4ae6
          0x011d4ae9
          0x011d4aff
          0x011d4b04
          0x011d4cdb
          0x00000000
          0x011d4ce1
          0x011d4b10
          0x011d4b16
          0x011d4b18
          0x011d4b1a
          0x011d4b1c
          0x011d4b22
          0x011d4b25
          0x011d4b25
          0x011d4b28
          0x011d4b28
          0x011d4b2b
          0x011d4b2e
          0x011d4b39
          0x011d4b3e
          0x011d4b43
          0x011d4b48
          0x011d4b4e
          0x011d4b59
          0x011d4b66
          0x011d4b69
          0x011d4b6e
          0x011d4b78
          0x011d4b85
          0x011d4b8d
          0x011d4b8f
          0x011d4b91
          0x011d4b94
          0x011d4b99
          0x011d4ba0
          0x011d4ba1
          0x011d4ba4
          0x011d4ba6
          0x011d4ba6
          0x011d4ba9
          0x011d4ba9
          0x011d4bae
          0x011d4bb5
          0x011d4bb8
          0x011d4bbc
          0x011d4bbe
          0x011d4bbe
          0x011d4bc8
          0x011d4bcd
          0x011d4bd0
          0x011d4bd6
          0x011d4bd9
          0x011d4bd9
          0x011d4bdf
          0x00000000
          0x00000000
          0x011d4bea
          0x011d4bea
          0x011d4bf1
          0x011d4bf2
          0x011d4bf5
          0x011d4c8f
          0x011d4c91
          0x011d4c92
          0x011d4c96
          0x011d4c98
          0x011d4c9a
          0x011d4c9a
          0x011d4c9d
          0x011d4ca2
          0x011d4ca8
          0x011d4cab
          0x011d4cae
          0x011d4cb3
          0x011d4cb5
          0x011d4cbb
          0x011d4cbf
          0x011d4cc4
          0x011d4cc7
          0x011d4ccf
          0x011d4cd9
          0x00000000
          0x011d4cd9
          0x011d4c00
          0x011d4c05
          0x011d4c0d
          0x011d4c15
          0x011d4c16
          0x011d4c18
          0x011d4c1b
          0x011d4c1e
          0x011d4c21
          0x011d4c23
          0x011d4c26
          0x011d4c48
          0x011d4c4a
          0x011d4c4b
          0x011d4c4e
          0x00000000
          0x00000000
          0x011d4c55
          0x011d4c5a
          0x011d4c62
          0x011d4c65
          0x011d4c67
          0x011d4c6a
          0x011d4c6f
          0x011d4c70
          0x011d4c73
          0x00000000
          0x00000000
          0x011d4c77
          0x011d4c79
          0x011d4c7a
          0x011d4c7a
          0x011d4c7d
          0x00000000
          0x00000000
          0x011d4c7f
          0x011d4c82
          0x011d4c85
          0x011d4c87
          0x011d4c8a
          0x00000000
          0x00000000
          0x00000000
          0x011d4c8a
          0x011d4c8c
          0x00000000
          0x011d4c8c
          0x011d4c2a
          0x011d4c2c
          0x011d4c2d
          0x011d4c2d
          0x011d4c30
          0x011d4c33
          0x00000000
          0x00000000
          0x011d4c35
          0x011d4c38
          0x011d4c3b
          0x011d4c3d
          0x011d4c3f
          0x011d4c43
          0x00000000
          0x00000000
          0x00000000
          0x011d4c43
          0x011d4c45
          0x00000000
          0x011d4c45
          0x011d4ce7
          0x011d4ce7
          0x00000000
          0x011d4aa9
          0x011d4aa9
          0x011d4aab
          0x011d4aab
          0x011d4ab1
          0x00000000
          0x00000000
          0x011d4ab6
          0x011d4acd
          0x011d4acd
          0x011d4ab8
          0x011d4ab8
          0x011d4ab8
          0x011d4ac0
          0x00000000
          0x011d4ac2
          0x011d4ac2
          0x011d4ac5
          0x011d4acb
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011d4acb
          0x011d4ac0
          0x011d4ad6
          0x011d4ad8
          0x011d4ce6
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011d4ad8
          0x011d4ad1
          0x011d4ad3
          0x011d4ad3
          0x00000000
          0x011d4ad3
          0x011d4aa7
          0x00000000

          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 908c6749c44a33ba0b14b1834b253340a966d0666f705d26da3910ada5bdcbc7
          • Instruction ID: 80879275f14819ad1665070d4822d03708c154849fc85026676bd1b5144d00ea
          • Opcode Fuzzy Hash: 908c6749c44a33ba0b14b1834b253340a966d0666f705d26da3910ada5bdcbc7
          • Instruction Fuzzy Hash: 8BA15B72E00216EBDB2CAF79DC41A6EBBB9FF14314F14406AE925E7A50E7308D00CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011513AC Relevance: 1.9, Strings: 1, Instructions: 661COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 86%
          			E011513AC(signed int* _a4, signed int* _a8, signed int _a12, signed int* _a16, signed int _a20) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v17;
				signed int _v24;
				char* _v28;
				char _v29;
				signed int _v36;
				signed int _v40;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				char _v88;
				signed int _v92;
				char _v96;
				signed int _v100;
				char _v104;
				signed int _v108;
				char _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				char* _v128;
				char _v136;
				signed int _t271;
				void* _t272;
				signed int* _t275;
				signed int _t282;
				signed int _t284;
				signed char _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int* _t297;
				char* _t298;
				char** _t299;
				char* _t303;
				signed int* _t304;
				signed int _t305;
				unsigned int _t306;
				signed char _t308;
				intOrPtr* _t317;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				unsigned int _t329;
				signed char _t331;
				intOrPtr* _t332;
				signed int* _t333;
				signed int* _t335;
				signed int _t337;
				signed int _t341;
				signed int _t345;
				signed int _t353;
				intOrPtr* _t376;
				signed int _t378;
				signed int _t379;
				signed int _t380;
				signed int _t391;
				signed int _t395;
				intOrPtr* _t398;
				intOrPtr* _t403;
				intOrPtr* _t407;
				unsigned int _t413;
				signed char _t415;
				char _t416;
				signed char _t424;
				char* _t427;
				signed int _t428;
				void* _t429;
				signed int _t441;
				signed int* _t451;
				signed int _t462;
				signed int _t463;
				signed int _t465;
				signed int _t467;
				signed int _t476;
				signed int _t481;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t533;
				signed int* _t534;
				signed int* _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				char* _t539;
				signed int* _t540;
				signed int _t541;
				signed int* _t542;
				signed int _t543;
				signed int _t544;
				signed int _t545;
				void* _t546;

				_t271 =  *0x14f28c4; // 0x0
				_t531 = 0;
				_t272 =  *_t271;
				_v29 = 0;
				if(_t272 == 0) {
					__eflags = _a20;
					if(_a20 != 0) {
						L129:
						_push(1);
						goto L130;
					}
					_t540 = _a8;
					__eflags =  *_t540;
					if( *_t540 == 0) {
						_t275 = _a16;
						__eflags =  *_t275;
						if( *_t275 == 0) {
							goto L129;
						}
						_push(_t275);
						L126:
						_push(1);
						_push(_a4);
						E0115128A(_t429);
						goto L131;
					}
					__eflags = _t540[1] & 0x00000100;
					if((_t540[1] & 0x00000100) != 0) {
						L125:
						_push(_t540);
						goto L126;
					}
					_t535 = _a16;
					__eflags =  *_t535;
					if( *_t535 == 0) {
						goto L125;
					}
					L01154F52(L01151794( &_v48, 1),  &_v80, _t535);
					L01154F52(L01153102( &_v80,  &_v88, 0x20), _a4, _t540);
					goto L131;
				} else {
					if(_t272 != 0x24) {
						L7:
						_t282 =  *0x14f28c4; // 0x0
						_t541 = _t531;
						_v68 = _t531;
						_t536 = _t531;
						_v56 = _t541;
						_v52 = _t536;
						__eflags =  *_t282 - 0x41;
						_v5 = _t531;
						_v17 = _t531;
						_t424 =  *_t282 - ((0 |  *_t282 - 0x00000041 < 0x00000000) - 0x00000001 & 0x0000002b) + 0x16;
						__eflags = _t424;
						_t441 = _t531;
						_v72 = _t441;
						while(1) {
							_t284 = _t424 - 4;
							__eflags = _t284;
							if(_t284 == 0) {
								goto L26;
							}
							_t305 = _t284 - 1;
							__eflags = _t305;
							if(_t305 == 0) {
								_t306 =  *0x14f28cc; // 0x0
								_t308 =  !(_t306 >> 1);
								__eflags = _t308 & 0x00000001;
								if((_t308 & 0x00000001) != 0) {
									_push(0xe);
									__eflags = _t441;
									if(_t441 == 0) {
										_v120 = L01152B76();
										_v116 = _t531;
										L011521D5( &_v72,  &_v120);
									} else {
										_v112 = L01152B76();
										_v16 = _v72;
										_v108 = _t531;
										_v12 = _v68;
										L01153A7B( &_v16, 0x20);
										_t317 = L01154D31( &_v16,  &_v88,  &_v112);
										_v72 =  *_t317;
										_v68 =  *((intOrPtr*)(_t317 + 4));
									}
								}
								L31:
								_t289 = _v5;
								L32:
								_v5 = _t289;
								_t290 =  *0x14f28c4; // 0x0
								_t291 = _t290 + 1;
								 *0x14f28c4 = _t291;
								__eflags =  *_t291 - 0x24;
								if( *_t291 != 0x24) {
									L34:
									_t292 =  *0x14f28c4; // 0x0
									__eflags =  *_t292 - 0x41;
									_t424 =  *_t292 - ((0 |  *_t292 - 0x00000041 < 0x00000000) - 0x00000001 & 0x0000002b) + 0x16;
									_t441 = _v72;
									continue;
								}
								L01152FF9( &_v80,  &_a12,  &_v29, _a20);
								_t528 = _v80;
								_t546 = _t546 + 0x10;
								__eflags = _t528;
								if(_t528 != 0) {
									_t297 = _a4;
									 *_t297 = _t528;
									_t529 = _v76;
									L5:
									_t297[1] = _t529;
									return _t297;
								}
								goto L34;
							}
							_t319 = _t305 - 1;
							__eflags = _t319;
							if(_t319 == 0) {
								__eflags = _a20;
								if(_a20 == 0) {
									L118:
									_push(2);
									L130:
									L01151794(_a4);
									L131:
									return _a4;
								} else {
									_t289 = 1;
									goto L32;
								}
							}
							_t320 = _t319 - 1;
							__eflags = _t320;
							if(_t320 == 0) {
								__eflags = _a20;
								if(_a20 == 0) {
									goto L118;
								} else {
									_v17 = 1;
									goto L31;
								}
							}
							__eflags = _t320 != 1;
							if(_t320 != 1) {
								_t322 =  *0x14f28c4; // 0x0
								__eflags =  *_t322;
								if( *_t322 != 0) {
									 *0x14f28c4 =  *0x14f28c4 + 1;
									__eflags =  *0x14f28c4;
								}
								__eflags = _t424 - 0x1f;
								if(_t424 > 0x1f) {
									goto L118;
								} else {
									_t323 = _a12;
									_t537 =  *(0x11f3d84 + _t323 * 8);
									_v28 =  *((intOrPtr*)(0x11f3d80 + _t323 * 8));
									_v24 = _t537;
									L01152B8A( &_v16,  &_v28);
									_v40 = _v40 & 0x00000000;
									_v36 = _v36 & 0x00000000;
									L01152D1A( &_v40,  &_v16);
									_t328 = _v40;
									_t462 = _v36;
									_v16 = _t328;
									_v12 = _t462;
									__eflags = _t541;
									if(_t541 != 0) {
										_v40 = _t328;
										_v36 = _t462;
										__eflags = _t462 - 1;
										if(_t462 <= 1) {
											__eflags = _t328;
											if(_t328 != 0) {
												_t545 = L01154E49(0x14f28e0, 8);
												__eflags = _t545;
												if(_t545 == 0) {
													_t545 = 0;
													__eflags = 0;
												} else {
													L0115179E(_t545);
													 *_t545 = 0x11f4a5c;
													 *((char*)(_t545 + 4)) = 0x20;
												}
												L011552D1( &_v40, _t545);
											} else {
												_v40 = _v40 & _t328;
												_v36 = _v36 & _t328;
												L011541BF( &_v40, 0x20);
											}
										}
										_t407 = L01154F52( &_v40,  &_v48,  &_v56);
										_v16 =  *_t407;
										_v12 =  *((intOrPtr*)(_t407 + 4));
									}
									_t463 = _v72;
									__eflags = _t463;
									if(_t463 != 0) {
										_v64 = _t463;
										_v60 = _v68;
										L01153A7B( &_v64, 0x20);
										_t403 = L01154F52( &_v64,  &_v48,  &_v16);
										_v16 =  *_t403;
										_v12 =  *((intOrPtr*)(_t403 + 4));
									}
									__eflags = _t424 & 0x00000010;
									if((_t424 & 0x00000010) == 0) {
										L64:
										_t329 =  *0x14f28cc; // 0x0
										_t465 = _t424 & 0x0000000c;
										_t331 =  !(_t329 >> 1);
										__eflags = _t331 & 0x00000001;
										if((_t331 & 0x00000001) == 0) {
											__eflags = _t465 - 0xc;
											if(__eflags == 0) {
												L01156438( &_v16, L01154D6D(_t531, __eflags,  &_v48));
											}
											L70:
											__eflags = _t424 & 0x00000002;
											if((_t424 & 0x00000002) != 0) {
												_v28 = "volatile ";
												_v24 = 9;
												L01154F52(L01152B8A( &_v48,  &_v28),  &_v28,  &_v16);
												_v16 = _v28;
												_v12 = _v24;
											}
											__eflags = _t424 & 0x00000001;
											if((_t424 & 0x00000001) != 0) {
												_v28 = "const ";
												_v24 = 6;
												L01154F52(L01152B8A( &_v48,  &_v28),  &_v28,  &_v16);
												_v16 = _v28;
												_v12 = _v24;
											}
											__eflags = _v5;
											if(_v5 != 0) {
												_t481 = _v12;
												_t539 = "& ";
												_t353 = _v16;
												_v28 = _t539;
												_v40 = _t353;
												_v36 = _t481;
												_t428 = 2;
												_v24 = _t428;
												__eflags = _t481 - 1;
												if(_t481 <= 1) {
													__eflags = _t353;
													if(_t353 != 0) {
														_t544 = L01154E49(0x14f28e0, 0xc);
														__eflags = _t544;
														if(_t544 == 0) {
															_t544 = 0;
															__eflags = 0;
														} else {
															L0115179E(_t544);
															 *_t544 = 0x11f4a74;
															 *((intOrPtr*)(_t544 + 4)) = _t539;
															 *((intOrPtr*)(_t544 + 8)) = _t428;
														}
														L01152F04( &_v40, _t544);
													} else {
														L011521D5( &_v40,  &_v28);
													}
												}
												_v16 = _v40;
												_v12 = _v36;
											}
											__eflags = _v17;
											_t538 = 3;
											if(_v17 != 0) {
												_t476 = _v12;
												_t427 = "&& ";
												_t345 = _v16;
												_v28 = _t427;
												_v24 = _t538;
												_v40 = _t345;
												_v36 = _t476;
												__eflags = _t476 - 1;
												if(_t476 <= 1) {
													__eflags = _t345;
													if(_t345 != 0) {
														_t543 = L01154E49(0x14f28e0, 0xc);
														__eflags = _t543;
														if(_t543 == 0) {
															_t543 = 0;
															__eflags = 0;
														} else {
															L0115179E(_t543);
															 *_t543 = 0x11f4a74;
															 *(_t543 + 4) = _t427;
															 *((intOrPtr*)(_t543 + 8)) = _t538;
														}
														L01152F04( &_v40, _t543);
													} else {
														L011521D5( &_v40,  &_v28);
													}
												}
												_v16 = _v40;
												_v12 = _v36;
											}
											__eflags = _a20;
											if(_a20 != 0) {
												L115:
												_t533 = _v12 | 0x00000100;
												__eflags = _v29;
												if(_v29 != 0) {
													_t533 = _t533 | 0x00002000;
													__eflags = _t533;
												}
												_t332 = _a4;
												 *_t332 = _v16;
												 *(_t332 + 4) = _t533;
												return _t332;
											} else {
												_t542 = _a8;
												_t467 =  *_t542;
												__eflags = _t467;
												if(_t467 == 0) {
													_t333 = _a16;
													__eflags =  *_t333;
													if( *_t333 == 0) {
														goto L115;
													}
													_push(_t333);
													L101:
													_push(0x20);
													_push( &_v48);
													_t335 = L01152CE8(_t467);
													L102:
													__eflags = _v12 - 1;
													if(_v12 > 1) {
														goto L115;
													}
													__eflags = _v16;
													_t467 =  *_t335;
													if(_v16 != 0) {
														__eflags = _t467;
														if(_t467 != 0) {
															L011512A8( &_v16, _t467);
															goto L115;
														}
														_t337 = _t335[1];
														__eflags = _t337;
														if(_t337 == 0) {
															goto L115;
														}
														__eflags = _t337 - 2;
														if(_t337 == 2) {
															L106:
															L01152CED( &_v16, _t337);
															goto L115;
														}
														__eflags = _t337 - _t538;
														if(_t337 == _t538) {
															goto L106;
														}
														L01155272( &_v16, L01154570(_t337));
														goto L115;
													}
													__eflags = _t467;
													if(_t467 != 0) {
														_t341 = _t335[1];
														L108:
														_v16 = _t467;
														_v12 = _t341;
														goto L115;
													}
													_t337 = _t335[1];
													goto L106;
												}
												_t341 = _t542[1];
												__eflags = 0x00000100 & _t341;
												if((0x00000100 & _t341) != 0) {
													L97:
													__eflags = _t341 & 0x00000800;
													if((_t341 & 0x00000800) != 0) {
														goto L108;
													}
													_push(_t542);
													goto L101;
												}
												_t534 = _a16;
												__eflags =  *_t534;
												if( *_t534 == 0) {
													goto L97;
												}
												_t335 = L01154F52(L01153102(L01152CE8(_t467,  &_v48, 0x20, _t534),  &_v88, 0x20),  &_v136, _t542);
												goto L102;
											}
										}
										__eflags = _t465 - 0xc;
										if(_t465 != 0xc) {
											goto L70;
										}
										__eflags = _a20;
										if(__eflags != 0) {
											goto L118;
										}
										_t376 = L01154F52(L01154D6D(_t531, __eflags,  &_v48),  &_v88,  &_v16);
										_v16 =  *_t376;
										_v12 =  *((intOrPtr*)(_t376 + 4));
										goto L70;
									} else {
										__eflags = _a20;
										if(_a20 != 0) {
											goto L118;
										}
										__eflags = _t537;
										if(_t537 <= 0) {
											_t378 =  *0x14f28c4; // 0x0
											__eflags =  *_t378;
											if( *_t378 != 0) {
												L01156438( &_v16, L011537D8(_t531,  &_v48));
											}
										} else {
											_v28 = "::";
											_v24 = 2;
											L01154F52(L01152B8A( &_v48,  &_v28),  &_v28,  &_v16);
											_v16 = _v28;
											_v12 = _v24;
											_t391 =  *0x14f28c4; // 0x0
											__eflags =  *_t391;
											if( *_t391 == 0) {
												L01154F52(L01151794( &_v48, 1),  &_v28,  &_v16);
												_v16 = _v28;
												_t395 = _v24;
											} else {
												_t398 = L01154F52(L011537D8(_t531,  &_v48),  &_v88,  &_v16);
												_t395 =  *((intOrPtr*)(_t398 + 4));
												_v16 =  *_t398;
											}
											_v12 = _t395;
										}
										_t379 =  *0x14f28c4; // 0x0
										_t380 =  *_t379;
										__eflags = _t380;
										if(_t380 != 0) {
											 *0x14f28c4 =  *0x14f28c4 + 1;
											__eflags = _t380 - 0x40;
											if(_t380 != 0x40) {
												goto L118;
											}
										} else {
											__eflags = _v12 - 1;
											if(_v12 <= 1) {
												__eflags = _v16;
												if(_v16 == 0) {
													L01152CED( &_v16, 1);
												} else {
													L01155272( &_v16, 0x11f4c18);
												}
											}
										}
										goto L64;
									}
								}
							}
							_t413 =  *0x14f28cc; // 0x0
							_t415 =  !(_t413 >> 1);
							__eflags = _t415 & 0x00000001;
							if((_t415 & 0x00000001) == 0) {
								goto L31;
							}
							_t416 = L01152B76(0xd);
							__eflags = _t541;
							if(_t541 == 0) {
								_v104 = _t416;
								_t299 =  &_v104;
								_v100 = _t531;
								L30:
								L011521D5( &_v56, _t299);
								_t541 = _v56;
								_t536 = _v52;
							} else {
								_v96 = _t416;
								_v92 = _t531;
								_v40 = _t541;
								_v36 = _t536;
								L01153A7B( &_v40, 0x20);
								_push( &_v96);
								_t303 =  &_v136;
								_t451 =  &_v40;
								L16:
								_push(_t303);
								_t304 = L01154D31(_t451);
								_t541 =  *_t304;
								_t536 = _t304[1];
								_v56 = _t541;
								_v52 = _t536;
							}
							goto L31;
							L26:
							_t288 =  !(( *0x14f28ce & 0x0000ffff |  *0x14f28cc) >> 1);
							__eflags = _t288 & 0x00000001;
							if((_t288 & 0x00000001) == 0) {
								goto L31;
							}
							_t298 = L01152B76(0xc);
							__eflags = _t541;
							if(_t541 == 0) {
								_v28 = _t298;
								_t299 =  &_v28;
								_v24 = _t531;
								goto L30;
							}
							_v128 = _t298;
							_v124 = _t531;
							_v64 = _t541;
							_v60 = _t536;
							L01153A7B( &_v64, 0x20);
							_push( &_v128);
							_t303 =  &_v48;
							_t451 =  &_v64;
							goto L16;
						}
					}
					L01152FF9( &_v64,  &_a12,  &_v29, _a20);
					_t530 = _v64;
					_t546 = _t546 + 0x10;
					if(_t530 == 0) {
						_t531 = 0;
						__eflags = 0;
						goto L7;
					} else {
						_t297 = _a4;
						 *_t297 = _t530;
						_t529 = _v60;
						goto L5;
					}
				}
			}












































































































          0x01192f37
          0x01192f3c
          0x01192f41
          0x01192f43
          0x01192f48
          0x01193652
          0x01193655
          0x011936b9
          0x011936b9
          0x00000000
          0x011936b9
          0x01193657
          0x0119365a
          0x0119365c
          0x011936af
          0x011936b2
          0x011936b4
          0x00000000
          0x00000000
          0x011936b6
          0x011936a0
          0x011936a0
          0x011936a2
          0x011936a5
          0x00000000
          0x011936aa
          0x0119365e
          0x01193665
          0x0119369f
          0x0119369f
          0x00000000
          0x0119369f
          0x01193667
          0x0119366a
          0x0119366c
          0x00000000
          0x00000000
          0x0119367f
          0x01193698
          0x00000000
          0x01192f4e
          0x01192f50
          0x01192f82
          0x01192f82
          0x01192f89
          0x01192f8b
          0x01192f8e
          0x01192f90
          0x01192f93
          0x01192f96
          0x01192f9f
          0x01192fa3
          0x01192fac
          0x01192fac
          0x01192fae
          0x01192fb0
          0x01192fb3
          0x01192fb5
          0x01192fb5
          0x01192fb8
          0x00000000
          0x00000000
          0x01192fbe
          0x01192fbe
          0x01192fc1
          0x01193066
          0x0119306d
          0x0119306f
          0x01193071
          0x01193077
          0x01193079
          0x0119307b
          0x011930c2
          0x011930cb
          0x011930cf
          0x0119307d
          0x01193086
          0x0119308c
          0x01193094
          0x01193097
          0x0119309a
          0x011930aa
          0x011930b4
          0x011930b7
          0x011930b7
          0x0119307b
          0x01193134
          0x01193134
          0x01193137
          0x0119313a
          0x0119313d
          0x01193142
          0x01193146
          0x0119314b
          0x0119314e
          0x01193172
          0x01193172
          0x01193179
          0x01193189
          0x0119318b
          0x00000000
          0x0119318b
          0x0119315f
          0x01193164
          0x01193167
          0x0119316a
          0x0119316c
          0x01193645
          0x01193648
          0x0119364a
          0x01192f78
          0x01192f78
          0x00000000
          0x01192f78
          0x00000000
          0x0119316c
          0x01192fc7
          0x01192fc7
          0x01192fca
          0x01193055
          0x01193059
          0x01193641
          0x01193641
          0x011936bb
          0x011936be
          0x011936c3
          0x00000000
          0x0119305f
          0x0119305f
          0x00000000
          0x0119305f
          0x01193059
          0x01192fd0
          0x01192fd0
          0x01192fd3
          0x01193042
          0x01193046
          0x00000000
          0x0119304c
          0x0119304c
          0x00000000
          0x0119304c
          0x01193046
          0x01192fd5
          0x01192fd8
          0x01193193
          0x01193198
          0x0119319b
          0x0119319d
          0x0119319d
          0x0119319d
          0x011931a3
          0x011931a6
          0x00000000
          0x011931ac
          0x011931ac
          0x011931b6
          0x011931c0
          0x011931c7
          0x011931ca
          0x011931cf
          0x011931d6
          0x011931de
          0x011931e3
          0x011931e6
          0x011931e9
          0x011931ec
          0x011931ef
          0x011931f1
          0x011931f3
          0x011931f6
          0x011931f9
          0x011931fc
          0x011931fe
          0x01193200
          0x01193220
          0x01193222
          0x01193224
          0x01193239
          0x01193239
          0x01193226
          0x01193228
          0x0119322d
          0x01193233
          0x01193233
          0x0119323f
          0x01193202
          0x01193202
          0x01193208
          0x0119320d
          0x0119320d
          0x01193200
          0x0119324f
          0x01193259
          0x0119325c
          0x0119325c
          0x0119325f
          0x01193262
          0x01193264
          0x01193269
          0x01193271
          0x01193274
          0x01193284
          0x0119328e
          0x01193291
          0x01193291
          0x01193294
          0x01193297
          0x01193392
          0x01193392
          0x0119339b
          0x0119339e
          0x011933a0
          0x011933a2
          0x011933d9
          0x011933dc
          0x011933ec
          0x011933ec
          0x011933f1
          0x011933f1
          0x011933f4
          0x011933f9
          0x01193404
          0x0119341a
          0x01193422
          0x01193428
          0x01193428
          0x0119342b
          0x0119342e
          0x01193433
          0x0119343e
          0x01193454
          0x0119345c
          0x01193462
          0x01193462
          0x01193465
          0x01193469
          0x0119346b
          0x0119346e
          0x01193473
          0x01193476
          0x01193479
          0x0119347c
          0x01193481
          0x01193482
          0x01193485
          0x01193488
          0x0119348a
          0x0119348c
          0x011934a8
          0x011934aa
          0x011934ac
          0x011934c3
          0x011934c3
          0x011934ae
          0x011934b0
          0x011934b5
          0x011934bb
          0x011934be
          0x011934be
          0x011934c9
          0x0119348e
          0x01193495
          0x01193495
          0x0119348c
          0x011934d1
          0x011934d7
          0x011934d7
          0x011934da
          0x011934e0
          0x011934e1
          0x011934e3
          0x011934e6
          0x011934eb
          0x011934ee
          0x011934f1
          0x011934f4
          0x011934f7
          0x011934fa
          0x011934fd
          0x011934ff
          0x01193501
          0x0119351d
          0x0119351f
          0x01193521
          0x01193538
          0x01193538
          0x01193523
          0x01193525
          0x0119352a
          0x01193530
          0x01193533
          0x01193533
          0x0119353e
          0x01193503
          0x0119350a
          0x0119350a
          0x01193501
          0x01193546
          0x0119354c
          0x0119354c
          0x0119354f
          0x01193558
          0x01193620
          0x01193623
          0x01193625
          0x01193629
          0x0119362b
          0x0119362b
          0x0119362b
          0x01193631
          0x01193637
          0x01193639
          0x00000000
          0x0119355e
          0x0119355e
          0x01193561
          0x01193563
          0x01193565
          0x011935ad
          0x011935b0
          0x011935b3
          0x00000000
          0x00000000
          0x011935b5
          0x011935b6
          0x011935b9
          0x011935bb
          0x011935bc
          0x011935c4
          0x011935c4
          0x011935c8
          0x00000000
          0x00000000
          0x011935ca
          0x011935ce
          0x011935d0
          0x011935f0
          0x011935f2
          0x0119361b
          0x00000000
          0x0119361b
          0x011935f4
          0x011935f8
          0x011935fa
          0x00000000
          0x00000000
          0x011935fc
          0x011935ff
          0x011935da
          0x011935de
          0x00000000
          0x011935de
          0x01193601
          0x01193603
          0x00000000
          0x00000000
          0x01193610
          0x00000000
          0x01193610
          0x011935d2
          0x011935d4
          0x011935e5
          0x011935e8
          0x011935e8
          0x011935eb
          0x00000000
          0x011935eb
          0x011935d6
          0x00000000
          0x011935d6
          0x01193567
          0x0119356a
          0x0119356c
          0x011935a3
          0x011935a3
          0x011935a8
          0x00000000
          0x00000000
          0x011935aa
          0x00000000
          0x011935aa
          0x0119356e
          0x01193571
          0x01193574
          0x00000000
          0x00000000
          0x0119359c
          0x00000000
          0x0119359c
          0x01193558
          0x011933a4
          0x011933a7
          0x00000000
          0x00000000
          0x011933a9
          0x011933ad
          0x00000000
          0x00000000
          0x011933c7
          0x011933d1
          0x011933d4
          0x00000000
          0x0119329d
          0x0119329d
          0x011932a1
          0x00000000
          0x00000000
          0x011932a7
          0x011932a9
          0x01193338
          0x0119333d
          0x01193340
          0x01193350
          0x01193350
          0x011932af
          0x011932b2
          0x011932bd
          0x011932d3
          0x011932db
          0x011932e1
          0x011932e4
          0x011932e9
          0x011932ec
          0x01193325
          0x0119332d
          0x01193330
          0x011932ee
          0x01193302
          0x01193309
          0x0119330c
          0x0119330c
          0x01193333
          0x01193333
          0x01193355
          0x0119335a
          0x0119335c
          0x0119335e
          0x01193384
          0x0119338a
          0x0119338c
          0x00000000
          0x00000000
          0x01193360
          0x01193360
          0x01193364
          0x01193366
          0x0119336d
          0x0119337d
          0x0119336f
          0x01193374
          0x01193374
          0x0119336d
          0x01193364
          0x00000000
          0x0119335e
          0x01193297
          0x011931a6
          0x01192fde
          0x01192fe5
          0x01192fe7
          0x01192fe9
          0x00000000
          0x00000000
          0x01192ff1
          0x01192ff7
          0x01192ff9
          0x01193034
          0x01193037
          0x0119303a
          0x01193125
          0x01193129
          0x0119312e
          0x01193131
          0x01192ffb
          0x01193000
          0x01193003
          0x01193006
          0x01193009
          0x0119300c
          0x01193014
          0x01193015
          0x0119301b
          0x0119301e
          0x0119301e
          0x0119301f
          0x01193024
          0x01193026
          0x01193029
          0x0119302c
          0x0119302c
          0x00000000
          0x011930d6
          0x011930e5
          0x011930e7
          0x011930e9
          0x00000000
          0x00000000
          0x011930ed
          0x011930f3
          0x011930f5
          0x0119311c
          0x0119311f
          0x01193122
          0x00000000
          0x01193122
          0x011930fc
          0x011930ff
          0x01193102
          0x01193105
          0x01193108
          0x01193110
          0x01193111
          0x01193114
          0x00000000
          0x01193114
          0x01192fb3
          0x01192f61
          0x01192f66
          0x01192f69
          0x01192f6e
          0x01192f80
          0x01192f80
          0x00000000
          0x01192f70
          0x01192f70
          0x01192f73
          0x01192f75
          0x00000000
          0x01192f75
          0x01192f6e

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: &&
          • API String ID: 0-993083564
          • Opcode ID: 304aba3f364938cf236b957ca9e134d5fdf4a900c951dfe08b9664d842546b8b
          • Instruction ID: aa50e5cc60fa26feb0b1c4e065242c8ecd1ea24d9cb6f26a3ef5fd67854ad647
          • Opcode Fuzzy Hash: 304aba3f364938cf236b957ca9e134d5fdf4a900c951dfe08b9664d842546b8b
          • Instruction Fuzzy Hash: 67424C71D14209EFDF1DDFA8D494AEEBBB4BF18304F14815AE936A7290DB309A44CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0115510F Relevance: 1.8, APIs: 1, Instructions: 275COMMONLIBRARYCODECrypto
          Download Yara Rule
          C-Code - Quality: 100%
          			E0115510F(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E01152AF9(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L27:
						 *_t258 = _t226;
						L30:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L36:
							 *_t251 = _t178;
							L37:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E0115181B(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L56:
									 *_t266 = _t210;
									L59:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L65:
										 *_t266 = _t203;
										L66:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L65;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L66;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L56;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L59;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L36;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L37;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L27;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}
























          0x011c8bde
          0x011c8be5
          0x011c8bea
          0x011c8bf0
          0x011c8bf3
          0x011c8bf9
          0x011c8bfe
          0x011c8c03
          0x011c8c03
          0x011c8c09
          0x011c8c0e
          0x011c8c13
          0x011c8c13
          0x011c8c1a
          0x011c8c1f
          0x011c8c24
          0x011c8c24
          0x011c8c2b
          0x011c8c30
          0x011c8c35
          0x011c8c35
          0x011c8c3c
          0x011c8c41
          0x011c8c46
          0x011c8c46
          0x011c8c4e
          0x011c8c5e
          0x011c8c70
          0x011c8c82
          0x011c8c95
          0x011c8ca7
          0x011c8caf
          0x011c8cb4
          0x011c8cb9
          0x011c8cb9
          0x011c8cc0
          0x011c8cc5
          0x011c8cc5
          0x011c8ccc
          0x011c8cd1
          0x011c8cd1
          0x011c8cd8
          0x011c8cdd
          0x011c8cdd
          0x011c8ce4
          0x011c8ce9
          0x011c8ce9
          0x011c8cf3
          0x011c8cf5
          0x011c8d2f
          0x011c8cf7
          0x011c8cfc
          0x011c8d20
          0x011c8d28
          0x011c8d1c
          0x011c8d1c
          0x011c8d32
          0x011c8d39
          0x011c8d3b
          0x011c8d5d
          0x011c8d65
          0x011c8d68
          0x011c8d68
          0x011c8d6a
          0x011c8d6a
          0x011c8d75
          0x011c8d7b
          0x011c8d80
          0x011c8d87
          0x011c8dc1
          0x011c8dcc
          0x011c8dd2
          0x011c8dd5
          0x011c8dd8
          0x011c8de4
          0x011c8dec
          0x011c8d89
          0x011c8d8c
          0x011c8d98
          0x011c8d9e
          0x011c8da4
          0x011c8da7
          0x011c8db0
          0x011c8db0
          0x011c8def
          0x011c8dfd
          0x011c8e03
          0x011c8e06
          0x011c8e0b
          0x011c8e0d
          0x011c8e10
          0x011c8e10
          0x011c8e15
          0x011c8e17
          0x011c8e1a
          0x011c8e1a
          0x011c8e1f
          0x011c8e21
          0x011c8e24
          0x011c8e24
          0x011c8e29
          0x011c8e2b
          0x011c8e2e
          0x011c8e2e
          0x011c8e33
          0x011c8e35
          0x011c8e35
          0x011c8e42
          0x011c8e45
          0x011c8e7c
          0x011c8e47
          0x011c8e47
          0x011c8e4a
          0x011c8e75
          0x011c8e6a
          0x011c8e6a
          0x011c8e7e
          0x011c8e86
          0x011c8e89
          0x011c8ea8
          0x011c8ead
          0x011c8ead
          0x011c8eaf
          0x011c8eb4
          0x011c8ec0
          0x011c8eb6
          0x011c8eb9
          0x011c8eb9
          0x011c8ec5
          0x011c8ec5
          0x011c8e8b
          0x011c8e8e
          0x011c8e9d
          0x00000000
          0x011c8e9d
          0x011c8e90
          0x011c8e93
          0x011c8e95
          0x011c8e95
          0x00000000
          0x011c8e93
          0x011c8e4c
          0x011c8e4f
          0x011c8e65
          0x00000000
          0x011c8e65
          0x011c8e54
          0x011c8e56
          0x011c8e56
          0x011c8e54
          0x00000000
          0x011c8e45
          0x011c8d42
          0x011c8d50
          0x011c8d58
          0x00000000
          0x011c8d58
          0x011c8d46
          0x011c8d4b
          0x011c8d4b
          0x00000000
          0x011c8d46
          0x011c8d03
          0x011c8d11
          0x011c8d19
          0x00000000
          0x011c8d19
          0x011c8d07
          0x011c8d0c
          0x011c8d0c
          0x011c8d07

          APIs
          • RaiseException.KERNEL32(C000000D,00000000,00000001,?), ref: 011C8DFD
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ExceptionRaise
          • String ID:
          • API String ID: 3997070919-0
          • Opcode ID: 9da6e83210f937969039cf3e07e81ed76ea743d406009756b796039e543d6505
          • Instruction ID: 622a9d807d44bce561e9e4bc5ca71ca7104105f07735d7768b0db86081429562
          • Opcode Fuzzy Hash: 9da6e83210f937969039cf3e07e81ed76ea743d406009756b796039e543d6505
          • Instruction Fuzzy Hash: A9B14731610609CFE719CF2CC4C6AA57BA0FF55764F25865CE99ACF2A1C335E982CB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011CB629 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
          Download Yara Rule
          C-Code - Quality: 83%
          			E011CB629(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t17;
				signed int _t29;
				void* _t31;

				_push(0xc);
				_push(0x1209100);
				L011521BC(__ebx, __edi, __esi);
				 *(_t31 - 0x1c) =  *(_t31 - 0x1c) & 0x00000000;
				L01155F88( *((intOrPtr*)( *((intOrPtr*)(_t31 + 8)))));
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				 *0x14f39fc = L0115523B( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t31 + 0xc)))))));
				_t29 = EnumSystemLocalesW(0x11cb613, 1);
				_t17 =  *0x14efcac; // 0x473d9cf5
				 *0x14f39fc = _t17;
				 *(_t31 - 0x1c) = _t29;
				 *(_t31 - 4) = 0xfffffffe;
				E011CB699();
				 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0x10));
				return _t29;
			}






          0x011cb629
          0x011cb62b
          0x011cb630
          0x011cb635
          0x011cb63e
          0x011cb644
          0x011cb655
          0x011cb667
          0x011cb669
          0x011cb66e
          0x011cb673
          0x011cb676
          0x011cb67d
          0x011cb687
          0x011cb693

          APIs
          • EnumSystemLocalesW.KERNEL32(011CB613,00000001,01209100,0000000C,011CC16B,?), ref: 011CB661
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: EnumLocalesSystem
          • String ID:
          • API String ID: 2099609381-0
          • Opcode ID: 02347689cd9799ef0ae04e30afd8b6a7ea6b958d5c391f0c76fc40fb5a63e2b2
          • Instruction ID: 4281dcf4a778de32bb26ddef98f2980ea8caebdbcbc76b87d13f30f866738b0b
          • Opcode Fuzzy Hash: 02347689cd9799ef0ae04e30afd8b6a7ea6b958d5c391f0c76fc40fb5a63e2b2
          • Instruction Fuzzy Hash: 67F037B2A04216EFDB14DFA9E442B9977F0FB28725F10816EE821DB2A0CB759900CF40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01154C0F Relevance: 1.5, Strings: 1, Instructions: 242COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 84%
          			E01154C0F(intOrPtr* __ecx, void* __edi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short _v24;
				void* __ebx;
				void* __esi;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed int _t62;
				signed int _t63;
				signed char _t66;
				signed char _t68;
				signed int _t69;
				short _t71;
				void* _t72;
				signed char _t78;
				signed char _t81;
				void* _t86;
				void* _t87;
				signed char _t89;
				signed char _t91;
				signed int _t92;
				signed int _t94;
				signed int _t96;
				signed int _t97;
				signed int _t100;
				unsigned int _t101;
				signed int _t102;
				void* _t105;
				void* _t107;
				signed int _t112;
				unsigned int _t114;
				signed int* _t116;
				signed char _t117;
				signed int _t125;
				void* _t128;
				signed int _t129;
				short _t130;
				void* _t131;
				intOrPtr* _t132;
				signed int _t133;
				void* _t134;
				void* _t136;
				void* _t137;

				_t128 = __edi;
				_t57 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t57 ^ _t133;
				_t132 = __ecx;
				_t100 = 0;
				_t125 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t107 = 0x58;
				_t136 = _t59 - 0x64;
				if(_t136 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							goto L10;
						}
						_t94 = _t60;
						__eflags = _t94;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t94 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t61 = L011513FC(__ecx);
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						goto L31;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						goto L28;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = E0115238D(__ecx, _t125);
						goto L11;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L12;
					}
					_t61 = L01152509(__ecx);
				} else {
					if(_t136 == 0) {
						L28:
						_t3 = _t132 + 0x20;
						 *_t3 =  *(_t132 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						L29:
						_push(_t100);
						_push(0xa);
						L30:
						_t61 = L0115404D(_t132, __eflags);
						L11:
						if(_t61 != 0) {
							_t62 = E011524E6(_t132);
							__eflags = _t62;
							if(_t62 != 0) {
								L71:
								_t63 = 1;
								L72:
								return L01152ECD(_t63, _t100, _v8 ^ _t133, _t125, _t128, _t132);
							}
							__eflags =  *((intOrPtr*)(_t132 + 0x30)) - _t100;
							if( *((intOrPtr*)(_t132 + 0x30)) != _t100) {
								goto L71;
							}
							_t112 = _t100;
							_v16 = _t100;
							_v12 = _t100;
							_t101 =  *(_t132 + 0x20);
							_push(_t128);
							_v20 = _t112;
							_t66 = _t101 >> 4;
							_t129 = 0x20;
							__eflags = 1 & _t66;
							if((1 & _t66) == 0) {
								L47:
								_t125 =  *(_t132 + 0x32) & 0x0000ffff;
								_t130 = 0x78;
								__eflags = _t125 - _t130;
								if(_t125 == _t130) {
									L49:
									_t68 = _t101 >> 5;
									__eflags = _t68 & 0x00000001;
									if((_t68 & 0x00000001) == 0) {
										L51:
										_t102 = 0;
										__eflags = 0;
										L52:
										__eflags = _t125 - 0x61;
										if(_t125 == 0x61) {
											L55:
											_t69 = 1;
											L56:
											_v24 = 0x30;
											__eflags = _t102;
											if(_t102 != 0) {
												L58:
												 *((short*)(_t133 + _t112 * 2 - 0xc)) = _v24;
												_t71 = 0x58;
												__eflags = _t125 - _t71;
												if(_t125 == _t71) {
													L60:
													_t130 = _t71;
													L61:
													 *((short*)(_t133 + _t112 * 2 - 0xa)) = _t130;
													_t112 = _t112 + 2;
													__eflags = _t112;
													_v20 = _t112;
													L62:
													_t72 = _t132 + 0x18;
													_t131 = _t132 + 0x448;
													_t100 =  *((intOrPtr*)(_t132 + 0x24)) -  *((intOrPtr*)(_t132 + 0x38)) - _t112;
													__eflags =  *(_t132 + 0x20) & 0x0000000c;
													if(( *(_t132 + 0x20) & 0x0000000c) == 0) {
														L01153CC4(_t131, 0x20, _t100, _t72);
														_t112 = _v20;
														_t134 = _t134 + 0x10;
													}
													_push(_t132 + 0xc);
													L01152806(_t131,  &_v16, _t112, _t132 + 0x18);
													_t114 =  *(_t132 + 0x20);
													_t78 = _t114 >> 3;
													__eflags = _t78 & 0x00000001;
													if((_t78 & 0x00000001) != 0) {
														_t117 = _t114 >> 2;
														__eflags = _t117 & 0x00000001;
														if((_t117 & 0x00000001) == 0) {
															L01153CC4(_t131, _v24, _t100, _t132 + 0x18);
															_t134 = _t134 + 0x10;
														}
													}
													L01155902(_t132, _t125, 0);
													_t116 = _t132 + 0x18;
													__eflags =  *_t116;
													if( *_t116 >= 0) {
														_t81 =  *(_t132 + 0x20) >> 2;
														__eflags = _t81 & 0x00000001;
														if((_t81 & 0x00000001) != 0) {
															L01153CC4(_t131, 0x20, _t100, _t116);
														}
													}
													_pop(_t128);
													goto L71;
												}
												_t105 = 0x41;
												__eflags = _t125 - _t105;
												if(_t125 != _t105) {
													goto L61;
												}
												goto L60;
											}
											__eflags = _t69;
											if(_t69 == 0) {
												goto L62;
											}
											goto L58;
										}
										_t86 = 0x41;
										__eflags = _t125 - _t86;
										if(_t125 == _t86) {
											goto L55;
										}
										_t69 = 0;
										goto L56;
									}
									_t102 = 1;
									goto L52;
								}
								_t87 = 0x58;
								__eflags = _t125 - _t87;
								if(_t125 != _t87) {
									goto L51;
								}
								goto L49;
							}
							_t89 = _t101 >> 6;
							__eflags = 1 & _t89;
							if((1 & _t89) == 0) {
								__eflags = 1 & _t101;
								if((1 & _t101) == 0) {
									_t91 = _t101 >> 1;
									__eflags = 1 & _t91;
									if((1 & _t91) != 0) {
										_v16 = _t129;
										_t112 = 1;
										_v20 = 1;
									}
									goto L47;
								}
								_push(0x2b);
								L44:
								_pop(_t92);
								_t112 = 1;
								_v16 = _t92;
								_v20 = 1;
								goto L47;
							}
							_push(0x2d);
							goto L44;
						}
						L12:
						_t63 = 0;
						goto L72;
					}
					_t137 = _t59 - _t107;
					if(_t137 > 0) {
						_t96 = _t59 - 0x5a;
						__eflags = _t96;
						if(_t96 == 0) {
							_t61 = L011546CE(__ecx);
							goto L11;
						}
						_t97 = _t96 - 7;
						__eflags = _t97;
						if(_t97 == 0) {
							L31:
							_t61 = E01153D96(_t132);
							goto L11;
						}
						__eflags = _t97 != 0;
						if(_t97 != 0) {
							goto L12;
						}
						L18:
						_t61 = E011525BD(_t132, _t125, _t100);
						goto L11;
					}
					if(_t137 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t59 == _t125) {
						goto L31;
					}
					if(_t59 == 0x43) {
						goto L18;
					}
					if(_t59 <= 0x44) {
						goto L12;
					}
					if(_t59 <= 0x47) {
						goto L31;
					}
					if(_t59 != 0x53) {
						goto L12;
					}
					L10:
					_t61 = E011539B3(_t132);
				}
			}


















































          0x01154c0f
          0x011a6d4b
          0x011a6d52
          0x011a6d57
          0x011a6d59
          0x011a6d5d
          0x011a6d60
          0x011a6d64
          0x011a6d65
          0x011a6d68
          0x011a6dd5
          0x011a6dd8
          0x011a6e27
          0x011a6e27
          0x011a6e2a
          0x00000000
          0x00000000
          0x011a6e31
          0x011a6e31
          0x011a6e34
          0x00000000
          0x00000000
          0x011a6e36
          0x011a6e39
          0x00000000
          0x00000000
          0x011a6e3f
          0x00000000
          0x011a6e3f
          0x011a6dda
          0x011a6e1d
          0x00000000
          0x011a6e1d
          0x011a6ddc
          0x011a6ddf
          0x00000000
          0x00000000
          0x011a6de1
          0x011a6de4
          0x00000000
          0x00000000
          0x011a6de6
          0x011a6de9
          0x011a6dfb
          0x00000000
          0x011a6dfb
          0x011a6deb
          0x011a6dee
          0x00000000
          0x00000000
          0x011a6df2
          0x011a6d6a
          0x011a6d6a
          0x011a6e02
          0x011a6e02
          0x011a6e02
          0x011a6e02
          0x011a6e06
          0x011a6e06
          0x011a6e07
          0x011a6e09
          0x011a6e0b
          0x011a6d9d
          0x011a6d9f
          0x011a6e47
          0x011a6e4c
          0x011a6e4e
          0x011a6f9f
          0x011a6f9f
          0x011a6fa1
          0x011a6fae
          0x011a6fae
          0x011a6e54
          0x011a6e57
          0x00000000
          0x00000000
          0x011a6e5d
          0x011a6e5f
          0x011a6e62
          0x011a6e68
          0x011a6e6c
          0x011a6e6f
          0x011a6e72
          0x011a6e77
          0x011a6e78
          0x011a6e7a
          0x011a6eac
          0x011a6eac
          0x011a6eb2
          0x011a6eb3
          0x011a6eb6
          0x011a6ec0
          0x011a6ec2
          0x011a6ec5
          0x011a6ec7
          0x011a6ecd
          0x011a6ecd
          0x011a6ecd
          0x011a6ecf
          0x011a6ecf
          0x011a6ed2
          0x011a6ee0
          0x011a6ee0
          0x011a6ee2
          0x011a6ee2
          0x011a6ee9
          0x011a6eeb
          0x011a6ef1
          0x011a6ef6
          0x011a6efb
          0x011a6efc
          0x011a6eff
          0x011a6f09
          0x011a6f09
          0x011a6f0b
          0x011a6f0b
          0x011a6f10
          0x011a6f10
          0x011a6f13
          0x011a6f16
          0x011a6f19
          0x011a6f1f
          0x011a6f25
          0x011a6f27
          0x011a6f2b
          0x011a6f32
          0x011a6f37
          0x011a6f3a
          0x011a6f3a
          0x011a6f40
          0x011a6f4c
          0x011a6f51
          0x011a6f56
          0x011a6f59
          0x011a6f5b
          0x011a6f5d
          0x011a6f60
          0x011a6f63
          0x011a6f6e
          0x011a6f73
          0x011a6f73
          0x011a6f63
          0x011a6f7a
          0x011a6f7f
          0x011a6f82
          0x011a6f85
          0x011a6f8a
          0x011a6f8d
          0x011a6f8f
          0x011a6f96
          0x011a6f9b
          0x011a6f8f
          0x011a6f9e
          0x00000000
          0x011a6f9e
          0x011a6f03
          0x011a6f04
          0x011a6f07
          0x00000000
          0x00000000
          0x00000000
          0x011a6f07
          0x011a6eed
          0x011a6eef
          0x00000000
          0x00000000
          0x00000000
          0x011a6eef
          0x011a6ed6
          0x011a6ed7
          0x011a6eda
          0x00000000
          0x00000000
          0x011a6edc
          0x00000000
          0x011a6edc
          0x011a6ec9
          0x00000000
          0x011a6ec9
          0x011a6eba
          0x011a6ebb
          0x011a6ebe
          0x00000000
          0x00000000
          0x00000000
          0x011a6ebe
          0x011a6e7e
          0x011a6e81
          0x011a6e83
          0x011a6e89
          0x011a6e8b
          0x011a6e9d
          0x011a6e9f
          0x011a6ea1
          0x011a6ea3
          0x011a6ea7
          0x011a6ea9
          0x011a6ea9
          0x00000000
          0x011a6ea1
          0x011a6e8d
          0x011a6e8f
          0x011a6e8f
          0x011a6e90
          0x011a6e92
          0x011a6e96
          0x00000000
          0x011a6e96
          0x011a6e85
          0x00000000
          0x011a6e85
          0x011a6da5
          0x011a6da5
          0x00000000
          0x011a6da5
          0x011a6d70
          0x011a6d72
          0x011a6db2
          0x011a6db2
          0x011a6db5
          0x011a6dce
          0x00000000
          0x011a6dce
          0x011a6db7
          0x011a6db7
          0x011a6dba
          0x011a6e12
          0x011a6e14
          0x00000000
          0x011a6e14
          0x011a6dbd
          0x011a6dc0
          0x00000000
          0x00000000
          0x011a6dc2
          0x011a6dc5
          0x00000000
          0x011a6dc5
          0x011a6d74
          0x011a6dac
          0x011a6dae
          0x011a6dae
          0x00000000
          0x011a6dae
          0x011a6d78
          0x00000000
          0x00000000
          0x011a6d81
          0x00000000
          0x00000000
          0x011a6d86
          0x00000000
          0x00000000
          0x011a6d8b
          0x00000000
          0x00000000
          0x011a6d94
          0x00000000
          0x00000000
          0x011a6d96
          0x011a6d98
          0x011a6d98

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 4085760aca735336ec149878e3b8628599b538bdea45431a5ebfb8c9b953dabf
          • Instruction ID: 27fd22af55f1d486ab16bb0c3fe04d68d0bb594404d41b6e0b6dbf4def0f58d2
          • Opcode Fuzzy Hash: 4085760aca735336ec149878e3b8628599b538bdea45431a5ebfb8c9b953dabf
          • Instruction Fuzzy Hash: 23616C796007159AEF3CDE2CC8947BEBFA5AF51644FCC081DDB92DB680D7219985C382
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011525A4 Relevance: 1.5, Strings: 1, Instructions: 238COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 83%
          			E011525A4(intOrPtr* __ecx, void* __edi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short _v24;
				void* __ebx;
				void* __esi;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed int _t62;
				signed char _t65;
				signed char _t67;
				signed int _t68;
				short _t70;
				void* _t71;
				signed char _t77;
				signed char _t80;
				void* _t85;
				void* _t86;
				signed char _t88;
				signed char _t90;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t99;
				unsigned int _t100;
				signed int _t101;
				void* _t104;
				void* _t106;
				signed int _t110;
				unsigned int _t112;
				signed int* _t114;
				signed char _t115;
				signed int _t123;
				void* _t126;
				signed int _t127;
				short _t128;
				void* _t129;
				intOrPtr* _t130;
				signed int _t131;
				void* _t132;
				void* _t134;
				void* _t135;

				_t126 = __edi;
				_t57 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t57 ^ _t131;
				_t130 = __ecx;
				_t99 = 0;
				_t123 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t106 = 0x58;
				_t134 = _t59 - 0x64;
				if(_t134 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							goto L10;
						}
						_t93 = _t60;
						__eflags = _t93;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t93 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t61 = L011522AC(__ecx);
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						goto L31;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						goto L28;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = L01155F5B(__ecx, _t123);
						goto L11;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L12;
					}
					_t61 = L01151D75(__ecx);
				} else {
					if(_t134 == 0) {
						L28:
						_t3 = _t130 + 0x20;
						 *_t3 =  *(_t130 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						L29:
						_push(_t99);
						_push(0xa);
						L30:
						_t61 = E01151555(_t130, __eflags);
						L11:
						if(_t61 != 0) {
							__eflags =  *((intOrPtr*)(_t130 + 0x30)) - _t99;
							if( *((intOrPtr*)(_t130 + 0x30)) != _t99) {
								L70:
								_t62 = 1;
								L71:
								return L01152ECD(_t62, _t99, _v8 ^ _t131, _t123, _t126, _t130);
							}
							_t110 = _t99;
							_v16 = _t99;
							_v12 = _t99;
							_t100 =  *(_t130 + 0x20);
							_push(_t126);
							_v20 = _t110;
							_t65 = _t100 >> 4;
							_t127 = 0x20;
							__eflags = 1 & _t65;
							if((1 & _t65) == 0) {
								L46:
								_t123 =  *(_t130 + 0x32) & 0x0000ffff;
								_t128 = 0x78;
								__eflags = _t123 - _t128;
								if(_t123 == _t128) {
									L48:
									_t67 = _t100 >> 5;
									__eflags = _t67 & 0x00000001;
									if((_t67 & 0x00000001) == 0) {
										L50:
										_t101 = 0;
										__eflags = 0;
										L51:
										__eflags = _t123 - 0x61;
										if(_t123 == 0x61) {
											L54:
											_t68 = 1;
											L55:
											_v24 = 0x30;
											__eflags = _t101;
											if(_t101 != 0) {
												L57:
												 *((short*)(_t131 + _t110 * 2 - 0xc)) = _v24;
												_t70 = 0x58;
												__eflags = _t123 - _t70;
												if(_t123 == _t70) {
													L59:
													_t128 = _t70;
													L60:
													 *((short*)(_t131 + _t110 * 2 - 0xa)) = _t128;
													_t110 = _t110 + 2;
													__eflags = _t110;
													_v20 = _t110;
													L61:
													_t71 = _t130 + 0x18;
													_t129 = _t130 + 0x448;
													_t99 =  *((intOrPtr*)(_t130 + 0x24)) -  *((intOrPtr*)(_t130 + 0x38)) - _t110;
													__eflags =  *(_t130 + 0x20) & 0x0000000c;
													if(( *(_t130 + 0x20) & 0x0000000c) == 0) {
														L01153CC4(_t129, 0x20, _t99, _t71);
														_t110 = _v20;
														_t132 = _t132 + 0x10;
													}
													_push(_t130 + 0xc);
													L01152806(_t129,  &_v16, _t110, _t130 + 0x18);
													_t112 =  *(_t130 + 0x20);
													_t77 = _t112 >> 3;
													__eflags = _t77 & 0x00000001;
													if((_t77 & 0x00000001) != 0) {
														_t115 = _t112 >> 2;
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															L01153CC4(_t129, _v24, _t99, _t130 + 0x18);
															_t132 = _t132 + 0x10;
														}
													}
													L011536BB(_t130, _t123, 0);
													_t114 = _t130 + 0x18;
													__eflags =  *_t114;
													if( *_t114 >= 0) {
														_t80 =  *(_t130 + 0x20) >> 2;
														__eflags = _t80 & 0x00000001;
														if((_t80 & 0x00000001) != 0) {
															L01153CC4(_t129, 0x20, _t99, _t114);
														}
													}
													_pop(_t126);
													goto L70;
												}
												_t104 = 0x41;
												__eflags = _t123 - _t104;
												if(_t123 != _t104) {
													goto L60;
												}
												goto L59;
											}
											__eflags = _t68;
											if(_t68 == 0) {
												goto L61;
											}
											goto L57;
										}
										_t85 = 0x41;
										__eflags = _t123 - _t85;
										if(_t123 == _t85) {
											goto L54;
										}
										_t68 = 0;
										goto L55;
									}
									_t101 = 1;
									goto L51;
								}
								_t86 = 0x58;
								__eflags = _t123 - _t86;
								if(_t123 != _t86) {
									goto L50;
								}
								goto L48;
							}
							_t88 = _t100 >> 6;
							__eflags = 1 & _t88;
							if((1 & _t88) == 0) {
								__eflags = 1 & _t100;
								if((1 & _t100) == 0) {
									_t90 = _t100 >> 1;
									__eflags = 1 & _t90;
									if((1 & _t90) != 0) {
										_v16 = _t127;
										_t110 = 1;
										_v20 = 1;
									}
									goto L46;
								}
								_push(0x2b);
								L43:
								_pop(_t91);
								_t110 = 1;
								_v16 = _t91;
								_v20 = 1;
								goto L46;
							}
							_push(0x2d);
							goto L43;
						}
						L12:
						_t62 = 0;
						goto L71;
					}
					_t135 = _t59 - _t106;
					if(_t135 > 0) {
						_t95 = _t59 - 0x5a;
						__eflags = _t95;
						if(_t95 == 0) {
							_t61 = L01152798(__ecx);
							goto L11;
						}
						_t96 = _t95 - 7;
						__eflags = _t96;
						if(_t96 == 0) {
							L31:
							_t61 = L01154DB8(_t130);
							goto L11;
						}
						__eflags = _t96;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t61 = L0115607D(_t130, _t123, __eflags, _t99);
						goto L11;
					}
					if(_t135 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t59 == _t123) {
						goto L31;
					}
					if(_t59 == 0x43) {
						goto L18;
					}
					if(_t59 <= 0x44) {
						goto L12;
					}
					if(_t59 <= 0x47) {
						goto L31;
					}
					if(_t59 != 0x53) {
						goto L12;
					}
					L10:
					_t61 = E01151816(_t130);
				}
			}

















































          0x011525a4
          0x011a7052
          0x011a7059
          0x011a705e
          0x011a7060
          0x011a7064
          0x011a7067
          0x011a706b
          0x011a706c
          0x011a706f
          0x011a70dc
          0x011a70df
          0x011a712e
          0x011a712e
          0x011a7131
          0x00000000
          0x00000000
          0x011a7138
          0x011a7138
          0x011a713b
          0x00000000
          0x00000000
          0x011a713d
          0x011a7140
          0x00000000
          0x00000000
          0x011a7146
          0x00000000
          0x011a7146
          0x011a70e1
          0x011a7124
          0x00000000
          0x011a7124
          0x011a70e3
          0x011a70e6
          0x00000000
          0x00000000
          0x011a70e8
          0x011a70eb
          0x00000000
          0x00000000
          0x011a70ed
          0x011a70f0
          0x011a7102
          0x00000000
          0x011a7102
          0x011a70f2
          0x011a70f5
          0x00000000
          0x00000000
          0x011a70f9
          0x011a7071
          0x011a7071
          0x011a7109
          0x011a7109
          0x011a7109
          0x011a7109
          0x011a710d
          0x011a710d
          0x011a710e
          0x011a7110
          0x011a7112
          0x011a70a4
          0x011a70a6
          0x011a714c
          0x011a714f
          0x011a7297
          0x011a7297
          0x011a7299
          0x011a72a6
          0x011a72a6
          0x011a7155
          0x011a7157
          0x011a715a
          0x011a7160
          0x011a7164
          0x011a7167
          0x011a716a
          0x011a716f
          0x011a7170
          0x011a7172
          0x011a71a4
          0x011a71a4
          0x011a71aa
          0x011a71ab
          0x011a71ae
          0x011a71b8
          0x011a71ba
          0x011a71bd
          0x011a71bf
          0x011a71c5
          0x011a71c5
          0x011a71c5
          0x011a71c7
          0x011a71c7
          0x011a71ca
          0x011a71d8
          0x011a71d8
          0x011a71da
          0x011a71da
          0x011a71e1
          0x011a71e3
          0x011a71e9
          0x011a71ee
          0x011a71f3
          0x011a71f4
          0x011a71f7
          0x011a7201
          0x011a7201
          0x011a7203
          0x011a7203
          0x011a7208
          0x011a7208
          0x011a720b
          0x011a720e
          0x011a7211
          0x011a7217
          0x011a721d
          0x011a721f
          0x011a7223
          0x011a722a
          0x011a722f
          0x011a7232
          0x011a7232
          0x011a7238
          0x011a7244
          0x011a7249
          0x011a724e
          0x011a7251
          0x011a7253
          0x011a7255
          0x011a7258
          0x011a725b
          0x011a7266
          0x011a726b
          0x011a726b
          0x011a725b
          0x011a7272
          0x011a7277
          0x011a727a
          0x011a727d
          0x011a7282
          0x011a7285
          0x011a7287
          0x011a728e
          0x011a7293
          0x011a7287
          0x011a7296
          0x00000000
          0x011a7296
          0x011a71fb
          0x011a71fc
          0x011a71ff
          0x00000000
          0x00000000
          0x00000000
          0x011a71ff
          0x011a71e5
          0x011a71e7
          0x00000000
          0x00000000
          0x00000000
          0x011a71e7
          0x011a71ce
          0x011a71cf
          0x011a71d2
          0x00000000
          0x00000000
          0x011a71d4
          0x00000000
          0x011a71d4
          0x011a71c1
          0x00000000
          0x011a71c1
          0x011a71b2
          0x011a71b3
          0x011a71b6
          0x00000000
          0x00000000
          0x00000000
          0x011a71b6
          0x011a7176
          0x011a7179
          0x011a717b
          0x011a7181
          0x011a7183
          0x011a7195
          0x011a7197
          0x011a7199
          0x011a719b
          0x011a719f
          0x011a71a1
          0x011a71a1
          0x00000000
          0x011a7199
          0x011a7185
          0x011a7187
          0x011a7187
          0x011a7188
          0x011a718a
          0x011a718e
          0x00000000
          0x011a718e
          0x011a717d
          0x00000000
          0x011a717d
          0x011a70ac
          0x011a70ac
          0x00000000
          0x011a70ac
          0x011a7077
          0x011a7079
          0x011a70b9
          0x011a70b9
          0x011a70bc
          0x011a70d5
          0x00000000
          0x011a70d5
          0x011a70be
          0x011a70be
          0x011a70c1
          0x011a7119
          0x011a711b
          0x00000000
          0x011a711b
          0x011a70c4
          0x011a70c7
          0x00000000
          0x00000000
          0x011a70c9
          0x011a70cc
          0x00000000
          0x011a70cc
          0x011a707b
          0x011a70b3
          0x011a70b5
          0x011a70b5
          0x00000000
          0x011a70b5
          0x011a707f
          0x00000000
          0x00000000
          0x011a7088
          0x00000000
          0x00000000
          0x011a708d
          0x00000000
          0x00000000
          0x011a7092
          0x00000000
          0x00000000
          0x011a709b
          0x00000000
          0x00000000
          0x011a709d
          0x011a709f
          0x011a709f

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: d15f22250d5b859d5a973e132ff12be827b27d0f1dd1e706ea4888f33b98c2be
          • Instruction ID: 2a09c225d89711820dfab40654e4ac5dc718827d9f018220d560dea84724598d
          • Opcode Fuzzy Hash: d15f22250d5b859d5a973e132ff12be827b27d0f1dd1e706ea4888f33b98c2be
          • Instruction Fuzzy Hash: 31618C3D74030696EB3DAA2C895077E7FD6AF42204FC4092EEA52DB2C1D723AB45C312
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01152DBA Relevance: 1.5, Strings: 1, Instructions: 238COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 81%
          			E01152DBA(intOrPtr* __ecx, void* __edi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short _v24;
				void* __ebx;
				void* __esi;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed int _t62;
				signed char _t65;
				signed char _t67;
				signed int _t68;
				short _t70;
				void* _t71;
				signed char _t77;
				signed char _t80;
				void* _t85;
				void* _t86;
				signed char _t88;
				signed char _t90;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t99;
				unsigned int _t100;
				signed int _t101;
				void* _t104;
				void* _t106;
				signed int _t110;
				unsigned int _t112;
				signed int* _t114;
				signed char _t115;
				signed int _t123;
				void* _t126;
				signed int _t127;
				short _t128;
				void* _t129;
				intOrPtr* _t130;
				signed int _t131;
				void* _t132;
				void* _t134;
				void* _t135;

				_t126 = __edi;
				_t57 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t57 ^ _t131;
				_t130 = __ecx;
				_t99 = 0;
				_t123 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t106 = 0x58;
				_t134 = _t59 - 0x64;
				if(_t134 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							goto L10;
						}
						_t93 = _t60;
						__eflags = _t93;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t93 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t61 = L011561A9(__ecx);
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						goto L31;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						goto L28;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = E01151F64(__ecx, _t123);
						goto L11;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L12;
					}
					_t61 = L01152789(__ecx);
				} else {
					if(_t134 == 0) {
						L28:
						_t3 = _t130 + 0x20;
						 *_t3 =  *(_t130 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						L29:
						_push(_t99);
						_push(0xa);
						L30:
						_t61 = L01156401(_t130, __eflags);
						L11:
						if(_t61 != 0) {
							__eflags =  *((intOrPtr*)(_t130 + 0x30)) - _t99;
							if( *((intOrPtr*)(_t130 + 0x30)) != _t99) {
								L70:
								_t62 = 1;
								L71:
								return L01152ECD(_t62, _t99, _v8 ^ _t131, _t123, _t126, _t130);
							}
							_t110 = _t99;
							_v16 = _t99;
							_v12 = _t99;
							_t100 =  *(_t130 + 0x20);
							_push(_t126);
							_v20 = _t110;
							_t65 = _t100 >> 4;
							_t127 = 0x20;
							__eflags = 1 & _t65;
							if((1 & _t65) == 0) {
								L46:
								_t123 =  *(_t130 + 0x32) & 0x0000ffff;
								_t128 = 0x78;
								__eflags = _t123 - _t128;
								if(_t123 == _t128) {
									L48:
									_t67 = _t100 >> 5;
									__eflags = _t67 & 0x00000001;
									if((_t67 & 0x00000001) == 0) {
										L50:
										_t101 = 0;
										__eflags = 0;
										L51:
										__eflags = _t123 - 0x61;
										if(_t123 == 0x61) {
											L54:
											_t68 = 1;
											L55:
											_v24 = 0x30;
											__eflags = _t101;
											if(_t101 != 0) {
												L57:
												 *((short*)(_t131 + _t110 * 2 - 0xc)) = _v24;
												_t70 = 0x58;
												__eflags = _t123 - _t70;
												if(_t123 == _t70) {
													L59:
													_t128 = _t70;
													L60:
													 *((short*)(_t131 + _t110 * 2 - 0xa)) = _t128;
													_t110 = _t110 + 2;
													__eflags = _t110;
													_v20 = _t110;
													L61:
													_t71 = _t130 + 0x18;
													_t129 = _t130 + 0x448;
													_t99 =  *((intOrPtr*)(_t130 + 0x24)) -  *((intOrPtr*)(_t130 + 0x38)) - _t110;
													__eflags =  *(_t130 + 0x20) & 0x0000000c;
													if(( *(_t130 + 0x20) & 0x0000000c) == 0) {
														L011556FF(_t129, 0x20, _t99, _t71);
														_t110 = _v20;
														_t132 = _t132 + 0x10;
													}
													_push(_t130 + 0xc);
													L01153DD2(_t129,  &_v16, _t110, _t130 + 0x18);
													_t112 =  *(_t130 + 0x20);
													_t77 = _t112 >> 3;
													__eflags = _t77 & 0x00000001;
													if((_t77 & 0x00000001) != 0) {
														_t115 = _t112 >> 2;
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															L011556FF(_t129, _v24, _t99, _t130 + 0x18);
															_t132 = _t132 + 0x10;
														}
													}
													L01152E14(_t130, _t123, 0);
													_t114 = _t130 + 0x18;
													__eflags =  *_t114;
													if( *_t114 >= 0) {
														_t80 =  *(_t130 + 0x20) >> 2;
														__eflags = _t80 & 0x00000001;
														if((_t80 & 0x00000001) != 0) {
															L011556FF(_t129, 0x20, _t99, _t114);
														}
													}
													_pop(_t126);
													goto L70;
												}
												_t104 = 0x41;
												__eflags = _t123 - _t104;
												if(_t123 != _t104) {
													goto L60;
												}
												goto L59;
											}
											__eflags = _t68;
											if(_t68 == 0) {
												goto L61;
											}
											goto L57;
										}
										_t85 = 0x41;
										__eflags = _t123 - _t85;
										if(_t123 == _t85) {
											goto L54;
										}
										_t68 = 0;
										goto L55;
									}
									_t101 = 1;
									goto L51;
								}
								_t86 = 0x58;
								__eflags = _t123 - _t86;
								if(_t123 != _t86) {
									goto L50;
								}
								goto L48;
							}
							_t88 = _t100 >> 6;
							__eflags = 1 & _t88;
							if((1 & _t88) == 0) {
								__eflags = 1 & _t100;
								if((1 & _t100) == 0) {
									_t90 = _t100 >> 1;
									__eflags = 1 & _t90;
									if((1 & _t90) != 0) {
										_v16 = _t127;
										_t110 = 1;
										_v20 = 1;
									}
									goto L46;
								}
								_push(0x2b);
								L43:
								_pop(_t91);
								_t110 = 1;
								_v16 = _t91;
								_v20 = 1;
								goto L46;
							}
							_push(0x2d);
							goto L43;
						}
						L12:
						_t62 = 0;
						goto L71;
					}
					_t135 = _t59 - _t106;
					if(_t135 > 0) {
						_t95 = _t59 - 0x5a;
						__eflags = _t95;
						if(_t95 == 0) {
							_t61 = L01155CDB(__ecx);
							goto L11;
						}
						_t96 = _t95 - 7;
						__eflags = _t96;
						if(_t96 == 0) {
							L31:
							_t61 = L01156294(_t130);
							goto L11;
						}
						__eflags = _t96;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t61 = E0115101E(_t130, _t123, __eflags, _t99);
						goto L11;
					}
					if(_t135 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t59 == _t123) {
						goto L31;
					}
					if(_t59 == 0x43) {
						goto L18;
					}
					if(_t59 <= 0x44) {
						goto L12;
					}
					if(_t59 <= 0x47) {
						goto L31;
					}
					if(_t59 != 0x53) {
						goto L12;
					}
					L10:
					_t61 = E01152BD5(_t130);
				}
			}

















































          0x01152dba
          0x011a6763
          0x011a676a
          0x011a676f
          0x011a6771
          0x011a6775
          0x011a6778
          0x011a677c
          0x011a677d
          0x011a6780
          0x011a67ed
          0x011a67f0
          0x011a683f
          0x011a683f
          0x011a6842
          0x00000000
          0x00000000
          0x011a6849
          0x011a6849
          0x011a684c
          0x00000000
          0x00000000
          0x011a684e
          0x011a6851
          0x00000000
          0x00000000
          0x011a6857
          0x00000000
          0x011a6857
          0x011a67f2
          0x011a6835
          0x00000000
          0x011a6835
          0x011a67f4
          0x011a67f7
          0x00000000
          0x00000000
          0x011a67f9
          0x011a67fc
          0x00000000
          0x00000000
          0x011a67fe
          0x011a6801
          0x011a6813
          0x00000000
          0x011a6813
          0x011a6803
          0x011a6806
          0x00000000
          0x00000000
          0x011a680a
          0x011a6782
          0x011a6782
          0x011a681a
          0x011a681a
          0x011a681a
          0x011a681a
          0x011a681e
          0x011a681e
          0x011a681f
          0x011a6821
          0x011a6823
          0x011a67b5
          0x011a67b7
          0x011a685d
          0x011a6860
          0x011a69a8
          0x011a69a8
          0x011a69aa
          0x011a69b7
          0x011a69b7
          0x011a6866
          0x011a6868
          0x011a686b
          0x011a6871
          0x011a6875
          0x011a6878
          0x011a687b
          0x011a6880
          0x011a6881
          0x011a6883
          0x011a68b5
          0x011a68b5
          0x011a68bb
          0x011a68bc
          0x011a68bf
          0x011a68c9
          0x011a68cb
          0x011a68ce
          0x011a68d0
          0x011a68d6
          0x011a68d6
          0x011a68d6
          0x011a68d8
          0x011a68d8
          0x011a68db
          0x011a68e9
          0x011a68e9
          0x011a68eb
          0x011a68eb
          0x011a68f2
          0x011a68f4
          0x011a68fa
          0x011a68ff
          0x011a6904
          0x011a6905
          0x011a6908
          0x011a6912
          0x011a6912
          0x011a6914
          0x011a6914
          0x011a6919
          0x011a6919
          0x011a691c
          0x011a691f
          0x011a6922
          0x011a6928
          0x011a692e
          0x011a6930
          0x011a6934
          0x011a693b
          0x011a6940
          0x011a6943
          0x011a6943
          0x011a6949
          0x011a6955
          0x011a695a
          0x011a695f
          0x011a6962
          0x011a6964
          0x011a6966
          0x011a6969
          0x011a696c
          0x011a6977
          0x011a697c
          0x011a697c
          0x011a696c
          0x011a6983
          0x011a6988
          0x011a698b
          0x011a698e
          0x011a6993
          0x011a6996
          0x011a6998
          0x011a699f
          0x011a69a4
          0x011a6998
          0x011a69a7
          0x00000000
          0x011a69a7
          0x011a690c
          0x011a690d
          0x011a6910
          0x00000000
          0x00000000
          0x00000000
          0x011a6910
          0x011a68f6
          0x011a68f8
          0x00000000
          0x00000000
          0x00000000
          0x011a68f8
          0x011a68df
          0x011a68e0
          0x011a68e3
          0x00000000
          0x00000000
          0x011a68e5
          0x00000000
          0x011a68e5
          0x011a68d2
          0x00000000
          0x011a68d2
          0x011a68c3
          0x011a68c4
          0x011a68c7
          0x00000000
          0x00000000
          0x00000000
          0x011a68c7
          0x011a6887
          0x011a688a
          0x011a688c
          0x011a6892
          0x011a6894
          0x011a68a6
          0x011a68a8
          0x011a68aa
          0x011a68ac
          0x011a68b0
          0x011a68b2
          0x011a68b2
          0x00000000
          0x011a68aa
          0x011a6896
          0x011a6898
          0x011a6898
          0x011a6899
          0x011a689b
          0x011a689f
          0x00000000
          0x011a689f
          0x011a688e
          0x00000000
          0x011a688e
          0x011a67bd
          0x011a67bd
          0x00000000
          0x011a67bd
          0x011a6788
          0x011a678a
          0x011a67ca
          0x011a67ca
          0x011a67cd
          0x011a67e6
          0x00000000
          0x011a67e6
          0x011a67cf
          0x011a67cf
          0x011a67d2
          0x011a682a
          0x011a682c
          0x00000000
          0x011a682c
          0x011a67d5
          0x011a67d8
          0x00000000
          0x00000000
          0x011a67da
          0x011a67dd
          0x00000000
          0x011a67dd
          0x011a678c
          0x011a67c4
          0x011a67c6
          0x011a67c6
          0x00000000
          0x011a67c6
          0x011a6790
          0x00000000
          0x00000000
          0x011a6799
          0x00000000
          0x00000000
          0x011a679e
          0x00000000
          0x00000000
          0x011a67a3
          0x00000000
          0x00000000
          0x011a67ac
          0x00000000
          0x00000000
          0x011a67ae
          0x011a67b0
          0x011a67b0

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: da747845c772bf761517d4e89af2c43b4c3645a43f43bfb797058b5b42c89ed4
          • Instruction ID: 0827132d0713556280ef626b98bf84f4d80e572fbf5e732483ccf5bbfb8bdb24
          • Opcode Fuzzy Hash: da747845c772bf761517d4e89af2c43b4c3645a43f43bfb797058b5b42c89ed4
          • Instruction Fuzzy Hash: 9C6128B8610B0ADAEF2C9E6C8890BBE6F99AF51604FCC041DDA53DB280F7619945C752
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01153378 Relevance: 1.5, Strings: 1, Instructions: 238COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 83%
          			E01153378(intOrPtr* __ecx, void* __edi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short _v24;
				void* __ebx;
				void* __esi;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed int _t62;
				signed char _t65;
				signed char _t67;
				signed int _t68;
				short _t70;
				void* _t71;
				signed char _t77;
				signed char _t80;
				void* _t85;
				void* _t86;
				signed char _t88;
				signed char _t90;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t99;
				unsigned int _t100;
				signed int _t101;
				void* _t104;
				void* _t106;
				signed int _t110;
				unsigned int _t112;
				signed int* _t114;
				signed char _t115;
				signed int _t123;
				void* _t126;
				signed int _t127;
				short _t128;
				void* _t129;
				intOrPtr* _t130;
				signed int _t131;
				void* _t132;
				void* _t134;
				void* _t135;

				_t126 = __edi;
				_t57 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t57 ^ _t131;
				_t130 = __ecx;
				_t99 = 0;
				_t123 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t106 = 0x58;
				_t134 = _t59 - 0x64;
				if(_t134 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							goto L10;
						}
						_t93 = _t60;
						__eflags = _t93;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t93 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t61 = L01151B13(__ecx);
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						goto L31;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						goto L28;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = L01154160(__ecx, _t123);
						goto L11;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L12;
					}
					_t61 = L01152135(__ecx);
				} else {
					if(_t134 == 0) {
						L28:
						_t3 = _t130 + 0x20;
						 *_t3 =  *(_t130 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						L29:
						_push(_t99);
						_push(0xa);
						L30:
						_t61 = L0115222F(_t130, __eflags);
						L11:
						if(_t61 != 0) {
							__eflags =  *((intOrPtr*)(_t130 + 0x30)) - _t99;
							if( *((intOrPtr*)(_t130 + 0x30)) != _t99) {
								L70:
								_t62 = 1;
								L71:
								return L01152ECD(_t62, _t99, _v8 ^ _t131, _t123, _t126, _t130);
							}
							_t110 = _t99;
							_v16 = _t99;
							_v12 = _t99;
							_t100 =  *(_t130 + 0x20);
							_push(_t126);
							_v20 = _t110;
							_t65 = _t100 >> 4;
							_t127 = 0x20;
							__eflags = 1 & _t65;
							if((1 & _t65) == 0) {
								L46:
								_t123 =  *(_t130 + 0x32) & 0x0000ffff;
								_t128 = 0x78;
								__eflags = _t123 - _t128;
								if(_t123 == _t128) {
									L48:
									_t67 = _t100 >> 5;
									__eflags = _t67 & 0x00000001;
									if((_t67 & 0x00000001) == 0) {
										L50:
										_t101 = 0;
										__eflags = 0;
										L51:
										__eflags = _t123 - 0x61;
										if(_t123 == 0x61) {
											L54:
											_t68 = 1;
											L55:
											_v24 = 0x30;
											__eflags = _t101;
											if(_t101 != 0) {
												L57:
												 *((short*)(_t131 + _t110 * 2 - 0xc)) = _v24;
												_t70 = 0x58;
												__eflags = _t123 - _t70;
												if(_t123 == _t70) {
													L59:
													_t128 = _t70;
													L60:
													 *((short*)(_t131 + _t110 * 2 - 0xa)) = _t128;
													_t110 = _t110 + 2;
													__eflags = _t110;
													_v20 = _t110;
													L61:
													_t71 = _t130 + 0x18;
													_t129 = _t130 + 0x448;
													_t99 =  *((intOrPtr*)(_t130 + 0x24)) -  *((intOrPtr*)(_t130 + 0x38)) - _t110;
													__eflags =  *(_t130 + 0x20) & 0x0000000c;
													if(( *(_t130 + 0x20) & 0x0000000c) == 0) {
														L01153CC4(_t129, 0x20, _t99, _t71);
														_t110 = _v20;
														_t132 = _t132 + 0x10;
													}
													_push(_t130 + 0xc);
													L01152806(_t129,  &_v16, _t110, _t130 + 0x18);
													_t112 =  *(_t130 + 0x20);
													_t77 = _t112 >> 3;
													__eflags = _t77 & 0x00000001;
													if((_t77 & 0x00000001) != 0) {
														_t115 = _t112 >> 2;
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															L01153CC4(_t129, _v24, _t99, _t130 + 0x18);
															_t132 = _t132 + 0x10;
														}
													}
													E01151325(_t130, _t123, 0);
													_t114 = _t130 + 0x18;
													__eflags =  *_t114;
													if( *_t114 >= 0) {
														_t80 =  *(_t130 + 0x20) >> 2;
														__eflags = _t80 & 0x00000001;
														if((_t80 & 0x00000001) != 0) {
															L01153CC4(_t129, 0x20, _t99, _t114);
														}
													}
													_pop(_t126);
													goto L70;
												}
												_t104 = 0x41;
												__eflags = _t123 - _t104;
												if(_t123 != _t104) {
													goto L60;
												}
												goto L59;
											}
											__eflags = _t68;
											if(_t68 == 0) {
												goto L61;
											}
											goto L57;
										}
										_t85 = 0x41;
										__eflags = _t123 - _t85;
										if(_t123 == _t85) {
											goto L54;
										}
										_t68 = 0;
										goto L55;
									}
									_t101 = 1;
									goto L51;
								}
								_t86 = 0x58;
								__eflags = _t123 - _t86;
								if(_t123 != _t86) {
									goto L50;
								}
								goto L48;
							}
							_t88 = _t100 >> 6;
							__eflags = 1 & _t88;
							if((1 & _t88) == 0) {
								__eflags = 1 & _t100;
								if((1 & _t100) == 0) {
									_t90 = _t100 >> 1;
									__eflags = 1 & _t90;
									if((1 & _t90) != 0) {
										_v16 = _t127;
										_t110 = 1;
										_v20 = 1;
									}
									goto L46;
								}
								_push(0x2b);
								L43:
								_pop(_t91);
								_t110 = 1;
								_v16 = _t91;
								_v20 = 1;
								goto L46;
							}
							_push(0x2d);
							goto L43;
						}
						L12:
						_t62 = 0;
						goto L71;
					}
					_t135 = _t59 - _t106;
					if(_t135 > 0) {
						_t95 = _t59 - 0x5a;
						__eflags = _t95;
						if(_t95 == 0) {
							_t61 = L0115642E(__ecx);
							goto L11;
						}
						_t96 = _t95 - 7;
						__eflags = _t96;
						if(_t96 == 0) {
							L31:
							_t61 = L01154C69(_t130);
							goto L11;
						}
						__eflags = _t96;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t61 = L01153D9B(_t130, _t123, __eflags, _t99);
						goto L11;
					}
					if(_t135 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t59 == _t123) {
						goto L31;
					}
					if(_t59 == 0x43) {
						goto L18;
					}
					if(_t59 <= 0x44) {
						goto L12;
					}
					if(_t59 <= 0x47) {
						goto L31;
					}
					if(_t59 != 0x53) {
						goto L12;
					}
					L10:
					_t61 = E0115217B(_t130);
				}
			}

















































          0x01153378
          0x011a6a57
          0x011a6a5e
          0x011a6a63
          0x011a6a65
          0x011a6a69
          0x011a6a6c
          0x011a6a70
          0x011a6a71
          0x011a6a74
          0x011a6ae1
          0x011a6ae4
          0x011a6b33
          0x011a6b33
          0x011a6b36
          0x00000000
          0x00000000
          0x011a6b3d
          0x011a6b3d
          0x011a6b40
          0x00000000
          0x00000000
          0x011a6b42
          0x011a6b45
          0x00000000
          0x00000000
          0x011a6b4b
          0x00000000
          0x011a6b4b
          0x011a6ae6
          0x011a6b29
          0x00000000
          0x011a6b29
          0x011a6ae8
          0x011a6aeb
          0x00000000
          0x00000000
          0x011a6aed
          0x011a6af0
          0x00000000
          0x00000000
          0x011a6af2
          0x011a6af5
          0x011a6b07
          0x00000000
          0x011a6b07
          0x011a6af7
          0x011a6afa
          0x00000000
          0x00000000
          0x011a6afe
          0x011a6a76
          0x011a6a76
          0x011a6b0e
          0x011a6b0e
          0x011a6b0e
          0x011a6b0e
          0x011a6b12
          0x011a6b12
          0x011a6b13
          0x011a6b15
          0x011a6b17
          0x011a6aa9
          0x011a6aab
          0x011a6b51
          0x011a6b54
          0x011a6c9c
          0x011a6c9c
          0x011a6c9e
          0x011a6cab
          0x011a6cab
          0x011a6b5a
          0x011a6b5c
          0x011a6b5f
          0x011a6b65
          0x011a6b69
          0x011a6b6c
          0x011a6b6f
          0x011a6b74
          0x011a6b75
          0x011a6b77
          0x011a6ba9
          0x011a6ba9
          0x011a6baf
          0x011a6bb0
          0x011a6bb3
          0x011a6bbd
          0x011a6bbf
          0x011a6bc2
          0x011a6bc4
          0x011a6bca
          0x011a6bca
          0x011a6bca
          0x011a6bcc
          0x011a6bcc
          0x011a6bcf
          0x011a6bdd
          0x011a6bdd
          0x011a6bdf
          0x011a6bdf
          0x011a6be6
          0x011a6be8
          0x011a6bee
          0x011a6bf3
          0x011a6bf8
          0x011a6bf9
          0x011a6bfc
          0x011a6c06
          0x011a6c06
          0x011a6c08
          0x011a6c08
          0x011a6c0d
          0x011a6c0d
          0x011a6c10
          0x011a6c13
          0x011a6c16
          0x011a6c1c
          0x011a6c22
          0x011a6c24
          0x011a6c28
          0x011a6c2f
          0x011a6c34
          0x011a6c37
          0x011a6c37
          0x011a6c3d
          0x011a6c49
          0x011a6c4e
          0x011a6c53
          0x011a6c56
          0x011a6c58
          0x011a6c5a
          0x011a6c5d
          0x011a6c60
          0x011a6c6b
          0x011a6c70
          0x011a6c70
          0x011a6c60
          0x011a6c77
          0x011a6c7c
          0x011a6c7f
          0x011a6c82
          0x011a6c87
          0x011a6c8a
          0x011a6c8c
          0x011a6c93
          0x011a6c98
          0x011a6c8c
          0x011a6c9b
          0x00000000
          0x011a6c9b
          0x011a6c00
          0x011a6c01
          0x011a6c04
          0x00000000
          0x00000000
          0x00000000
          0x011a6c04
          0x011a6bea
          0x011a6bec
          0x00000000
          0x00000000
          0x00000000
          0x011a6bec
          0x011a6bd3
          0x011a6bd4
          0x011a6bd7
          0x00000000
          0x00000000
          0x011a6bd9
          0x00000000
          0x011a6bd9
          0x011a6bc6
          0x00000000
          0x011a6bc6
          0x011a6bb7
          0x011a6bb8
          0x011a6bbb
          0x00000000
          0x00000000
          0x00000000
          0x011a6bbb
          0x011a6b7b
          0x011a6b7e
          0x011a6b80
          0x011a6b86
          0x011a6b88
          0x011a6b9a
          0x011a6b9c
          0x011a6b9e
          0x011a6ba0
          0x011a6ba4
          0x011a6ba6
          0x011a6ba6
          0x00000000
          0x011a6b9e
          0x011a6b8a
          0x011a6b8c
          0x011a6b8c
          0x011a6b8d
          0x011a6b8f
          0x011a6b93
          0x00000000
          0x011a6b93
          0x011a6b82
          0x00000000
          0x011a6b82
          0x011a6ab1
          0x011a6ab1
          0x00000000
          0x011a6ab1
          0x011a6a7c
          0x011a6a7e
          0x011a6abe
          0x011a6abe
          0x011a6ac1
          0x011a6ada
          0x00000000
          0x011a6ada
          0x011a6ac3
          0x011a6ac3
          0x011a6ac6
          0x011a6b1e
          0x011a6b20
          0x00000000
          0x011a6b20
          0x011a6ac9
          0x011a6acc
          0x00000000
          0x00000000
          0x011a6ace
          0x011a6ad1
          0x00000000
          0x011a6ad1
          0x011a6a80
          0x011a6ab8
          0x011a6aba
          0x011a6aba
          0x00000000
          0x011a6aba
          0x011a6a84
          0x00000000
          0x00000000
          0x011a6a8d
          0x00000000
          0x00000000
          0x011a6a92
          0x00000000
          0x00000000
          0x011a6a97
          0x00000000
          0x00000000
          0x011a6aa0
          0x00000000
          0x00000000
          0x011a6aa2
          0x011a6aa4
          0x011a6aa4

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 648da8960f6b7963f00eeb24d769c8c4e41962a65080a6fe3452cba255cf9791
          • Instruction ID: 281ab2e8497f61928c25dd9ffd287eea3062ac001da5f465462a96b05774ad1f
          • Opcode Fuzzy Hash: 648da8960f6b7963f00eeb24d769c8c4e41962a65080a6fe3452cba255cf9791
          • Instruction Fuzzy Hash: D1614979B00309D6EF3C9A6D88A0BBE7F95EB51704FCC881EDA42DB681D7219D45C302
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01151A73 Relevance: 1.5, Strings: 1, Instructions: 238COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 81%
          			E01151A73(intOrPtr* __ecx, void* __edi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short _v24;
				void* __ebx;
				void* __esi;
				signed int _t57;
				signed int _t59;
				signed int _t60;
				void* _t61;
				signed int _t62;
				signed char _t65;
				signed char _t67;
				signed int _t68;
				short _t70;
				void* _t71;
				signed char _t77;
				signed char _t80;
				void* _t85;
				void* _t86;
				signed char _t88;
				signed char _t90;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t99;
				unsigned int _t100;
				signed int _t101;
				void* _t104;
				void* _t106;
				signed int _t110;
				unsigned int _t112;
				signed int* _t114;
				signed char _t115;
				signed int _t123;
				void* _t126;
				signed int _t127;
				short _t128;
				void* _t129;
				intOrPtr* _t130;
				signed int _t131;
				void* _t132;
				void* _t134;
				void* _t135;

				_t126 = __edi;
				_t57 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t57 ^ _t131;
				_t130 = __ecx;
				_t99 = 0;
				_t123 = 0x41;
				_t59 =  *(__ecx + 0x32) & 0x0000ffff;
				_t106 = 0x58;
				_t134 = _t59 - 0x64;
				if(_t134 > 0) {
					__eflags = _t59 - 0x70;
					if(__eflags > 0) {
						_t60 = _t59 - 0x73;
						__eflags = _t60;
						if(_t60 == 0) {
							goto L10;
						}
						_t93 = _t60;
						__eflags = _t93;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t93 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t61 = L01153CE2(__ecx);
						goto L11;
					}
					__eflags = _t59 - 0x67;
					if(_t59 <= 0x67) {
						goto L31;
					}
					__eflags = _t59 - 0x69;
					if(_t59 == 0x69) {
						goto L28;
					}
					__eflags = _t59 - 0x6e;
					if(_t59 == 0x6e) {
						_t61 = L011550AB(__ecx, _t123);
						goto L11;
					}
					__eflags = _t59 - 0x6f;
					if(_t59 != 0x6f) {
						goto L12;
					}
					_t61 = L011519E2(__ecx);
				} else {
					if(_t134 == 0) {
						L28:
						_t3 = _t130 + 0x20;
						 *_t3 =  *(_t130 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						L29:
						_push(_t99);
						_push(0xa);
						L30:
						_t61 = L0115484F(_t130, __eflags);
						L11:
						if(_t61 != 0) {
							__eflags =  *((intOrPtr*)(_t130 + 0x30)) - _t99;
							if( *((intOrPtr*)(_t130 + 0x30)) != _t99) {
								L70:
								_t62 = 1;
								L71:
								return L01152ECD(_t62, _t99, _v8 ^ _t131, _t123, _t126, _t130);
							}
							_t110 = _t99;
							_v16 = _t99;
							_v12 = _t99;
							_t100 =  *(_t130 + 0x20);
							_push(_t126);
							_v20 = _t110;
							_t65 = _t100 >> 4;
							_t127 = 0x20;
							__eflags = 1 & _t65;
							if((1 & _t65) == 0) {
								L46:
								_t123 =  *(_t130 + 0x32) & 0x0000ffff;
								_t128 = 0x78;
								__eflags = _t123 - _t128;
								if(_t123 == _t128) {
									L48:
									_t67 = _t100 >> 5;
									__eflags = _t67 & 0x00000001;
									if((_t67 & 0x00000001) == 0) {
										L50:
										_t101 = 0;
										__eflags = 0;
										L51:
										__eflags = _t123 - 0x61;
										if(_t123 == 0x61) {
											L54:
											_t68 = 1;
											L55:
											_v24 = 0x30;
											__eflags = _t101;
											if(_t101 != 0) {
												L57:
												 *((short*)(_t131 + _t110 * 2 - 0xc)) = _v24;
												_t70 = 0x58;
												__eflags = _t123 - _t70;
												if(_t123 == _t70) {
													L59:
													_t128 = _t70;
													L60:
													 *((short*)(_t131 + _t110 * 2 - 0xa)) = _t128;
													_t110 = _t110 + 2;
													__eflags = _t110;
													_v20 = _t110;
													L61:
													_t71 = _t130 + 0x18;
													_t129 = _t130 + 0x448;
													_t99 =  *((intOrPtr*)(_t130 + 0x24)) -  *((intOrPtr*)(_t130 + 0x38)) - _t110;
													__eflags =  *(_t130 + 0x20) & 0x0000000c;
													if(( *(_t130 + 0x20) & 0x0000000c) == 0) {
														L011556FF(_t129, 0x20, _t99, _t71);
														_t110 = _v20;
														_t132 = _t132 + 0x10;
													}
													_push(_t130 + 0xc);
													L01153DD2(_t129,  &_v16, _t110, _t130 + 0x18);
													_t112 =  *(_t130 + 0x20);
													_t77 = _t112 >> 3;
													__eflags = _t77 & 0x00000001;
													if((_t77 & 0x00000001) != 0) {
														_t115 = _t112 >> 2;
														__eflags = _t115 & 0x00000001;
														if((_t115 & 0x00000001) == 0) {
															L011556FF(_t129, _v24, _t99, _t130 + 0x18);
															_t132 = _t132 + 0x10;
														}
													}
													L01155C54(_t130, _t123, 0);
													_t114 = _t130 + 0x18;
													__eflags =  *_t114;
													if( *_t114 >= 0) {
														_t80 =  *(_t130 + 0x20) >> 2;
														__eflags = _t80 & 0x00000001;
														if((_t80 & 0x00000001) != 0) {
															L011556FF(_t129, 0x20, _t99, _t114);
														}
													}
													_pop(_t126);
													goto L70;
												}
												_t104 = 0x41;
												__eflags = _t123 - _t104;
												if(_t123 != _t104) {
													goto L60;
												}
												goto L59;
											}
											__eflags = _t68;
											if(_t68 == 0) {
												goto L61;
											}
											goto L57;
										}
										_t85 = 0x41;
										__eflags = _t123 - _t85;
										if(_t123 == _t85) {
											goto L54;
										}
										_t68 = 0;
										goto L55;
									}
									_t101 = 1;
									goto L51;
								}
								_t86 = 0x58;
								__eflags = _t123 - _t86;
								if(_t123 != _t86) {
									goto L50;
								}
								goto L48;
							}
							_t88 = _t100 >> 6;
							__eflags = 1 & _t88;
							if((1 & _t88) == 0) {
								__eflags = 1 & _t100;
								if((1 & _t100) == 0) {
									_t90 = _t100 >> 1;
									__eflags = 1 & _t90;
									if((1 & _t90) != 0) {
										_v16 = _t127;
										_t110 = 1;
										_v20 = 1;
									}
									goto L46;
								}
								_push(0x2b);
								L43:
								_pop(_t91);
								_t110 = 1;
								_v16 = _t91;
								_v20 = 1;
								goto L46;
							}
							_push(0x2d);
							goto L43;
						}
						L12:
						_t62 = 0;
						goto L71;
					}
					_t135 = _t59 - _t106;
					if(_t135 > 0) {
						_t95 = _t59 - 0x5a;
						__eflags = _t95;
						if(_t95 == 0) {
							_t61 = L01152BDF(__ecx);
							goto L11;
						}
						_t96 = _t95 - 7;
						__eflags = _t96;
						if(_t96 == 0) {
							L31:
							_t61 = L01151D9D(_t130);
							goto L11;
						}
						__eflags = _t96;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t61 = L01154B06(_t130, _t123, __eflags, _t99);
						goto L11;
					}
					if(_t135 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t59 == _t123) {
						goto L31;
					}
					if(_t59 == 0x43) {
						goto L18;
					}
					if(_t59 <= 0x44) {
						goto L12;
					}
					if(_t59 <= 0x47) {
						goto L31;
					}
					if(_t59 != 0x53) {
						goto L12;
					}
					L10:
					_t61 = E0115118B(_t130);
				}
			}

















































          0x01151a73
          0x011a6168
          0x011a616f
          0x011a6174
          0x011a6176
          0x011a617a
          0x011a617d
          0x011a6181
          0x011a6182
          0x011a6185
          0x011a61f2
          0x011a61f5
          0x011a6244
          0x011a6244
          0x011a6247
          0x00000000
          0x00000000
          0x011a624e
          0x011a624e
          0x011a6251
          0x00000000
          0x00000000
          0x011a6253
          0x011a6256
          0x00000000
          0x00000000
          0x011a625c
          0x00000000
          0x011a625c
          0x011a61f7
          0x011a623a
          0x00000000
          0x011a623a
          0x011a61f9
          0x011a61fc
          0x00000000
          0x00000000
          0x011a61fe
          0x011a6201
          0x00000000
          0x00000000
          0x011a6203
          0x011a6206
          0x011a6218
          0x00000000
          0x011a6218
          0x011a6208
          0x011a620b
          0x00000000
          0x00000000
          0x011a620f
          0x011a6187
          0x011a6187
          0x011a621f
          0x011a621f
          0x011a621f
          0x011a621f
          0x011a6223
          0x011a6223
          0x011a6224
          0x011a6226
          0x011a6228
          0x011a61ba
          0x011a61bc
          0x011a6262
          0x011a6265
          0x011a63ad
          0x011a63ad
          0x011a63af
          0x011a63bc
          0x011a63bc
          0x011a626b
          0x011a626d
          0x011a6270
          0x011a6276
          0x011a627a
          0x011a627d
          0x011a6280
          0x011a6285
          0x011a6286
          0x011a6288
          0x011a62ba
          0x011a62ba
          0x011a62c0
          0x011a62c1
          0x011a62c4
          0x011a62ce
          0x011a62d0
          0x011a62d3
          0x011a62d5
          0x011a62db
          0x011a62db
          0x011a62db
          0x011a62dd
          0x011a62dd
          0x011a62e0
          0x011a62ee
          0x011a62ee
          0x011a62f0
          0x011a62f0
          0x011a62f7
          0x011a62f9
          0x011a62ff
          0x011a6304
          0x011a6309
          0x011a630a
          0x011a630d
          0x011a6317
          0x011a6317
          0x011a6319
          0x011a6319
          0x011a631e
          0x011a631e
          0x011a6321
          0x011a6324
          0x011a6327
          0x011a632d
          0x011a6333
          0x011a6335
          0x011a6339
          0x011a6340
          0x011a6345
          0x011a6348
          0x011a6348
          0x011a634e
          0x011a635a
          0x011a635f
          0x011a6364
          0x011a6367
          0x011a6369
          0x011a636b
          0x011a636e
          0x011a6371
          0x011a637c
          0x011a6381
          0x011a6381
          0x011a6371
          0x011a6388
          0x011a638d
          0x011a6390
          0x011a6393
          0x011a6398
          0x011a639b
          0x011a639d
          0x011a63a4
          0x011a63a9
          0x011a639d
          0x011a63ac
          0x00000000
          0x011a63ac
          0x011a6311
          0x011a6312
          0x011a6315
          0x00000000
          0x00000000
          0x00000000
          0x011a6315
          0x011a62fb
          0x011a62fd
          0x00000000
          0x00000000
          0x00000000
          0x011a62fd
          0x011a62e4
          0x011a62e5
          0x011a62e8
          0x00000000
          0x00000000
          0x011a62ea
          0x00000000
          0x011a62ea
          0x011a62d7
          0x00000000
          0x011a62d7
          0x011a62c8
          0x011a62c9
          0x011a62cc
          0x00000000
          0x00000000
          0x00000000
          0x011a62cc
          0x011a628c
          0x011a628f
          0x011a6291
          0x011a6297
          0x011a6299
          0x011a62ab
          0x011a62ad
          0x011a62af
          0x011a62b1
          0x011a62b5
          0x011a62b7
          0x011a62b7
          0x00000000
          0x011a62af
          0x011a629b
          0x011a629d
          0x011a629d
          0x011a629e
          0x011a62a0
          0x011a62a4
          0x00000000
          0x011a62a4
          0x011a6293
          0x00000000
          0x011a6293
          0x011a61c2
          0x011a61c2
          0x00000000
          0x011a61c2
          0x011a618d
          0x011a618f
          0x011a61cf
          0x011a61cf
          0x011a61d2
          0x011a61eb
          0x00000000
          0x011a61eb
          0x011a61d4
          0x011a61d4
          0x011a61d7
          0x011a622f
          0x011a6231
          0x00000000
          0x011a6231
          0x011a61da
          0x011a61dd
          0x00000000
          0x00000000
          0x011a61df
          0x011a61e2
          0x00000000
          0x011a61e2
          0x011a6191
          0x011a61c9
          0x011a61cb
          0x011a61cb
          0x00000000
          0x011a61cb
          0x011a6195
          0x00000000
          0x00000000
          0x011a619e
          0x00000000
          0x00000000
          0x011a61a3
          0x00000000
          0x00000000
          0x011a61a8
          0x00000000
          0x00000000
          0x011a61b1
          0x00000000
          0x00000000
          0x011a61b3
          0x011a61b5
          0x011a61b5

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 9307d2b03441d30fbba9501558f730aca0aa6677f17355b319ff5479d65ab5b0
          • Instruction ID: c4ec28574fdb44d15700da1981f48dc8be44cd0b1d5ed921fb7f20ec55974740
          • Opcode Fuzzy Hash: 9307d2b03441d30fbba9501558f730aca0aa6677f17355b319ff5479d65ab5b0
          • Instruction Fuzzy Hash: 0E615D787007099AEB3C9A6C88907BE7FA6EF91604FCC441FD952DB2C2D721E946C352
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011533A5 Relevance: 1.5, Strings: 1, Instructions: 221COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 84%
          			E011533A5(void* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed int _t55;
				signed char _t57;
				signed char _t59;
				signed int _t60;
				void* _t62;
				signed char _t67;
				signed char _t70;
				signed char _t77;
				signed char _t79;
				signed int _t81;
				signed int _t83;
				signed int _t84;
				unsigned int _t90;
				signed int _t91;
				signed int* _t92;
				void* _t94;
				signed int _t97;
				unsigned int _t99;
				signed char _t101;
				void* _t109;
				intOrPtr _t112;
				void* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_push(__ecx);
				_t119 = __ecx;
				_t94 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t124 = _t51 - 0x64;
				if(_t124 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							goto L10;
						}
						_t81 = _t52;
						__eflags = _t81;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t81 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t53 = L01155C90(__ecx);
						goto L11;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						goto L31;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = L01156096(__ecx, _t109);
						goto L11;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L12;
					}
					_t53 = L01153BC5(__ecx);
				} else {
					if(_t124 == 0) {
						L28:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						L29:
						_push(0);
						_push(0xa);
						L30:
						_t53 = L01153571(_t119, _t109, __eflags);
						L11:
						if(_t53 != 0) {
							_t54 = E01152EE1(_t119);
							__eflags = _t54;
							if(_t54 != 0) {
								L72:
								_t55 = 1;
								L73:
								return _t55;
							}
							__eflags =  *(_t119 + 0x30);
							if( *(_t119 + 0x30) != 0) {
								goto L72;
							}
							_t97 = 0;
							_v8 = 0;
							_v6 = 0;
							_t90 =  *(_t119 + 0x20);
							_v12 = 0;
							_t57 = _t90 >> 4;
							__eflags = 1 & _t57;
							if((1 & _t57) == 0) {
								L47:
								_t112 =  *((intOrPtr*)(_t119 + 0x31));
								__eflags = _t112 - 0x78;
								if(_t112 == 0x78) {
									L49:
									_t59 = _t90 >> 5;
									__eflags = _t59 & 0x00000001;
									if((_t59 & 0x00000001) == 0) {
										L51:
										_t91 = 0;
										__eflags = 0;
										L52:
										__eflags = _t112 - 0x61;
										if(_t112 == 0x61) {
											L55:
											_t60 = 1;
											L56:
											__eflags = _t91;
											if(_t91 != 0) {
												L58:
												 *((char*)(_t121 + _t97 - 4)) = 0x30;
												__eflags = _t112 - 0x58;
												if(_t112 == 0x58) {
													L61:
													0x78 = 0x58;
													L62:
													 *((char*)(_t121 + _t97 - 3)) = 0x78;
													_t97 = _t97 + 2;
													__eflags = _t97;
													_v12 = _t97;
													L63:
													_t92 = _t119 + 0x18;
													_t62 = _t119 + 0x448;
													_t116 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t97;
													__eflags =  *(_t119 + 0x20) & 0x0000000c;
													if(( *(_t119 + 0x20) & 0x0000000c) == 0) {
														L01153A94(_t62, 0x20, _t116, _t92);
														_t97 = _v12;
														_t122 = _t122 + 0x10;
													}
													_push(_t119 + 0xc);
													L011559D4(_t119 + 0x448,  &_v8, _t97, _t92);
													_t99 =  *(_t119 + 0x20);
													_t67 = _t99 >> 3;
													__eflags = _t67 & 0x00000001;
													if((_t67 & 0x00000001) != 0) {
														_t101 = _t99 >> 2;
														__eflags = _t101 & 0x00000001;
														if((_t101 & 0x00000001) == 0) {
															L01153A94(_t119 + 0x448, 0x30, _t116, _t92);
															_t122 = _t122 + 0x10;
														}
													}
													L01153E86(_t119, 0);
													__eflags =  *_t92;
													if( *_t92 >= 0) {
														_t70 =  *(_t119 + 0x20) >> 2;
														__eflags = _t70 & 0x00000001;
														if((_t70 & 0x00000001) != 0) {
															L01153A94(_t119 + 0x448, 0x20, _t116, _t92);
														}
													}
													goto L72;
												}
												__eflags = _t112 - 0x41;
												if(_t112 == 0x41) {
													goto L61;
												}
												goto L62;
											}
											__eflags = _t60;
											if(_t60 == 0) {
												goto L63;
											}
											goto L58;
										}
										__eflags = _t112 - 0x41;
										if(_t112 == 0x41) {
											goto L55;
										}
										_t60 = 0;
										goto L56;
									}
									_t91 = 1;
									goto L52;
								}
								__eflags = _t112 - 0x58;
								if(_t112 != 0x58) {
									goto L51;
								}
								goto L49;
							}
							_t77 = _t90 >> 6;
							__eflags = 1 & _t77;
							if((1 & _t77) == 0) {
								__eflags = 1 & _t90;
								if((1 & _t90) == 0) {
									_t79 = _t90 >> 1;
									__eflags = 1 & _t79;
									if((1 & _t79) != 0) {
										_v8 = 0x20;
										_t97 = 1;
										_v12 = 1;
									}
									goto L47;
								}
								_v8 = 0x2b;
								L44:
								_t97 = 1;
								_v12 = 1;
								goto L47;
							}
							_v8 = 0x2d;
							goto L44;
						}
						L12:
						_t55 = 0;
						goto L73;
					}
					_t125 = _t51 - _t94;
					if(_t125 > 0) {
						_t83 = _t51 - 0x5a;
						__eflags = _t83;
						if(_t83 == 0) {
							_t53 = L01155A38(__ecx);
							goto L11;
						}
						_t84 = _t83 - 7;
						__eflags = _t84;
						if(_t84 == 0) {
							L31:
							_t53 = L011514A1(0, _t119);
							goto L11;
						}
						__eflags = _t84;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t53 = L01154E8A(0, _t119, _t109, __eflags, 0);
						goto L11;
					}
					if(_t125 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t51 == 0x41) {
						goto L31;
					}
					if(_t51 == 0x43) {
						goto L18;
					}
					if(_t51 <= 0x44) {
						goto L12;
					}
					if(_t51 <= 0x47) {
						goto L31;
					}
					if(_t51 != 0x53) {
						goto L12;
					}
					L10:
					_t53 = L0115200E(_t119);
				}
			}






































          0x011a5389
          0x011a538a
          0x011a538d
          0x011a5393
          0x011a5394
          0x011a5398
          0x011a539b
          0x011a5409
          0x011a540c
          0x011a545b
          0x011a545b
          0x011a545e
          0x00000000
          0x00000000
          0x011a5465
          0x011a5465
          0x011a5468
          0x00000000
          0x00000000
          0x011a546a
          0x011a546d
          0x00000000
          0x00000000
          0x011a5473
          0x00000000
          0x011a5473
          0x011a540e
          0x011a5451
          0x00000000
          0x011a5451
          0x011a5410
          0x011a5413
          0x00000000
          0x00000000
          0x011a5415
          0x011a5418
          0x00000000
          0x00000000
          0x011a541a
          0x011a541d
          0x011a542f
          0x00000000
          0x011a542f
          0x011a541f
          0x011a5422
          0x00000000
          0x00000000
          0x011a5426
          0x011a539d
          0x011a539d
          0x011a5436
          0x011a5436
          0x011a5436
          0x011a5436
          0x011a543a
          0x011a543a
          0x011a543b
          0x011a543d
          0x011a543f
          0x011a53d1
          0x011a53d3
          0x011a547b
          0x011a5480
          0x011a5482
          0x011a55bf
          0x011a55bf
          0x011a55c1
          0x011a55c4
          0x011a55c4
          0x011a5488
          0x011a548b
          0x00000000
          0x00000000
          0x011a5491
          0x011a5493
          0x011a5497
          0x011a549c
          0x011a54a2
          0x011a54a5
          0x011a54a8
          0x011a54aa
          0x011a54db
          0x011a54db
          0x011a54de
          0x011a54e1
          0x011a54e8
          0x011a54ea
          0x011a54ed
          0x011a54ef
          0x011a54f5
          0x011a54f5
          0x011a54f5
          0x011a54f7
          0x011a54f7
          0x011a54fa
          0x011a5505
          0x011a5505
          0x011a5507
          0x011a5507
          0x011a5509
          0x011a550f
          0x011a550f
          0x011a5514
          0x011a5517
          0x011a5522
          0x011a5524
          0x011a5525
          0x011a5525
          0x011a5529
          0x011a5529
          0x011a552c
          0x011a552f
          0x011a5533
          0x011a5539
          0x011a553f
          0x011a5541
          0x011a5545
          0x011a554c
          0x011a5551
          0x011a5554
          0x011a5554
          0x011a555a
          0x011a5567
          0x011a556c
          0x011a5571
          0x011a5574
          0x011a5576
          0x011a5578
          0x011a557b
          0x011a557e
          0x011a558b
          0x011a5590
          0x011a5590
          0x011a557e
          0x011a5597
          0x011a559c
          0x011a559f
          0x011a55a4
          0x011a55a7
          0x011a55a9
          0x011a55b6
          0x011a55bb
          0x011a55a9
          0x00000000
          0x011a55be
          0x011a5519
          0x011a551c
          0x00000000
          0x00000000
          0x00000000
          0x011a551e
          0x011a550b
          0x011a550d
          0x00000000
          0x00000000
          0x00000000
          0x011a550d
          0x011a54fc
          0x011a54ff
          0x00000000
          0x00000000
          0x011a5501
          0x00000000
          0x011a5501
          0x011a54f1
          0x00000000
          0x011a54f1
          0x011a54e3
          0x011a54e6
          0x00000000
          0x00000000
          0x00000000
          0x011a54e6
          0x011a54ae
          0x011a54b1
          0x011a54b3
          0x011a54bb
          0x011a54bd
          0x011a54cc
          0x011a54ce
          0x011a54d0
          0x011a54d2
          0x011a54d6
          0x011a54d8
          0x011a54d8
          0x00000000
          0x011a54d0
          0x011a54bf
          0x011a54c3
          0x011a54c3
          0x011a54c5
          0x00000000
          0x011a54c5
          0x011a54b5
          0x00000000
          0x011a54b5
          0x011a53d9
          0x011a53d9
          0x00000000
          0x011a53d9
          0x011a53a3
          0x011a53a5
          0x011a53e6
          0x011a53e6
          0x011a53e9
          0x011a5402
          0x00000000
          0x011a5402
          0x011a53eb
          0x011a53eb
          0x011a53ee
          0x011a5446
          0x011a5448
          0x00000000
          0x011a5448
          0x011a53f1
          0x011a53f4
          0x00000000
          0x00000000
          0x011a53f6
          0x011a53f9
          0x00000000
          0x011a53f9
          0x011a53a7
          0x011a53e0
          0x011a53e2
          0x011a53e2
          0x00000000
          0x011a53e2
          0x011a53ac
          0x00000000
          0x00000000
          0x011a53b5
          0x00000000
          0x00000000
          0x011a53ba
          0x00000000
          0x00000000
          0x011a53bf
          0x00000000
          0x00000000
          0x011a53c8
          0x00000000
          0x00000000
          0x011a53ca
          0x011a53cc
          0x011a53cc

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 0f58d2369acdf5e585c9312bcdd089450bfd8fcfbd756d347bf970bed504f1d2
          • Instruction ID: ac6464b4a3797bb64eb3d31b6cd795833916e924075c74b1144863fa6b7797bb
          • Opcode Fuzzy Hash: 0f58d2369acdf5e585c9312bcdd089450bfd8fcfbd756d347bf970bed504f1d2
          • Instruction Fuzzy Hash: 01516A7970C6499BEFFD892C84947BE6FAB9F51344FD40419DA83DB281E7A1D948C302
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01155F74 Relevance: 1.5, Strings: 1, Instructions: 221COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 88%
          			E01155F74(void* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed int _t55;
				signed char _t57;
				signed char _t59;
				signed int _t60;
				void* _t62;
				signed char _t67;
				signed char _t70;
				signed char _t77;
				signed char _t79;
				signed int _t81;
				signed int _t83;
				signed int _t84;
				unsigned int _t90;
				signed int _t91;
				signed int* _t92;
				void* _t94;
				signed int _t97;
				unsigned int _t99;
				signed char _t101;
				void* _t109;
				intOrPtr _t112;
				void* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_push(__ecx);
				_t119 = __ecx;
				_t94 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t124 = _t51 - 0x64;
				if(_t124 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							goto L10;
						}
						_t81 = _t52;
						__eflags = _t81;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t81 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t53 = L01152383(__ecx);
						goto L11;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						goto L31;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = E01153A3F(__ecx, _t109);
						goto L11;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L12;
					}
					_t53 = L01155704(__ecx);
				} else {
					if(_t124 == 0) {
						L28:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						L29:
						_push(0);
						_push(0xa);
						L30:
						_t53 = L01151E7E(_t119, _t109, __eflags);
						L11:
						if(_t53 != 0) {
							_t54 = E0115204A(_t119);
							__eflags = _t54;
							if(_t54 != 0) {
								L72:
								_t55 = 1;
								L73:
								return _t55;
							}
							__eflags =  *(_t119 + 0x30);
							if( *(_t119 + 0x30) != 0) {
								goto L72;
							}
							_t97 = 0;
							_v8 = 0;
							_v6 = 0;
							_t90 =  *(_t119 + 0x20);
							_v12 = 0;
							_t57 = _t90 >> 4;
							__eflags = 1 & _t57;
							if((1 & _t57) == 0) {
								L47:
								_t112 =  *((intOrPtr*)(_t119 + 0x31));
								__eflags = _t112 - 0x78;
								if(_t112 == 0x78) {
									L49:
									_t59 = _t90 >> 5;
									__eflags = _t59 & 0x00000001;
									if((_t59 & 0x00000001) == 0) {
										L51:
										_t91 = 0;
										__eflags = 0;
										L52:
										__eflags = _t112 - 0x61;
										if(_t112 == 0x61) {
											L55:
											_t60 = 1;
											L56:
											__eflags = _t91;
											if(_t91 != 0) {
												L58:
												 *((char*)(_t121 + _t97 - 4)) = 0x30;
												__eflags = _t112 - 0x58;
												if(_t112 == 0x58) {
													L61:
													0x78 = 0x58;
													L62:
													 *((char*)(_t121 + _t97 - 3)) = 0x78;
													_t97 = _t97 + 2;
													__eflags = _t97;
													_v12 = _t97;
													L63:
													_t92 = _t119 + 0x18;
													_t62 = _t119 + 0x448;
													_t116 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t97;
													__eflags =  *(_t119 + 0x20) & 0x0000000c;
													if(( *(_t119 + 0x20) & 0x0000000c) == 0) {
														L01153D37(_t62, 0x20, _t116, _t92);
														_t97 = _v12;
														_t122 = _t122 + 0x10;
													}
													_push(_t119 + 0xc);
													L0115501F(_t119 + 0x448,  &_v8, _t97, _t92);
													_t99 =  *(_t119 + 0x20);
													_t67 = _t99 >> 3;
													__eflags = _t67 & 0x00000001;
													if((_t67 & 0x00000001) != 0) {
														_t101 = _t99 >> 2;
														__eflags = _t101 & 0x00000001;
														if((_t101 & 0x00000001) == 0) {
															L01153D37(_t119 + 0x448, 0x30, _t116, _t92);
															_t122 = _t122 + 0x10;
														}
													}
													E01151FBE(_t119, _t112, 0);
													__eflags =  *_t92;
													if( *_t92 >= 0) {
														_t70 =  *(_t119 + 0x20) >> 2;
														__eflags = _t70 & 0x00000001;
														if((_t70 & 0x00000001) != 0) {
															L01153D37(_t119 + 0x448, 0x20, _t116, _t92);
														}
													}
													goto L72;
												}
												__eflags = _t112 - 0x41;
												if(_t112 == 0x41) {
													goto L61;
												}
												goto L62;
											}
											__eflags = _t60;
											if(_t60 == 0) {
												goto L63;
											}
											goto L58;
										}
										__eflags = _t112 - 0x41;
										if(_t112 == 0x41) {
											goto L55;
										}
										_t60 = 0;
										goto L56;
									}
									_t91 = 1;
									goto L52;
								}
								__eflags = _t112 - 0x58;
								if(_t112 != 0x58) {
									goto L51;
								}
								goto L49;
							}
							_t77 = _t90 >> 6;
							__eflags = 1 & _t77;
							if((1 & _t77) == 0) {
								__eflags = 1 & _t90;
								if((1 & _t90) == 0) {
									_t79 = _t90 >> 1;
									__eflags = 1 & _t79;
									if((1 & _t79) != 0) {
										_v8 = 0x20;
										_t97 = 1;
										_v12 = 1;
									}
									goto L47;
								}
								_v8 = 0x2b;
								L44:
								_t97 = 1;
								_v12 = 1;
								goto L47;
							}
							_v8 = 0x2d;
							goto L44;
						}
						L12:
						_t55 = 0;
						goto L73;
					}
					_t125 = _t51 - _t94;
					if(_t125 > 0) {
						_t83 = _t51 - 0x5a;
						__eflags = _t83;
						if(_t83 == 0) {
							_t53 = L011560EB(__ecx);
							goto L11;
						}
						_t84 = _t83 - 7;
						__eflags = _t84;
						if(_t84 == 0) {
							L31:
							_t53 = E01155547(0, _t119);
							goto L11;
						}
						__eflags = _t84;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t53 = E011531E3(0, _t119, _t109, __eflags, 0);
						goto L11;
					}
					if(_t125 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t51 == 0x41) {
						goto L31;
					}
					if(_t51 == 0x43) {
						goto L18;
					}
					if(_t51 <= 0x44) {
						goto L12;
					}
					if(_t51 <= 0x47) {
						goto L31;
					}
					if(_t51 != 0x53) {
						goto L12;
					}
					L10:
					_t53 = L011513BB(_t119);
				}
			}






































          0x011a5bd6
          0x011a5bd7
          0x011a5bda
          0x011a5be0
          0x011a5be1
          0x011a5be5
          0x011a5be8
          0x011a5c56
          0x011a5c59
          0x011a5ca8
          0x011a5ca8
          0x011a5cab
          0x00000000
          0x00000000
          0x011a5cb2
          0x011a5cb2
          0x011a5cb5
          0x00000000
          0x00000000
          0x011a5cb7
          0x011a5cba
          0x00000000
          0x00000000
          0x011a5cc0
          0x00000000
          0x011a5cc0
          0x011a5c5b
          0x011a5c9e
          0x00000000
          0x011a5c9e
          0x011a5c5d
          0x011a5c60
          0x00000000
          0x00000000
          0x011a5c62
          0x011a5c65
          0x00000000
          0x00000000
          0x011a5c67
          0x011a5c6a
          0x011a5c7c
          0x00000000
          0x011a5c7c
          0x011a5c6c
          0x011a5c6f
          0x00000000
          0x00000000
          0x011a5c73
          0x011a5bea
          0x011a5bea
          0x011a5c83
          0x011a5c83
          0x011a5c83
          0x011a5c83
          0x011a5c87
          0x011a5c87
          0x011a5c88
          0x011a5c8a
          0x011a5c8c
          0x011a5c1e
          0x011a5c20
          0x011a5cc8
          0x011a5ccd
          0x011a5ccf
          0x011a5e0c
          0x011a5e0c
          0x011a5e0e
          0x011a5e11
          0x011a5e11
          0x011a5cd5
          0x011a5cd8
          0x00000000
          0x00000000
          0x011a5cde
          0x011a5ce0
          0x011a5ce4
          0x011a5ce9
          0x011a5cef
          0x011a5cf2
          0x011a5cf5
          0x011a5cf7
          0x011a5d28
          0x011a5d28
          0x011a5d2b
          0x011a5d2e
          0x011a5d35
          0x011a5d37
          0x011a5d3a
          0x011a5d3c
          0x011a5d42
          0x011a5d42
          0x011a5d42
          0x011a5d44
          0x011a5d44
          0x011a5d47
          0x011a5d52
          0x011a5d52
          0x011a5d54
          0x011a5d54
          0x011a5d56
          0x011a5d5c
          0x011a5d5c
          0x011a5d61
          0x011a5d64
          0x011a5d6f
          0x011a5d71
          0x011a5d72
          0x011a5d72
          0x011a5d76
          0x011a5d76
          0x011a5d79
          0x011a5d7c
          0x011a5d80
          0x011a5d86
          0x011a5d8c
          0x011a5d8e
          0x011a5d92
          0x011a5d99
          0x011a5d9e
          0x011a5da1
          0x011a5da1
          0x011a5da7
          0x011a5db4
          0x011a5db9
          0x011a5dbe
          0x011a5dc1
          0x011a5dc3
          0x011a5dc5
          0x011a5dc8
          0x011a5dcb
          0x011a5dd8
          0x011a5ddd
          0x011a5ddd
          0x011a5dcb
          0x011a5de4
          0x011a5de9
          0x011a5dec
          0x011a5df1
          0x011a5df4
          0x011a5df6
          0x011a5e03
          0x011a5e08
          0x011a5df6
          0x00000000
          0x011a5e0b
          0x011a5d66
          0x011a5d69
          0x00000000
          0x00000000
          0x00000000
          0x011a5d6b
          0x011a5d58
          0x011a5d5a
          0x00000000
          0x00000000
          0x00000000
          0x011a5d5a
          0x011a5d49
          0x011a5d4c
          0x00000000
          0x00000000
          0x011a5d4e
          0x00000000
          0x011a5d4e
          0x011a5d3e
          0x00000000
          0x011a5d3e
          0x011a5d30
          0x011a5d33
          0x00000000
          0x00000000
          0x00000000
          0x011a5d33
          0x011a5cfb
          0x011a5cfe
          0x011a5d00
          0x011a5d08
          0x011a5d0a
          0x011a5d19
          0x011a5d1b
          0x011a5d1d
          0x011a5d1f
          0x011a5d23
          0x011a5d25
          0x011a5d25
          0x00000000
          0x011a5d1d
          0x011a5d0c
          0x011a5d10
          0x011a5d10
          0x011a5d12
          0x00000000
          0x011a5d12
          0x011a5d02
          0x00000000
          0x011a5d02
          0x011a5c26
          0x011a5c26
          0x00000000
          0x011a5c26
          0x011a5bf0
          0x011a5bf2
          0x011a5c33
          0x011a5c33
          0x011a5c36
          0x011a5c4f
          0x00000000
          0x011a5c4f
          0x011a5c38
          0x011a5c38
          0x011a5c3b
          0x011a5c93
          0x011a5c95
          0x00000000
          0x011a5c95
          0x011a5c3e
          0x011a5c41
          0x00000000
          0x00000000
          0x011a5c43
          0x011a5c46
          0x00000000
          0x011a5c46
          0x011a5bf4
          0x011a5c2d
          0x011a5c2f
          0x011a5c2f
          0x00000000
          0x011a5c2f
          0x011a5bf9
          0x00000000
          0x00000000
          0x011a5c02
          0x00000000
          0x00000000
          0x011a5c07
          0x00000000
          0x00000000
          0x011a5c0c
          0x00000000
          0x00000000
          0x011a5c15
          0x00000000
          0x00000000
          0x011a5c17
          0x011a5c19
          0x011a5c19

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 2dd0cd8df18dc9a79acd5e9a692ddbc39a46a7d7895cf3331b81ed2fdaacb127
          • Instruction ID: bf616574b74289a1fb56b9e74deecdb673c84b35391318e2922b9cf34221f3f3
          • Opcode Fuzzy Hash: 2dd0cd8df18dc9a79acd5e9a692ddbc39a46a7d7895cf3331b81ed2fdaacb127
          • Instruction Fuzzy Hash: 1A51A07C20C7499AEBFD552C84987BE7F9FAF11244FC4061DDA42DB28EC7219986C392
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01152270 Relevance: 1.5, Strings: 1, Instructions: 217COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 84%
          			E01152270(void* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed char _t56;
				signed char _t58;
				signed int _t59;
				void* _t61;
				signed char _t66;
				signed char _t69;
				signed char _t76;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				unsigned int _t89;
				signed int _t90;
				signed int* _t91;
				void* _t93;
				signed int _t95;
				unsigned int _t97;
				signed char _t99;
				void* _t107;
				intOrPtr _t110;
				void* _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				void* _t123;

				_push(__ecx);
				_push(__ecx);
				_t117 = __ecx;
				_t93 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t122 = _t51 - 0x64;
				if(_t122 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							goto L10;
						}
						_t80 = _t52;
						__eflags = _t80;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t80 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t53 = L0115222A(__ecx);
						goto L11;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						goto L31;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = L0115228E(__ecx, _t107);
						goto L11;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L12;
					}
					_t53 = L011542E6(__ecx);
				} else {
					if(_t122 == 0) {
						L28:
						_t2 = _t117 + 0x20;
						 *_t2 =  *(_t117 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						L29:
						_push(0);
						_push(0xa);
						L30:
						_t53 = L01152CCA(_t117, _t107, __eflags);
						L11:
						if(_t53 != 0) {
							__eflags =  *(_t117 + 0x30);
							if( *(_t117 + 0x30) != 0) {
								L71:
								_t54 = 1;
								L72:
								return _t54;
							}
							_t95 = 0;
							_v8 = 0;
							_v6 = 0;
							_t89 =  *(_t117 + 0x20);
							_v12 = 0;
							_t56 = _t89 >> 4;
							__eflags = 1 & _t56;
							if((1 & _t56) == 0) {
								L46:
								_t110 =  *((intOrPtr*)(_t117 + 0x31));
								__eflags = _t110 - 0x78;
								if(_t110 == 0x78) {
									L48:
									_t58 = _t89 >> 5;
									__eflags = _t58 & 0x00000001;
									if((_t58 & 0x00000001) == 0) {
										L50:
										_t90 = 0;
										__eflags = 0;
										L51:
										__eflags = _t110 - 0x61;
										if(_t110 == 0x61) {
											L54:
											_t59 = 1;
											L55:
											__eflags = _t90;
											if(_t90 != 0) {
												L57:
												 *((char*)(_t119 + _t95 - 4)) = 0x30;
												__eflags = _t110 - 0x58;
												if(_t110 == 0x58) {
													L60:
													0x78 = 0x58;
													L61:
													 *((char*)(_t119 + _t95 - 3)) = 0x78;
													_t95 = _t95 + 2;
													__eflags = _t95;
													_v12 = _t95;
													L62:
													_t91 = _t117 + 0x18;
													_t61 = _t117 + 0x448;
													_t114 =  *((intOrPtr*)(_t117 + 0x24)) -  *((intOrPtr*)(_t117 + 0x38)) - _t95;
													__eflags =  *(_t117 + 0x20) & 0x0000000c;
													if(( *(_t117 + 0x20) & 0x0000000c) == 0) {
														L01153A94(_t61, 0x20, _t114, _t91);
														_t95 = _v12;
														_t120 = _t120 + 0x10;
													}
													_push(_t117 + 0xc);
													L011559D4(_t117 + 0x448,  &_v8, _t95, _t91);
													_t97 =  *(_t117 + 0x20);
													_t66 = _t97 >> 3;
													__eflags = _t66 & 0x00000001;
													if((_t66 & 0x00000001) != 0) {
														_t99 = _t97 >> 2;
														__eflags = _t99 & 0x00000001;
														if((_t99 & 0x00000001) == 0) {
															L01153A94(_t117 + 0x448, 0x30, _t114, _t91);
															_t120 = _t120 + 0x10;
														}
													}
													E011512DA(_t117, 0);
													__eflags =  *_t91;
													if( *_t91 >= 0) {
														_t69 =  *(_t117 + 0x20) >> 2;
														__eflags = _t69 & 0x00000001;
														if((_t69 & 0x00000001) != 0) {
															L01153A94(_t117 + 0x448, 0x20, _t114, _t91);
														}
													}
													goto L71;
												}
												__eflags = _t110 - 0x41;
												if(_t110 == 0x41) {
													goto L60;
												}
												goto L61;
											}
											__eflags = _t59;
											if(_t59 == 0) {
												goto L62;
											}
											goto L57;
										}
										__eflags = _t110 - 0x41;
										if(_t110 == 0x41) {
											goto L54;
										}
										_t59 = 0;
										goto L55;
									}
									_t90 = 1;
									goto L51;
								}
								__eflags = _t110 - 0x58;
								if(_t110 != 0x58) {
									goto L50;
								}
								goto L48;
							}
							_t76 = _t89 >> 6;
							__eflags = 1 & _t76;
							if((1 & _t76) == 0) {
								__eflags = 1 & _t89;
								if((1 & _t89) == 0) {
									_t78 = _t89 >> 1;
									__eflags = 1 & _t78;
									if((1 & _t78) != 0) {
										_v8 = 0x20;
										_t95 = 1;
										_v12 = 1;
									}
									goto L46;
								}
								_v8 = 0x2b;
								L43:
								_t95 = 1;
								_v12 = 1;
								goto L46;
							}
							_v8 = 0x2d;
							goto L43;
						}
						L12:
						_t54 = 0;
						goto L72;
					}
					_t123 = _t51 - _t93;
					if(_t123 > 0) {
						_t82 = _t51 - 0x5a;
						__eflags = _t82;
						if(_t82 == 0) {
							_t53 = L01154886(__ecx);
							goto L11;
						}
						_t83 = _t82 - 7;
						__eflags = _t83;
						if(_t83 == 0) {
							L31:
							_t53 = L011546A1(0, _t117);
							goto L11;
						}
						__eflags = _t83;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t53 = L0115487C(0, _t117, _t107, __eflags, 0);
						goto L11;
					}
					if(_t123 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t51 == 0x41) {
						goto L31;
					}
					if(_t51 == 0x43) {
						goto L18;
					}
					if(_t51 <= 0x44) {
						goto L12;
					}
					if(_t51 <= 0x47) {
						goto L31;
					}
					if(_t51 != 0x53) {
						goto L12;
					}
					L10:
					_t53 = L01153CD3(_t117);
				}
			}





































          0x011a50cb
          0x011a50cc
          0x011a50cf
          0x011a50d5
          0x011a50d6
          0x011a50da
          0x011a50dd
          0x011a514b
          0x011a514e
          0x011a519d
          0x011a519d
          0x011a51a0
          0x00000000
          0x00000000
          0x011a51a7
          0x011a51a7
          0x011a51aa
          0x00000000
          0x00000000
          0x011a51ac
          0x011a51af
          0x00000000
          0x00000000
          0x011a51b5
          0x00000000
          0x011a51b5
          0x011a5150
          0x011a5193
          0x00000000
          0x011a5193
          0x011a5152
          0x011a5155
          0x00000000
          0x00000000
          0x011a5157
          0x011a515a
          0x00000000
          0x00000000
          0x011a515c
          0x011a515f
          0x011a5171
          0x00000000
          0x011a5171
          0x011a5161
          0x011a5164
          0x00000000
          0x00000000
          0x011a5168
          0x011a50df
          0x011a50df
          0x011a5178
          0x011a5178
          0x011a5178
          0x011a5178
          0x011a517c
          0x011a517c
          0x011a517d
          0x011a517f
          0x011a5181
          0x011a5113
          0x011a5115
          0x011a51bb
          0x011a51be
          0x011a52f2
          0x011a52f2
          0x011a52f4
          0x011a52f7
          0x011a52f7
          0x011a51c4
          0x011a51c6
          0x011a51ca
          0x011a51cf
          0x011a51d5
          0x011a51d8
          0x011a51db
          0x011a51dd
          0x011a520e
          0x011a520e
          0x011a5211
          0x011a5214
          0x011a521b
          0x011a521d
          0x011a5220
          0x011a5222
          0x011a5228
          0x011a5228
          0x011a5228
          0x011a522a
          0x011a522a
          0x011a522d
          0x011a5238
          0x011a5238
          0x011a523a
          0x011a523a
          0x011a523c
          0x011a5242
          0x011a5242
          0x011a5247
          0x011a524a
          0x011a5255
          0x011a5257
          0x011a5258
          0x011a5258
          0x011a525c
          0x011a525c
          0x011a525f
          0x011a5262
          0x011a5266
          0x011a526c
          0x011a5272
          0x011a5274
          0x011a5278
          0x011a527f
          0x011a5284
          0x011a5287
          0x011a5287
          0x011a528d
          0x011a529a
          0x011a529f
          0x011a52a4
          0x011a52a7
          0x011a52a9
          0x011a52ab
          0x011a52ae
          0x011a52b1
          0x011a52be
          0x011a52c3
          0x011a52c3
          0x011a52b1
          0x011a52ca
          0x011a52cf
          0x011a52d2
          0x011a52d7
          0x011a52da
          0x011a52dc
          0x011a52e9
          0x011a52ee
          0x011a52dc
          0x00000000
          0x011a52f1
          0x011a524c
          0x011a524f
          0x00000000
          0x00000000
          0x00000000
          0x011a5251
          0x011a523e
          0x011a5240
          0x00000000
          0x00000000
          0x00000000
          0x011a5240
          0x011a522f
          0x011a5232
          0x00000000
          0x00000000
          0x011a5234
          0x00000000
          0x011a5234
          0x011a5224
          0x00000000
          0x011a5224
          0x011a5216
          0x011a5219
          0x00000000
          0x00000000
          0x00000000
          0x011a5219
          0x011a51e1
          0x011a51e4
          0x011a51e6
          0x011a51ee
          0x011a51f0
          0x011a51ff
          0x011a5201
          0x011a5203
          0x011a5205
          0x011a5209
          0x011a520b
          0x011a520b
          0x00000000
          0x011a5203
          0x011a51f2
          0x011a51f6
          0x011a51f6
          0x011a51f8
          0x00000000
          0x011a51f8
          0x011a51e8
          0x00000000
          0x011a51e8
          0x011a511b
          0x011a511b
          0x00000000
          0x011a511b
          0x011a50e5
          0x011a50e7
          0x011a5128
          0x011a5128
          0x011a512b
          0x011a5144
          0x00000000
          0x011a5144
          0x011a512d
          0x011a512d
          0x011a5130
          0x011a5188
          0x011a518a
          0x00000000
          0x011a518a
          0x011a5133
          0x011a5136
          0x00000000
          0x00000000
          0x011a5138
          0x011a513b
          0x00000000
          0x011a513b
          0x011a50e9
          0x011a5122
          0x011a5124
          0x011a5124
          0x00000000
          0x011a5124
          0x011a50ee
          0x00000000
          0x00000000
          0x011a50f7
          0x00000000
          0x00000000
          0x011a50fc
          0x00000000
          0x00000000
          0x011a5101
          0x00000000
          0x00000000
          0x011a510a
          0x00000000
          0x00000000
          0x011a510c
          0x011a510e
          0x011a510e

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 13cbf40d44124aa27781cd580a14c84dffccb3e28ef464a5ef37264ceed4c817
          • Instruction ID: 8e188bb21be1d98147e673ab9537eeaea29f8a06dffa13795ca3b423b4eadce5
          • Opcode Fuzzy Hash: 13cbf40d44124aa27781cd580a14c84dffccb3e28ef464a5ef37264ceed4c817
          • Instruction Fuzzy Hash: 0D51CD3C20C749F6EBFD856C88957BE7F9BAB12244FC4051EE942DB282D721F9448312
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0115278E Relevance: 1.5, Strings: 1, Instructions: 217COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 84%
          			E0115278E(void* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed char _t56;
				signed char _t58;
				signed int _t59;
				void* _t61;
				signed char _t66;
				signed char _t69;
				signed char _t76;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				unsigned int _t89;
				signed int _t90;
				signed int* _t91;
				void* _t93;
				signed int _t95;
				unsigned int _t97;
				signed char _t99;
				void* _t107;
				intOrPtr _t110;
				void* _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				void* _t123;

				_push(__ecx);
				_push(__ecx);
				_t117 = __ecx;
				_t93 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t122 = _t51 - 0x64;
				if(_t122 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							goto L10;
						}
						_t80 = _t52;
						__eflags = _t80;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t80 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t53 = L01151122(__ecx);
						goto L11;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						goto L31;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = L0115415B(__ecx, _t107);
						goto L11;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L12;
					}
					_t53 = E011524EB(__ecx);
				} else {
					if(_t122 == 0) {
						L28:
						_t2 = _t117 + 0x20;
						 *_t2 =  *(_t117 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						L29:
						_push(0);
						_push(0xa);
						L30:
						_t53 = L011547A5(_t117, _t107, __eflags);
						L11:
						if(_t53 != 0) {
							__eflags =  *(_t117 + 0x30);
							if( *(_t117 + 0x30) != 0) {
								L71:
								_t54 = 1;
								L72:
								return _t54;
							}
							_t95 = 0;
							_v8 = 0;
							_v6 = 0;
							_t89 =  *(_t117 + 0x20);
							_v12 = 0;
							_t56 = _t89 >> 4;
							__eflags = 1 & _t56;
							if((1 & _t56) == 0) {
								L46:
								_t110 =  *((intOrPtr*)(_t117 + 0x31));
								__eflags = _t110 - 0x78;
								if(_t110 == 0x78) {
									L48:
									_t58 = _t89 >> 5;
									__eflags = _t58 & 0x00000001;
									if((_t58 & 0x00000001) == 0) {
										L50:
										_t90 = 0;
										__eflags = 0;
										L51:
										__eflags = _t110 - 0x61;
										if(_t110 == 0x61) {
											L54:
											_t59 = 1;
											L55:
											__eflags = _t90;
											if(_t90 != 0) {
												L57:
												 *((char*)(_t119 + _t95 - 4)) = 0x30;
												__eflags = _t110 - 0x58;
												if(_t110 == 0x58) {
													L60:
													0x78 = 0x58;
													L61:
													 *((char*)(_t119 + _t95 - 3)) = 0x78;
													_t95 = _t95 + 2;
													__eflags = _t95;
													_v12 = _t95;
													L62:
													_t91 = _t117 + 0x18;
													_t61 = _t117 + 0x448;
													_t114 =  *((intOrPtr*)(_t117 + 0x24)) -  *((intOrPtr*)(_t117 + 0x38)) - _t95;
													__eflags =  *(_t117 + 0x20) & 0x0000000c;
													if(( *(_t117 + 0x20) & 0x0000000c) == 0) {
														L01153A94(_t61, 0x20, _t114, _t91);
														_t95 = _v12;
														_t120 = _t120 + 0x10;
													}
													_push(_t117 + 0xc);
													L011559D4(_t117 + 0x448,  &_v8, _t95, _t91);
													_t97 =  *(_t117 + 0x20);
													_t66 = _t97 >> 3;
													__eflags = _t66 & 0x00000001;
													if((_t66 & 0x00000001) != 0) {
														_t99 = _t97 >> 2;
														__eflags = _t99 & 0x00000001;
														if((_t99 & 0x00000001) == 0) {
															L01153A94(_t117 + 0x448, 0x30, _t114, _t91);
															_t120 = _t120 + 0x10;
														}
													}
													L0115474B(_t117, 0);
													__eflags =  *_t91;
													if( *_t91 >= 0) {
														_t69 =  *(_t117 + 0x20) >> 2;
														__eflags = _t69 & 0x00000001;
														if((_t69 & 0x00000001) != 0) {
															L01153A94(_t117 + 0x448, 0x20, _t114, _t91);
														}
													}
													goto L71;
												}
												__eflags = _t110 - 0x41;
												if(_t110 == 0x41) {
													goto L60;
												}
												goto L61;
											}
											__eflags = _t59;
											if(_t59 == 0) {
												goto L62;
											}
											goto L57;
										}
										__eflags = _t110 - 0x41;
										if(_t110 == 0x41) {
											goto L54;
										}
										_t59 = 0;
										goto L55;
									}
									_t90 = 1;
									goto L51;
								}
								__eflags = _t110 - 0x58;
								if(_t110 != 0x58) {
									goto L50;
								}
								goto L48;
							}
							_t76 = _t89 >> 6;
							__eflags = 1 & _t76;
							if((1 & _t76) == 0) {
								__eflags = 1 & _t89;
								if((1 & _t89) == 0) {
									_t78 = _t89 >> 1;
									__eflags = 1 & _t78;
									if((1 & _t78) != 0) {
										_v8 = 0x20;
										_t95 = 1;
										_v12 = 1;
									}
									goto L46;
								}
								_v8 = 0x2b;
								L43:
								_t95 = 1;
								_v12 = 1;
								goto L46;
							}
							_v8 = 0x2d;
							goto L43;
						}
						L12:
						_t54 = 0;
						goto L72;
					}
					_t123 = _t51 - _t93;
					if(_t123 > 0) {
						_t82 = _t51 - 0x5a;
						__eflags = _t82;
						if(_t82 == 0) {
							_t53 = L01151C67(__ecx);
							goto L11;
						}
						_t83 = _t82 - 7;
						__eflags = _t83;
						if(_t83 == 0) {
							L31:
							_t53 = L01153738(0, _t117);
							goto L11;
						}
						__eflags = _t83;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t53 = E01151EAB(0, _t117, _t107, __eflags, 0);
						goto L11;
					}
					if(_t123 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t51 == 0x41) {
						goto L31;
					}
					if(_t51 == 0x43) {
						goto L18;
					}
					if(_t51 <= 0x44) {
						goto L12;
					}
					if(_t51 <= 0x47) {
						goto L31;
					}
					if(_t51 != 0x53) {
						goto L12;
					}
					L10:
					_t53 = L01152036(_t117);
				}
			}





































          0x011a565a
          0x011a565b
          0x011a565e
          0x011a5664
          0x011a5665
          0x011a5669
          0x011a566c
          0x011a56da
          0x011a56dd
          0x011a572c
          0x011a572c
          0x011a572f
          0x00000000
          0x00000000
          0x011a5736
          0x011a5736
          0x011a5739
          0x00000000
          0x00000000
          0x011a573b
          0x011a573e
          0x00000000
          0x00000000
          0x011a5744
          0x00000000
          0x011a5744
          0x011a56df
          0x011a5722
          0x00000000
          0x011a5722
          0x011a56e1
          0x011a56e4
          0x00000000
          0x00000000
          0x011a56e6
          0x011a56e9
          0x00000000
          0x00000000
          0x011a56eb
          0x011a56ee
          0x011a5700
          0x00000000
          0x011a5700
          0x011a56f0
          0x011a56f3
          0x00000000
          0x00000000
          0x011a56f7
          0x011a566e
          0x011a566e
          0x011a5707
          0x011a5707
          0x011a5707
          0x011a5707
          0x011a570b
          0x011a570b
          0x011a570c
          0x011a570e
          0x011a5710
          0x011a56a2
          0x011a56a4
          0x011a574a
          0x011a574d
          0x011a5881
          0x011a5881
          0x011a5883
          0x011a5886
          0x011a5886
          0x011a5753
          0x011a5755
          0x011a5759
          0x011a575e
          0x011a5764
          0x011a5767
          0x011a576a
          0x011a576c
          0x011a579d
          0x011a579d
          0x011a57a0
          0x011a57a3
          0x011a57aa
          0x011a57ac
          0x011a57af
          0x011a57b1
          0x011a57b7
          0x011a57b7
          0x011a57b7
          0x011a57b9
          0x011a57b9
          0x011a57bc
          0x011a57c7
          0x011a57c7
          0x011a57c9
          0x011a57c9
          0x011a57cb
          0x011a57d1
          0x011a57d1
          0x011a57d6
          0x011a57d9
          0x011a57e4
          0x011a57e6
          0x011a57e7
          0x011a57e7
          0x011a57eb
          0x011a57eb
          0x011a57ee
          0x011a57f1
          0x011a57f5
          0x011a57fb
          0x011a5801
          0x011a5803
          0x011a5807
          0x011a580e
          0x011a5813
          0x011a5816
          0x011a5816
          0x011a581c
          0x011a5829
          0x011a582e
          0x011a5833
          0x011a5836
          0x011a5838
          0x011a583a
          0x011a583d
          0x011a5840
          0x011a584d
          0x011a5852
          0x011a5852
          0x011a5840
          0x011a5859
          0x011a585e
          0x011a5861
          0x011a5866
          0x011a5869
          0x011a586b
          0x011a5878
          0x011a587d
          0x011a586b
          0x00000000
          0x011a5880
          0x011a57db
          0x011a57de
          0x00000000
          0x00000000
          0x00000000
          0x011a57e0
          0x011a57cd
          0x011a57cf
          0x00000000
          0x00000000
          0x00000000
          0x011a57cf
          0x011a57be
          0x011a57c1
          0x00000000
          0x00000000
          0x011a57c3
          0x00000000
          0x011a57c3
          0x011a57b3
          0x00000000
          0x011a57b3
          0x011a57a5
          0x011a57a8
          0x00000000
          0x00000000
          0x00000000
          0x011a57a8
          0x011a5770
          0x011a5773
          0x011a5775
          0x011a577d
          0x011a577f
          0x011a578e
          0x011a5790
          0x011a5792
          0x011a5794
          0x011a5798
          0x011a579a
          0x011a579a
          0x00000000
          0x011a5792
          0x011a5781
          0x011a5785
          0x011a5785
          0x011a5787
          0x00000000
          0x011a5787
          0x011a5777
          0x00000000
          0x011a5777
          0x011a56aa
          0x011a56aa
          0x00000000
          0x011a56aa
          0x011a5674
          0x011a5676
          0x011a56b7
          0x011a56b7
          0x011a56ba
          0x011a56d3
          0x00000000
          0x011a56d3
          0x011a56bc
          0x011a56bc
          0x011a56bf
          0x011a5717
          0x011a5719
          0x00000000
          0x011a5719
          0x011a56c2
          0x011a56c5
          0x00000000
          0x00000000
          0x011a56c7
          0x011a56ca
          0x00000000
          0x011a56ca
          0x011a5678
          0x011a56b1
          0x011a56b3
          0x011a56b3
          0x00000000
          0x011a56b3
          0x011a567d
          0x00000000
          0x00000000
          0x011a5686
          0x00000000
          0x00000000
          0x011a568b
          0x00000000
          0x00000000
          0x011a5690
          0x00000000
          0x00000000
          0x011a5699
          0x00000000
          0x00000000
          0x011a569b
          0x011a569d
          0x011a569d

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 89eff6c05a0f8ef846ed43e13d7e70745a3e5c634e81116599a6777841d67384
          • Instruction ID: 0c276a724118c071bba4da384e744eeaa062fca0ab48986e9e5cb44544d2cac6
          • Opcode Fuzzy Hash: 89eff6c05a0f8ef846ed43e13d7e70745a3e5c634e81116599a6777841d67384
          • Instruction Fuzzy Hash: E851EF7C20CF44DAEBFD89AD98947BE7FABAB11204FC4041EDA46E7281D7119944C702
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01151E1A Relevance: 1.5, Strings: 1, Instructions: 217COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 87%
          			E01151E1A(void* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed char _t56;
				signed char _t58;
				signed int _t59;
				void* _t61;
				signed char _t66;
				signed char _t69;
				signed char _t76;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				unsigned int _t89;
				signed int _t90;
				signed int* _t91;
				void* _t93;
				signed int _t95;
				unsigned int _t97;
				signed char _t99;
				void* _t107;
				intOrPtr _t110;
				void* _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				void* _t123;

				_push(__ecx);
				_push(__ecx);
				_t117 = __ecx;
				_t93 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t122 = _t51 - 0x64;
				if(_t122 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							goto L10;
						}
						_t80 = _t52;
						__eflags = _t80;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t80 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t53 = L0115621C(__ecx);
						goto L11;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						goto L31;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = L01153332(__ecx, _t107);
						goto L11;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L12;
					}
					_t53 = L0115408E(__ecx);
				} else {
					if(_t122 == 0) {
						L28:
						_t2 = _t117 + 0x20;
						 *_t2 =  *(_t117 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						L29:
						_push(0);
						_push(0xa);
						L30:
						_t53 = L01151D4D(_t117, _t107, __eflags);
						L11:
						if(_t53 != 0) {
							__eflags =  *(_t117 + 0x30);
							if( *(_t117 + 0x30) != 0) {
								L71:
								_t54 = 1;
								L72:
								return _t54;
							}
							_t95 = 0;
							_v8 = 0;
							_v6 = 0;
							_t89 =  *(_t117 + 0x20);
							_v12 = 0;
							_t56 = _t89 >> 4;
							__eflags = 1 & _t56;
							if((1 & _t56) == 0) {
								L46:
								_t110 =  *((intOrPtr*)(_t117 + 0x31));
								__eflags = _t110 - 0x78;
								if(_t110 == 0x78) {
									L48:
									_t58 = _t89 >> 5;
									__eflags = _t58 & 0x00000001;
									if((_t58 & 0x00000001) == 0) {
										L50:
										_t90 = 0;
										__eflags = 0;
										L51:
										__eflags = _t110 - 0x61;
										if(_t110 == 0x61) {
											L54:
											_t59 = 1;
											L55:
											__eflags = _t90;
											if(_t90 != 0) {
												L57:
												 *((char*)(_t119 + _t95 - 4)) = 0x30;
												__eflags = _t110 - 0x58;
												if(_t110 == 0x58) {
													L60:
													0x78 = 0x58;
													L61:
													 *((char*)(_t119 + _t95 - 3)) = 0x78;
													_t95 = _t95 + 2;
													__eflags = _t95;
													_v12 = _t95;
													L62:
													_t91 = _t117 + 0x18;
													_t61 = _t117 + 0x448;
													_t114 =  *((intOrPtr*)(_t117 + 0x24)) -  *((intOrPtr*)(_t117 + 0x38)) - _t95;
													__eflags =  *(_t117 + 0x20) & 0x0000000c;
													if(( *(_t117 + 0x20) & 0x0000000c) == 0) {
														L01153D37(_t61, 0x20, _t114, _t91);
														_t95 = _v12;
														_t120 = _t120 + 0x10;
													}
													_push(_t117 + 0xc);
													L0115501F(_t117 + 0x448,  &_v8, _t95, _t91);
													_t97 =  *(_t117 + 0x20);
													_t66 = _t97 >> 3;
													__eflags = _t66 & 0x00000001;
													if((_t66 & 0x00000001) != 0) {
														_t99 = _t97 >> 2;
														__eflags = _t99 & 0x00000001;
														if((_t99 & 0x00000001) == 0) {
															L01153D37(_t117 + 0x448, 0x30, _t114, _t91);
															_t120 = _t120 + 0x10;
														}
													}
													E011517EE(_t117, _t110, 0);
													__eflags =  *_t91;
													if( *_t91 >= 0) {
														_t69 =  *(_t117 + 0x20) >> 2;
														__eflags = _t69 & 0x00000001;
														if((_t69 & 0x00000001) != 0) {
															L01153D37(_t117 + 0x448, 0x20, _t114, _t91);
														}
													}
													goto L71;
												}
												__eflags = _t110 - 0x41;
												if(_t110 == 0x41) {
													goto L60;
												}
												goto L61;
											}
											__eflags = _t59;
											if(_t59 == 0) {
												goto L62;
											}
											goto L57;
										}
										__eflags = _t110 - 0x41;
										if(_t110 == 0x41) {
											goto L54;
										}
										_t59 = 0;
										goto L55;
									}
									_t90 = 1;
									goto L51;
								}
								__eflags = _t110 - 0x58;
								if(_t110 != 0x58) {
									goto L50;
								}
								goto L48;
							}
							_t76 = _t89 >> 6;
							__eflags = 1 & _t76;
							if((1 & _t76) == 0) {
								__eflags = 1 & _t89;
								if((1 & _t89) == 0) {
									_t78 = _t89 >> 1;
									__eflags = 1 & _t78;
									if((1 & _t78) != 0) {
										_v8 = 0x20;
										_t95 = 1;
										_v12 = 1;
									}
									goto L46;
								}
								_v8 = 0x2b;
								L43:
								_t95 = 1;
								_v12 = 1;
								goto L46;
							}
							_v8 = 0x2d;
							goto L43;
						}
						L12:
						_t54 = 0;
						goto L72;
					}
					_t123 = _t51 - _t93;
					if(_t123 > 0) {
						_t82 = _t51 - 0x5a;
						__eflags = _t82;
						if(_t82 == 0) {
							_t53 = L0115597F(__ecx);
							goto L11;
						}
						_t83 = _t82 - 7;
						__eflags = _t83;
						if(_t83 == 0) {
							L31:
							_t53 = E0115100F(0, _t117);
							goto L11;
						}
						__eflags = _t83;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t53 = L01152DEC(0, _t117, _t107, __eflags, 0);
						goto L11;
					}
					if(_t123 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t51 == 0x41) {
						goto L31;
					}
					if(_t51 == 0x43) {
						goto L18;
					}
					if(_t51 <= 0x44) {
						goto L12;
					}
					if(_t51 <= 0x47) {
						goto L31;
					}
					if(_t51 != 0x53) {
						goto L12;
					}
					L10:
					_t53 = L01154926(_t117);
				}
			}





































          0x011a5ea7
          0x011a5ea8
          0x011a5eab
          0x011a5eb1
          0x011a5eb2
          0x011a5eb6
          0x011a5eb9
          0x011a5f27
          0x011a5f2a
          0x011a5f79
          0x011a5f79
          0x011a5f7c
          0x00000000
          0x00000000
          0x011a5f83
          0x011a5f83
          0x011a5f86
          0x00000000
          0x00000000
          0x011a5f88
          0x011a5f8b
          0x00000000
          0x00000000
          0x011a5f91
          0x00000000
          0x011a5f91
          0x011a5f2c
          0x011a5f6f
          0x00000000
          0x011a5f6f
          0x011a5f2e
          0x011a5f31
          0x00000000
          0x00000000
          0x011a5f33
          0x011a5f36
          0x00000000
          0x00000000
          0x011a5f38
          0x011a5f3b
          0x011a5f4d
          0x00000000
          0x011a5f4d
          0x011a5f3d
          0x011a5f40
          0x00000000
          0x00000000
          0x011a5f44
          0x011a5ebb
          0x011a5ebb
          0x011a5f54
          0x011a5f54
          0x011a5f54
          0x011a5f54
          0x011a5f58
          0x011a5f58
          0x011a5f59
          0x011a5f5b
          0x011a5f5d
          0x011a5eef
          0x011a5ef1
          0x011a5f97
          0x011a5f9a
          0x011a60ce
          0x011a60ce
          0x011a60d0
          0x011a60d3
          0x011a60d3
          0x011a5fa0
          0x011a5fa2
          0x011a5fa6
          0x011a5fab
          0x011a5fb1
          0x011a5fb4
          0x011a5fb7
          0x011a5fb9
          0x011a5fea
          0x011a5fea
          0x011a5fed
          0x011a5ff0
          0x011a5ff7
          0x011a5ff9
          0x011a5ffc
          0x011a5ffe
          0x011a6004
          0x011a6004
          0x011a6004
          0x011a6006
          0x011a6006
          0x011a6009
          0x011a6014
          0x011a6014
          0x011a6016
          0x011a6016
          0x011a6018
          0x011a601e
          0x011a601e
          0x011a6023
          0x011a6026
          0x011a6031
          0x011a6033
          0x011a6034
          0x011a6034
          0x011a6038
          0x011a6038
          0x011a603b
          0x011a603e
          0x011a6042
          0x011a6048
          0x011a604e
          0x011a6050
          0x011a6054
          0x011a605b
          0x011a6060
          0x011a6063
          0x011a6063
          0x011a6069
          0x011a6076
          0x011a607b
          0x011a6080
          0x011a6083
          0x011a6085
          0x011a6087
          0x011a608a
          0x011a608d
          0x011a609a
          0x011a609f
          0x011a609f
          0x011a608d
          0x011a60a6
          0x011a60ab
          0x011a60ae
          0x011a60b3
          0x011a60b6
          0x011a60b8
          0x011a60c5
          0x011a60ca
          0x011a60b8
          0x00000000
          0x011a60cd
          0x011a6028
          0x011a602b
          0x00000000
          0x00000000
          0x00000000
          0x011a602d
          0x011a601a
          0x011a601c
          0x00000000
          0x00000000
          0x00000000
          0x011a601c
          0x011a600b
          0x011a600e
          0x00000000
          0x00000000
          0x011a6010
          0x00000000
          0x011a6010
          0x011a6000
          0x00000000
          0x011a6000
          0x011a5ff2
          0x011a5ff5
          0x00000000
          0x00000000
          0x00000000
          0x011a5ff5
          0x011a5fbd
          0x011a5fc0
          0x011a5fc2
          0x011a5fca
          0x011a5fcc
          0x011a5fdb
          0x011a5fdd
          0x011a5fdf
          0x011a5fe1
          0x011a5fe5
          0x011a5fe7
          0x011a5fe7
          0x00000000
          0x011a5fdf
          0x011a5fce
          0x011a5fd2
          0x011a5fd2
          0x011a5fd4
          0x00000000
          0x011a5fd4
          0x011a5fc4
          0x00000000
          0x011a5fc4
          0x011a5ef7
          0x011a5ef7
          0x00000000
          0x011a5ef7
          0x011a5ec1
          0x011a5ec3
          0x011a5f04
          0x011a5f04
          0x011a5f07
          0x011a5f20
          0x00000000
          0x011a5f20
          0x011a5f09
          0x011a5f09
          0x011a5f0c
          0x011a5f64
          0x011a5f66
          0x00000000
          0x011a5f66
          0x011a5f0f
          0x011a5f12
          0x00000000
          0x00000000
          0x011a5f14
          0x011a5f17
          0x00000000
          0x011a5f17
          0x011a5ec5
          0x011a5efe
          0x011a5f00
          0x011a5f00
          0x00000000
          0x011a5f00
          0x011a5eca
          0x00000000
          0x00000000
          0x011a5ed3
          0x00000000
          0x00000000
          0x011a5ed8
          0x00000000
          0x00000000
          0x011a5edd
          0x00000000
          0x00000000
          0x011a5ee6
          0x00000000
          0x00000000
          0x011a5ee8
          0x011a5eea
          0x011a5eea

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: c5ffce298acab2e48cb9fe3510efff9e20cd36137eda4ca5f60cf12aafbabc43
          • Instruction ID: 301f951d513191240ed31912bd2bf396955730d510fd76e486691b02435f5cae
          • Opcode Fuzzy Hash: c5ffce298acab2e48cb9fe3510efff9e20cd36137eda4ca5f60cf12aafbabc43
          • Instruction Fuzzy Hash: EE51A178248745A6EFFD962C85947BEBFAF9B11204FC8441ADB43CB681D7329988C213
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01155ECF Relevance: 1.5, Strings: 1, Instructions: 217COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 87%
          			E01155ECF(void* __ecx) {
				char _v6;
				char _v8;
				signed int _v12;
				void* __ebx;
				char _t51;
				signed int _t52;
				void* _t53;
				signed int _t54;
				signed char _t56;
				signed char _t58;
				signed int _t59;
				void* _t61;
				signed char _t66;
				signed char _t69;
				signed char _t76;
				signed char _t78;
				signed int _t80;
				signed int _t82;
				signed int _t83;
				unsigned int _t89;
				signed int _t90;
				signed int* _t91;
				void* _t93;
				signed int _t95;
				unsigned int _t97;
				signed char _t99;
				void* _t107;
				intOrPtr _t110;
				void* _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t122;
				void* _t123;

				_push(__ecx);
				_push(__ecx);
				_t117 = __ecx;
				_t93 = 0x58;
				_t51 =  *((char*)(__ecx + 0x31));
				_t122 = _t51 - 0x64;
				if(_t122 > 0) {
					__eflags = _t51 - 0x70;
					if(__eflags > 0) {
						_t52 = _t51 - 0x73;
						__eflags = _t52;
						if(_t52 == 0) {
							goto L10;
						}
						_t80 = _t52;
						__eflags = _t80;
						if(__eflags == 0) {
							goto L29;
						}
						__eflags = _t80 - 3;
						if(__eflags != 0) {
							goto L12;
						}
						_push(0);
						goto L14;
					}
					if(__eflags == 0) {
						_t53 = L01154133(__ecx);
						goto L11;
					}
					__eflags = _t51 - 0x67;
					if(_t51 <= 0x67) {
						goto L31;
					}
					__eflags = _t51 - 0x69;
					if(_t51 == 0x69) {
						goto L28;
					}
					__eflags = _t51 - 0x6e;
					if(_t51 == 0x6e) {
						_t53 = E01152B30(__ecx, _t107);
						goto L11;
					}
					__eflags = _t51 - 0x6f;
					if(_t51 != 0x6f) {
						goto L12;
					}
					_t53 = E01151573(__ecx);
				} else {
					if(_t122 == 0) {
						L28:
						_t2 = _t117 + 0x20;
						 *_t2 =  *(_t117 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						L29:
						_push(0);
						_push(0xa);
						L30:
						_t53 = L0115549D(_t117, _t107, __eflags);
						L11:
						if(_t53 != 0) {
							__eflags =  *(_t117 + 0x30);
							if( *(_t117 + 0x30) != 0) {
								L71:
								_t54 = 1;
								L72:
								return _t54;
							}
							_t95 = 0;
							_v8 = 0;
							_v6 = 0;
							_t89 =  *(_t117 + 0x20);
							_v12 = 0;
							_t56 = _t89 >> 4;
							__eflags = 1 & _t56;
							if((1 & _t56) == 0) {
								L46:
								_t110 =  *((intOrPtr*)(_t117 + 0x31));
								__eflags = _t110 - 0x78;
								if(_t110 == 0x78) {
									L48:
									_t58 = _t89 >> 5;
									__eflags = _t58 & 0x00000001;
									if((_t58 & 0x00000001) == 0) {
										L50:
										_t90 = 0;
										__eflags = 0;
										L51:
										__eflags = _t110 - 0x61;
										if(_t110 == 0x61) {
											L54:
											_t59 = 1;
											L55:
											__eflags = _t90;
											if(_t90 != 0) {
												L57:
												 *((char*)(_t119 + _t95 - 4)) = 0x30;
												__eflags = _t110 - 0x58;
												if(_t110 == 0x58) {
													L60:
													0x78 = 0x58;
													L61:
													 *((char*)(_t119 + _t95 - 3)) = 0x78;
													_t95 = _t95 + 2;
													__eflags = _t95;
													_v12 = _t95;
													L62:
													_t91 = _t117 + 0x18;
													_t61 = _t117 + 0x448;
													_t114 =  *((intOrPtr*)(_t117 + 0x24)) -  *((intOrPtr*)(_t117 + 0x38)) - _t95;
													__eflags =  *(_t117 + 0x20) & 0x0000000c;
													if(( *(_t117 + 0x20) & 0x0000000c) == 0) {
														L01153D37(_t61, 0x20, _t114, _t91);
														_t95 = _v12;
														_t120 = _t120 + 0x10;
													}
													_push(_t117 + 0xc);
													L0115501F(_t117 + 0x448,  &_v8, _t95, _t91);
													_t97 =  *(_t117 + 0x20);
													_t66 = _t97 >> 3;
													__eflags = _t66 & 0x00000001;
													if((_t66 & 0x00000001) != 0) {
														_t99 = _t97 >> 2;
														__eflags = _t99 & 0x00000001;
														if((_t99 & 0x00000001) == 0) {
															L01153D37(_t117 + 0x448, 0x30, _t114, _t91);
															_t120 = _t120 + 0x10;
														}
													}
													E011550A6(_t117, _t110, 0);
													__eflags =  *_t91;
													if( *_t91 >= 0) {
														_t69 =  *(_t117 + 0x20) >> 2;
														__eflags = _t69 & 0x00000001;
														if((_t69 & 0x00000001) != 0) {
															L01153D37(_t117 + 0x448, 0x20, _t114, _t91);
														}
													}
													goto L71;
												}
												__eflags = _t110 - 0x41;
												if(_t110 == 0x41) {
													goto L60;
												}
												goto L61;
											}
											__eflags = _t59;
											if(_t59 == 0) {
												goto L62;
											}
											goto L57;
										}
										__eflags = _t110 - 0x41;
										if(_t110 == 0x41) {
											goto L54;
										}
										_t59 = 0;
										goto L55;
									}
									_t90 = 1;
									goto L51;
								}
								__eflags = _t110 - 0x58;
								if(_t110 != 0x58) {
									goto L50;
								}
								goto L48;
							}
							_t76 = _t89 >> 6;
							__eflags = 1 & _t76;
							if((1 & _t76) == 0) {
								__eflags = 1 & _t89;
								if((1 & _t89) == 0) {
									_t78 = _t89 >> 1;
									__eflags = 1 & _t78;
									if((1 & _t78) != 0) {
										_v8 = 0x20;
										_t95 = 1;
										_v12 = 1;
									}
									goto L46;
								}
								_v8 = 0x2b;
								L43:
								_t95 = 1;
								_v12 = 1;
								goto L46;
							}
							_v8 = 0x2d;
							goto L43;
						}
						L12:
						_t54 = 0;
						goto L72;
					}
					_t123 = _t51 - _t93;
					if(_t123 > 0) {
						_t82 = _t51 - 0x5a;
						__eflags = _t82;
						if(_t82 == 0) {
							_t53 = E01154B33(__ecx);
							goto L11;
						}
						_t83 = _t82 - 7;
						__eflags = _t83;
						if(_t83 == 0) {
							L31:
							_t53 = E011538E6(0, _t117);
							goto L11;
						}
						__eflags = _t83;
						if(__eflags != 0) {
							goto L12;
						}
						L18:
						_t53 = L01153E63(0, _t117, _t107, __eflags, 0);
						goto L11;
					}
					if(_t123 == 0) {
						_push(1);
						L14:
						_push(0x10);
						goto L30;
					}
					if(_t51 == 0x41) {
						goto L31;
					}
					if(_t51 == 0x43) {
						goto L18;
					}
					if(_t51 <= 0x44) {
						goto L12;
					}
					if(_t51 <= 0x47) {
						goto L31;
					}
					if(_t51 != 0x53) {
						goto L12;
					}
					L10:
					_t53 = L01153440(_t117);
				}
			}





































          0x011a5918
          0x011a5919
          0x011a591c
          0x011a5922
          0x011a5923
          0x011a5927
          0x011a592a
          0x011a5998
          0x011a599b
          0x011a59ea
          0x011a59ea
          0x011a59ed
          0x00000000
          0x00000000
          0x011a59f4
          0x011a59f4
          0x011a59f7
          0x00000000
          0x00000000
          0x011a59f9
          0x011a59fc
          0x00000000
          0x00000000
          0x011a5a02
          0x00000000
          0x011a5a02
          0x011a599d
          0x011a59e0
          0x00000000
          0x011a59e0
          0x011a599f
          0x011a59a2
          0x00000000
          0x00000000
          0x011a59a4
          0x011a59a7
          0x00000000
          0x00000000
          0x011a59a9
          0x011a59ac
          0x011a59be
          0x00000000
          0x011a59be
          0x011a59ae
          0x011a59b1
          0x00000000
          0x00000000
          0x011a59b5
          0x011a592c
          0x011a592c
          0x011a59c5
          0x011a59c5
          0x011a59c5
          0x011a59c5
          0x011a59c9
          0x011a59c9
          0x011a59ca
          0x011a59cc
          0x011a59ce
          0x011a5960
          0x011a5962
          0x011a5a08
          0x011a5a0b
          0x011a5b3f
          0x011a5b3f
          0x011a5b41
          0x011a5b44
          0x011a5b44
          0x011a5a11
          0x011a5a13
          0x011a5a17
          0x011a5a1c
          0x011a5a22
          0x011a5a25
          0x011a5a28
          0x011a5a2a
          0x011a5a5b
          0x011a5a5b
          0x011a5a5e
          0x011a5a61
          0x011a5a68
          0x011a5a6a
          0x011a5a6d
          0x011a5a6f
          0x011a5a75
          0x011a5a75
          0x011a5a75
          0x011a5a77
          0x011a5a77
          0x011a5a7a
          0x011a5a85
          0x011a5a85
          0x011a5a87
          0x011a5a87
          0x011a5a89
          0x011a5a8f
          0x011a5a8f
          0x011a5a94
          0x011a5a97
          0x011a5aa2
          0x011a5aa4
          0x011a5aa5
          0x011a5aa5
          0x011a5aa9
          0x011a5aa9
          0x011a5aac
          0x011a5aaf
          0x011a5ab3
          0x011a5ab9
          0x011a5abf
          0x011a5ac1
          0x011a5ac5
          0x011a5acc
          0x011a5ad1
          0x011a5ad4
          0x011a5ad4
          0x011a5ada
          0x011a5ae7
          0x011a5aec
          0x011a5af1
          0x011a5af4
          0x011a5af6
          0x011a5af8
          0x011a5afb
          0x011a5afe
          0x011a5b0b
          0x011a5b10
          0x011a5b10
          0x011a5afe
          0x011a5b17
          0x011a5b1c
          0x011a5b1f
          0x011a5b24
          0x011a5b27
          0x011a5b29
          0x011a5b36
          0x011a5b3b
          0x011a5b29
          0x00000000
          0x011a5b3e
          0x011a5a99
          0x011a5a9c
          0x00000000
          0x00000000
          0x00000000
          0x011a5a9e
          0x011a5a8b
          0x011a5a8d
          0x00000000
          0x00000000
          0x00000000
          0x011a5a8d
          0x011a5a7c
          0x011a5a7f
          0x00000000
          0x00000000
          0x011a5a81
          0x00000000
          0x011a5a81
          0x011a5a71
          0x00000000
          0x011a5a71
          0x011a5a63
          0x011a5a66
          0x00000000
          0x00000000
          0x00000000
          0x011a5a66
          0x011a5a2e
          0x011a5a31
          0x011a5a33
          0x011a5a3b
          0x011a5a3d
          0x011a5a4c
          0x011a5a4e
          0x011a5a50
          0x011a5a52
          0x011a5a56
          0x011a5a58
          0x011a5a58
          0x00000000
          0x011a5a50
          0x011a5a3f
          0x011a5a43
          0x011a5a43
          0x011a5a45
          0x00000000
          0x011a5a45
          0x011a5a35
          0x00000000
          0x011a5a35
          0x011a5968
          0x011a5968
          0x00000000
          0x011a5968
          0x011a5932
          0x011a5934
          0x011a5975
          0x011a5975
          0x011a5978
          0x011a5991
          0x00000000
          0x011a5991
          0x011a597a
          0x011a597a
          0x011a597d
          0x011a59d5
          0x011a59d7
          0x00000000
          0x011a59d7
          0x011a5980
          0x011a5983
          0x00000000
          0x00000000
          0x011a5985
          0x011a5988
          0x00000000
          0x011a5988
          0x011a5936
          0x011a596f
          0x011a5971
          0x011a5971
          0x00000000
          0x011a5971
          0x011a593b
          0x00000000
          0x00000000
          0x011a5944
          0x00000000
          0x00000000
          0x011a5949
          0x00000000
          0x00000000
          0x011a594e
          0x00000000
          0x00000000
          0x011a5957
          0x00000000
          0x00000000
          0x011a5959
          0x011a595b
          0x011a595b

          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 8bf303d3d1309f1d697d25cdca4d6ad8eaeb7f65b95fe7e433ed44af99f96aa0
          • Instruction ID: 8bcca3ce4714e2e12623750d742a0cdad4e3de86c931b8a4198c62c3e642da5a
          • Opcode Fuzzy Hash: 8bf303d3d1309f1d697d25cdca4d6ad8eaeb7f65b95fe7e433ed44af99f96aa0
          • Instruction Fuzzy Hash: EE514B7930C749AAEBFD492C84E47BE6FAB9B13214FC8041ACA53DF681E7119949C712
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011558DF Relevance: 1.3, Strings: 1, Instructions: 24COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: GetSystemTimePreciseAsFileTime
          • API String ID: 0-595813830
          • Opcode ID: 4ad4e94dc9504d7f1c7ae17ef230314447632380b725b2b91a2f15ee7e235b99
          • Instruction ID: 25b2c1f078c854cede15d7ef4cdd73300d5a54b16d73ae2645f86bf4ac8f1c9a
          • Opcode Fuzzy Hash: 4ad4e94dc9504d7f1c7ae17ef230314447632380b725b2b91a2f15ee7e235b99
          • Instruction Fuzzy Hash: 00E0C23278822577C6383686BC06BAE7F04D760EB2F04406FFB1C6A3848B71092083E5
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01155D94 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
          Download Yara Rule
          C-Code - Quality: 100%
          			E01155D94() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x14f3b38 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




          0x011dc576
          0x011dc57e
          0x011dc586

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: HeapProcess
          • String ID:
          • API String ID: 54951025-0
          • Opcode ID: ac61880dfe71a74744b57e7b3169e6633585d812b9993e1fce76ec742fc81370
          • Instruction ID: 9c0aba224a706d0fb33c522068c3d616698cd27b7ec8b0c01cb3d22bcdfad90a
          • Opcode Fuzzy Hash: ac61880dfe71a74744b57e7b3169e6633585d812b9993e1fce76ec742fc81370
          • Instruction Fuzzy Hash: 65B012B07001009B87544FB0624C30A3A947B011A0305801C5001C1365DF2040A0C703
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01152EA0 Relevance: 1.1, Instructions: 1085COMMONLIBRARYCODECrypto
          Download Yara Rule
          C-Code - Quality: 33%
          			E01152EA0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				short _v8;
				intOrPtr* _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _v52;
				signed int _v72;
				intOrPtr* _v76;
				intOrPtr _v92;
				char _v96;
				intOrPtr* _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v168;
				char _v172;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr* _t335;
				intOrPtr _t336;
				intOrPtr _t338;
				short _t342;
				void* _t347;
				intOrPtr* _t353;
				intOrPtr _t354;
				intOrPtr _t356;
				short _t360;
				void* _t365;
				char _t370;
				intOrPtr _t372;
				void* _t376;
				intOrPtr _t380;
				void* _t384;
				intOrPtr _t386;
				void* _t390;
				intOrPtr _t392;
				void* _t396;
				intOrPtr _t398;
				void* _t402;
				intOrPtr _t404;
				intOrPtr _t406;
				intOrPtr _t408;
				intOrPtr _t409;
				intOrPtr _t411;
				void* _t418;
				intOrPtr _t419;
				intOrPtr _t421;
				void* _t428;
				intOrPtr _t429;
				intOrPtr _t431;
				void* _t438;
				intOrPtr _t439;
				intOrPtr _t441;
				void* _t448;
				intOrPtr _t449;
				intOrPtr _t451;
				void* _t458;
				intOrPtr _t460;
				intOrPtr _t462;
				intOrPtr _t464;
				intOrPtr _t466;
				char _t468;
				void* _t476;
				void* _t483;
				void* _t490;
				void* _t497;
				void* _t503;
				void* _t507;
				void* _t511;
				intOrPtr _t512;
				short _t513;
				void* _t518;
				intOrPtr _t519;
				intOrPtr _t523;
				short _t524;
				void* _t529;
				intOrPtr _t530;
				signed int _t535;
				signed int _t537;
				intOrPtr* _t539;
				intOrPtr* _t541;
				intOrPtr* _t543;
				intOrPtr* _t545;
				intOrPtr* _t547;
				char _t548;
				unsigned int _t550;
				unsigned int _t557;
				unsigned int _t559;
				unsigned int _t561;
				void* _t566;
				intOrPtr* _t567;
				short _t571;
				void* _t576;
				intOrPtr* _t577;
				short _t581;
				intOrPtr* _t586;
				intOrPtr* _t587;
				intOrPtr* _t590;
				intOrPtr* _t594;
				intOrPtr* _t598;
				intOrPtr* _t602;
				intOrPtr* _t606;
				intOrPtr* _t608;
				intOrPtr* _t610;
				char _t612;
				intOrPtr* _t613;
				intOrPtr* _t617;
				intOrPtr* _t622;
				intOrPtr* _t627;
				intOrPtr* _t632;
				intOrPtr* _t637;
				intOrPtr* _t640;
				intOrPtr* _t643;
				intOrPtr* _t646;
				intOrPtr* _t658;
				intOrPtr* _t664;
				char _t668;
				intOrPtr* _t671;
				intOrPtr* _t677;
				intOrPtr _t681;
				intOrPtr* _t685;
				signed int _t687;
				intOrPtr* _t688;
				signed int _t690;
				char _t691;
				char _t692;
				void* _t693;
				void* _t694;
				void* _t695;
				void* _t698;
				short* _t699;
				void* _t700;
				short* _t701;
				char _t702;
				intOrPtr* _t707;
				short* _t708;
				intOrPtr* _t709;
				intOrPtr* _t710;
				short* _t711;
				intOrPtr* _t712;
				intOrPtr _t713;
				void* _t720;
				void* _t722;
				intOrPtr* _t724;
				intOrPtr* _t726;
				intOrPtr* _t728;
				intOrPtr* _t730;
				intOrPtr* _t732;
				char _t733;
				short* _t736;
				short* _t738;
				void* _t741;
				void* _t742;
				void* _t744;
				void* _t745;
				void* _t746;
				void* _t747;
				void* _t748;

				_t535 = 0;
				_v8 = 0;
				L01155407( &_v32, __edx, 0);
				_t698 = 7;
				_t335 =  *((intOrPtr*)(_v28 + 0x9c)) + 0xd0;
				_v12 = _t335;
				_t707 = _t335;
				do {
					_t685 =  *((intOrPtr*)(_t707 - 0x1c));
					_t566 = _t685 + 2;
					do {
						_t336 =  *_t685;
						_t685 = _t685 + 2;
					} while (_t336 != _v8);
					_t567 =  *_t707;
					_t687 = _t685 - _t566 >> 1;
					_v16 = _t567 + 2;
					do {
						_t338 =  *_t567;
						_t567 = _t567 + 2;
					} while (_t338 != _v8);
					_t707 = _t707 + 4;
					_t535 = _t535 + 2 + (_t567 - _v16 >> 1) + _t687;
					_t698 = _t698 - 1;
				} while (_t698 != 0);
				_t699 = L01153D87(2 + _t535 * 2);
				_t342 = 0;
				if(_t699 != 0) {
					_v16 = 0;
					_t708 = _t699;
					_t343 = _v12;
					_t571 = 0x3a;
					while(1) {
						 *_t708 = _t571;
						_t709 = _t708 + 2;
						_t347 = L011536E3(_t709, _t535 - (_t709 - _t699 >> 1) + 1,  *((intOrPtr*)(_t343 - 0x1c)));
						_t745 = _t744 + 0xc;
						if(_t347 != 0) {
							break;
						}
						_t671 = _t709;
						_t19 = _t671 + 2; // 0x0
						_t687 = _t19;
						do {
							_t523 =  *_t671;
							_t671 = _t671 + 2;
						} while (_t523 != _v8);
						_t524 = 0x3a;
						_t738 = _t709 + (_t671 - _t687 >> 1) * 2;
						 *_t738 = _t524;
						_t709 = _t738 + 2;
						_t529 = L011536E3(_t709, _t535 - (_t709 - _t699 >> 1) + 1,  *_v12);
						_t745 = _t745 + 0xc;
						if(_t529 != 0) {
							break;
						} else {
							_t677 = _t709;
							_t24 = _t677 + 2; // -2
							_t687 = _t24;
							do {
								_t530 =  *_t677;
								_t677 = _t677 + 2;
							} while (_t530 != _v8);
							_t343 = _v12 + 4;
							_v12 = _v12 + 4;
							_t708 = _t709 + (_t677 - _t687 >> 1) * 2;
							_t681 = _v16 + 1;
							_v16 = _t681;
							_t571 = 0x3a;
							if(_t681 < 7) {
								continue;
							} else {
								_t342 = 0;
								 *_t708 = 0;
								goto L18;
							}
						}
						goto L172;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					L0115342C();
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_t741 = _t745;
					_t746 = _t745 - 0x1c;
					_push(_t535);
					_push(_t709);
					_push(_t699);
					_t537 = 0;
					_v72 = 0;
					L01155407( &_v96, _t687, 0);
					_t700 = 0xc;
					_t353 =  *((intOrPtr*)(_v92 + 0x9c)) + 0x11c;
					_v76 = _t353;
					_t710 = _t353;
					do {
						_t688 =  *((intOrPtr*)(_t710 - 0x30));
						_t576 = _t688 + 2;
						do {
							_t354 =  *_t688;
							_t688 = _t688 + 2;
						} while (_t354 != _v12);
						_t577 =  *_t710;
						_t690 = _t688 - _t576 >> 1;
						_v20 = _t577 + 2;
						do {
							_t356 =  *_t577;
							_t577 = _t577 + 2;
						} while (_t356 != _v12);
						_t710 = _t710 + 4;
						_t537 = _t537 + 2 + (_t577 - _v20 >> 1) + _t690;
						_t700 = _t700 - 1;
					} while (_t700 != 0);
					_t701 = L01153D87(2 + _t537 * 2);
					_t360 = 0;
					if(_t701 != 0) {
						_v20 = 0;
						_t711 = _t701;
						_t361 = _v16;
						_t581 = 0x3a;
						while(1) {
							 *_t711 = _t581;
							_t712 = _t711 + 2;
							_t365 = L011536E3(_t712, _t537 - (_t712 - _t701 >> 1) + 1,  *((intOrPtr*)(_t361 - 0x30)));
							_t747 = _t746 + 0xc;
							if(_t365 != 0) {
								break;
							}
							_t658 = _t712;
							_t54 = _t658 + 2; // 0x0
							_t690 = _t54;
							do {
								_t512 =  *_t658;
								_t658 = _t658 + 2;
							} while (_t512 != _v12);
							_t513 = 0x3a;
							_t736 = _t712 + (_t658 - _t690 >> 1) * 2;
							 *_t736 = _t513;
							_t712 = _t736 + 2;
							_t518 = L011536E3(_t712, _t537 - (_t712 - _t701 >> 1) + 1,  *_v16);
							_t747 = _t747 + 0xc;
							if(_t518 != 0) {
								break;
							} else {
								_t664 = _t712;
								_t59 = _t664 + 2; // -2
								_t690 = _t59;
								do {
									_t519 =  *_t664;
									_t664 = _t664 + 2;
								} while (_t519 != _v12);
								_t361 = _v16 + 4;
								_v16 = _v16 + 4;
								_t711 = _t712 + (_t664 - _t690 >> 1) * 2;
								_t668 = _v20 + 1;
								_v20 = _t668;
								_t581 = 0x3a;
								if(_t668 < 0xc) {
									continue;
								} else {
									_t360 = 0;
									 *_t711 = 0;
									goto L39;
								}
							}
							goto L172;
						}
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						L0115342C();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t741);
						_t742 = _t747;
						_t748 = _t747 - 0x28;
						_push(_t537);
						_push(_t712);
						_push(_t701);
						_t702 = 0;
						L01155407( &_v172, _t690, 0);
						_t713 = 0x164;
						_v148 = 0;
						_t691 = 0;
						_v140 = 0;
						_t586 =  *((intOrPtr*)(_v168 + 0x9c));
						_t370 = 0;
						_v136 = _t586;
						_v144 = 0;
						L44:
						while(1) {
							L44:
							if(_t691 != 1) {
								L47:
								_t692 = _t702;
								_v32 = _t370;
								_v32 = _v32 - _t586;
								_t539 = _t586;
								_v36 = _t692;
								do {
									if(_v20 != 1) {
										L51:
										_t587 =  *_t539;
										_v36 = _t587 + 1;
										do {
											_t372 =  *_t587;
											_t587 = _t587 + 1;
										} while (_t372 != 0);
										goto L53;
									} else {
										 *((intOrPtr*)(_v32 + _t539)) = _t370 + _t713;
										_t376 = L01155B19(_t370 + _t713, _v28 - _t713,  *_t539);
										_t748 = _t748 + 0xc;
										if(_t376 != 0) {
											L170:
											_push(_t702);
											_push(_t702);
											_push(_t702);
											_push(_t702);
											_push(_t702);
											L0115342C();
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											asm("int3");
											_push(_t742);
											return L011542AA(_t692, _v200, _v196, _v192, _v188, _v184, 0);
										} else {
											_t692 = _v36;
											goto L51;
										}
									}
									goto L172;
									L53:
									_t370 = _v24;
									_t713 = _t713 + 1 + _t587 - _v36;
									_t692 = _t692 + 1;
									_t539 = _t539 + 4;
									_v36 = _t692;
								} while (_t692 < 7);
								_t692 = _t702;
								_v36 = _t692;
								_t541 = _v16 + 0x1c;
								do {
									if(_v20 != 1) {
										L58:
										_t590 =  *_t541;
										_v36 = _t590 + 1;
										do {
											_t380 =  *_t590;
											_t590 = _t590 + 1;
										} while (_t380 != 0);
										goto L60;
									} else {
										 *((intOrPtr*)(_t541 + _v32)) = _v24 + _t713;
										_t384 = L01155B19(_v24 + _t713, _v28 - _t713,  *_t541);
										_t748 = _t748 + 0xc;
										if(_t384 != 0) {
											goto L170;
										} else {
											_t692 = _v36;
											goto L58;
										}
									}
									goto L172;
									L60:
									_t713 = _t713 + 1 + _t590 - _v36;
									_t541 = _t541 + 4;
									_t692 = _t692 + 1;
									_v36 = _t692;
								} while (_t692 < 7);
								_t692 = _t702;
								_v36 = _t692;
								_t543 = _v16 + 0x38;
								do {
									if(_v20 != 1) {
										L65:
										_t594 =  *_t543;
										_v36 = _t594 + 1;
										do {
											_t386 =  *_t594;
											_t594 = _t594 + 1;
										} while (_t386 != 0);
										goto L67;
									} else {
										 *((intOrPtr*)(_t543 + _v32)) = _v24 + _t713;
										_t390 = L01155B19(_v24 + _t713, _v28 - _t713,  *_t543);
										_t748 = _t748 + 0xc;
										if(_t390 != 0) {
											goto L170;
										} else {
											_t692 = _v36;
											goto L65;
										}
									}
									goto L172;
									L67:
									_t713 = _t713 + 1 + _t594 - _v36;
									_t543 = _t543 + 4;
									_t692 = _t692 + 1;
									_v36 = _t692;
								} while (_t692 < 0xc);
								_t692 = _t702;
								_v36 = _t692;
								_t545 = _v16 + 0x68;
								do {
									if(_v20 != 1) {
										L72:
										_t598 =  *_t545;
										_v36 = _t598 + 1;
										do {
											_t392 =  *_t598;
											_t598 = _t598 + 1;
										} while (_t392 != 0);
										goto L74;
									} else {
										 *((intOrPtr*)(_t545 + _v32)) = _v24 + _t713;
										_t396 = L01155B19(_v24 + _t713, _v28 - _t713,  *_t545);
										_t748 = _t748 + 0xc;
										if(_t396 != 0) {
											goto L170;
										} else {
											_t692 = _v36;
											goto L72;
										}
									}
									goto L172;
									L74:
									_t713 = _t713 + 1 + _t598 - _v36;
									_t545 = _t545 + 4;
									_t692 = _t692 + 1;
									_v36 = _t692;
								} while (_t692 < 0xc);
								_t692 = _t702;
								_v36 = _t692;
								_t547 = _v16 + 0x98;
								do {
									if(_v20 != 1) {
										L79:
										_t602 =  *_t547;
										_v36 = _t602 + 1;
										do {
											_t398 =  *_t602;
											_t602 = _t602 + 1;
										} while (_t398 != 0);
										goto L81;
									} else {
										 *((intOrPtr*)(_t547 + _v32)) = _v24 + _t713;
										_t402 = L01155B19(_v24 + _t713, _v28 - _t713,  *_t547);
										_t748 = _t748 + 0xc;
										if(_t402 != 0) {
											goto L170;
										} else {
											_t692 = _v36;
											goto L79;
										}
									}
									goto L172;
									L81:
									_t713 = _t713 + 1 + _t602 - _v36;
									_t547 = _t547 + 4;
									_t692 = _t692 + 1;
									_v36 = _t692;
								} while (_t692 < 2);
								_t548 = _v24;
								if(_v20 != 1) {
									L84:
									_t606 =  *((intOrPtr*)(_v16 + 0xa0));
									_t692 = _t606 + 1;
									do {
										_t404 =  *_t606;
										_t606 = _t606 + 1;
									} while (_t404 != 0);
									_t720 = _t713 + 1 + _t606 - _t692;
									if(_v20 != 1) {
										L88:
										_t608 =  *((intOrPtr*)(_v16 + 0xa4));
										_t692 = _t608 + 1;
										do {
											_t406 =  *_t608;
											_t608 = _t608 + 1;
										} while (_t406 != 0);
										_t722 = _t720 + 1 + _t608 - _t692;
										if(_v20 != 1) {
											L92:
											_t610 =  *((intOrPtr*)(_v16 + 0xa8));
											_t693 = _t610 + 1;
											do {
												_t408 =  *_t610;
												_t610 = _t610 + 1;
											} while (_t408 != 0);
											_t692 = _v20;
											_t612 = _v24;
											_t550 = _t610 - _t693 + 1 + _t722;
											if(_t692 == 1) {
												 *((intOrPtr*)(_t612 + 0xac)) =  *((intOrPtr*)(_v16 + 0xac));
												 *((intOrPtr*)(_t612 + 0xb0)) = _t702;
											}
											_v36 = _t702;
											_t724 = _v16 + 0xb4;
											L98:
											while((_t550 & 0x00000001) == 0) {
												if(_t692 != 1) {
													L101:
													_t613 =  *_t724;
													_t694 = _t613 + 2;
													do {
														_t409 =  *_t613;
														_t613 = _t613 + 2;
													} while (_t409 != _t702);
													_t692 = _v20;
													_t724 = _t724 + 4;
													_t612 = _v24;
													_t550 = _t550 + (_t613 - _t694 >> 1) * 2 + 2;
													_t411 = _v36 + 1;
													_v36 = _t411;
													if(_t411 < 7) {
														continue;
													} else {
														_v36 = _t702;
														_t726 = _v16 + 0xd0;
														L106:
														while((_t550 & 0x00000001) == 0) {
															if(_v20 != 1) {
																L109:
																_t617 =  *_t726;
																_t692 = _t617 + 2;
																do {
																	_t419 =  *_t617;
																	_t617 = _t617 + 2;
																} while (_t419 != _t702);
																_t726 = _t726 + 4;
																_t550 = _t550 + (_t617 - _t692 >> 1) * 2 + 2;
																_t421 = _v36 + 1;
																_v36 = _t421;
																if(_t421 < 7) {
																	continue;
																} else {
																	_v36 = _t702;
																	_t728 = _v16 + 0xec;
																	L114:
																	while((_t550 & 0x00000001) == 0) {
																		if(_v20 != 1) {
																			L117:
																			_t622 =  *_t728;
																			_t692 = _t622 + 2;
																			do {
																				_t429 =  *_t622;
																				_t622 = _t622 + 2;
																			} while (_t429 != _t702);
																			_t728 = _t728 + 4;
																			_t550 = _t550 + (_t622 - _t692 >> 1) * 2 + 2;
																			_t431 = _v36 + 1;
																			_v36 = _t431;
																			if(_t431 < 0xc) {
																				continue;
																			} else {
																				_v36 = _t702;
																				_t730 = _v16 + 0x11c;
																				L122:
																				while((_t550 & 0x00000001) == 0) {
																					if(_v20 != 1) {
																						L125:
																						_t627 =  *_t730;
																						_t692 = _t627 + 2;
																						do {
																							_t439 =  *_t627;
																							_t627 = _t627 + 2;
																						} while (_t439 != _t702);
																						_t730 = _t730 + 4;
																						_t550 = _t550 + (_t627 - _t692 >> 1) * 2 + 2;
																						_t441 = _v36 + 1;
																						_v36 = _t441;
																						if(_t441 < 0xc) {
																							continue;
																						} else {
																							_v36 = _t702;
																							_t732 = _v16 + 0x14c;
																							L130:
																							while((_t550 & 0x00000001) == 0) {
																								if(_v20 != 1) {
																									L133:
																									_t632 =  *_t732;
																									_t692 = _t632 + 2;
																									do {
																										_t449 =  *_t632;
																										_t632 = _t632 + 2;
																									} while (_t449 != _t702);
																									_t732 = _t732 + 4;
																									_t550 = _t550 + (_t632 - _t692 >> 1) * 2 + 2;
																									_t451 = _v36 + 1;
																									_v36 = _t451;
																									if(_t451 < 2) {
																										continue;
																									} else {
																										while((_t550 & 0x00000001) != 0) {
																											_t550 = _t550 + 1;
																										}
																										_t733 = _v24;
																										if(_v20 != 1) {
																											L141:
																											_t637 =  *((intOrPtr*)(_v16 + 0x154));
																											_t692 = _t637 + 2;
																											do {
																												_t460 =  *_t637;
																												_t637 = _t637 + 2;
																											} while (_t460 != _t702);
																											_t557 = _t550 + (_t637 - _t692 >> 1) * 2 + 2;
																											while((_t557 & 0x00000001) != 0) {
																												_t557 = _t557 + 1;
																											}
																											if(_v20 != 1) {
																												L148:
																												_t640 =  *((intOrPtr*)(_v16 + 0x158));
																												_t692 = _t640 + 2;
																												do {
																													_t462 =  *_t640;
																													_t640 = _t640 + 2;
																												} while (_t462 != _t702);
																												_t559 = _t557 + (_t640 - _t692 >> 1) * 2 + 2;
																												while((_t559 & 0x00000001) != 0) {
																													_t559 = _t559 + 1;
																												}
																												if(_v20 != 1) {
																													L155:
																													_t643 =  *((intOrPtr*)(_v16 + 0x15c));
																													_t692 = _t643 + 2;
																													do {
																														_t464 =  *_t643;
																														_t643 = _t643 + 2;
																													} while (_t464 != _t702);
																													_t561 = _t559 + (_t643 - _t692 >> 1) * 2 + 2;
																													while((_t561 & 0x00000001) != 0) {
																														_t561 = _t561 + 1;
																													}
																													if(_v20 != 1) {
																														L162:
																														_t646 =  *((intOrPtr*)(_v16 + 0x160));
																														_t695 = _t646 + 2;
																														do {
																															_t466 =  *_t646;
																															_t646 = _t646 + 2;
																														} while (_t466 != _t702);
																														_t691 = _v20 + 1;
																														_v20 = _t691;
																														_t713 = _t561 + ((_t646 - _t695 >> 1) + 1) * 2;
																														if(_t691 >= 2) {
																															_t702 = _v24;
																															goto L167;
																														} else {
																															_t370 = _v24;
																															_t586 = _v16;
																															goto L44;
																														}
																													} else {
																														 *((intOrPtr*)(_t733 + 0x160)) = _t733 + (_t561 >> 1) * 2;
																														_t476 = L011536E3(_t733 + (_t561 >> 1) * 2, _v28 - _t561 >> 1,  *((intOrPtr*)(_v16 + 0x160)));
																														_t748 = _t748 + 0xc;
																														if(_t476 != 0) {
																															goto L170;
																														} else {
																															goto L162;
																														}
																													}
																												} else {
																													 *((intOrPtr*)(_t733 + 0x15c)) = _t733 + (_t559 >> 1) * 2;
																													_t483 = L011536E3(_t733 + (_t559 >> 1) * 2, _v28 - _t559 >> 1,  *((intOrPtr*)(_v16 + 0x15c)));
																													_t748 = _t748 + 0xc;
																													if(_t483 != 0) {
																														goto L170;
																													} else {
																														goto L155;
																													}
																												}
																											} else {
																												 *((intOrPtr*)(_t733 + 0x158)) = _t733 + (_t557 >> 1) * 2;
																												_t490 = L011536E3(_t733 + (_t557 >> 1) * 2, _v28 - _t557 >> 1,  *((intOrPtr*)(_v16 + 0x158)));
																												_t748 = _t748 + 0xc;
																												if(_t490 != 0) {
																													goto L170;
																												} else {
																													goto L148;
																												}
																											}
																										} else {
																											 *((intOrPtr*)(_t733 + 0x154)) = _t733 + (_t550 >> 1) * 2;
																											_t497 = L011536E3(_t733 + (_t550 >> 1) * 2, _v28 - _t550 >> 1,  *((intOrPtr*)(_v16 + 0x154)));
																											_t748 = _t748 + 0xc;
																											if(_t497 != 0) {
																												goto L170;
																											} else {
																												goto L141;
																											}
																										}
																									}
																								} else {
																									 *((intOrPtr*)(_t732 + _v32)) = _v24 + (_t550 >> 1) * 2;
																									_t458 = L011536E3(_v24 + (_t550 >> 1) * 2, _v28 - _t550 >> 1,  *_t732);
																									_t748 = _t748 + 0xc;
																									if(_t458 != 0) {
																										goto L170;
																									} else {
																										goto L133;
																									}
																								}
																								goto L172;
																							}
																							_t550 = _t550 + 1;
																							goto L130;
																						}
																					} else {
																						 *((intOrPtr*)(_t730 + _v32)) = _v24 + (_t550 >> 1) * 2;
																						_t448 = L011536E3(_v24 + (_t550 >> 1) * 2, _v28 - _t550 >> 1,  *_t730);
																						_t748 = _t748 + 0xc;
																						if(_t448 != 0) {
																							goto L170;
																						} else {
																							goto L125;
																						}
																					}
																					goto L172;
																				}
																				_t550 = _t550 + 1;
																				goto L122;
																			}
																		} else {
																			 *((intOrPtr*)(_t728 + _v32)) = _v24 + (_t550 >> 1) * 2;
																			_t438 = L011536E3(_v24 + (_t550 >> 1) * 2, _v28 - _t550 >> 1,  *_t728);
																			_t748 = _t748 + 0xc;
																			if(_t438 != 0) {
																				goto L170;
																			} else {
																				goto L117;
																			}
																		}
																		goto L172;
																	}
																	_t550 = _t550 + 1;
																	goto L114;
																}
															} else {
																 *((intOrPtr*)(_t726 + _v32)) = _v24 + (_t550 >> 1) * 2;
																_t428 = L011536E3(_v24 + (_t550 >> 1) * 2, _v28 - _t550 >> 1,  *_t726);
																_t748 = _t748 + 0xc;
																if(_t428 != 0) {
																	goto L170;
																} else {
																	goto L109;
																}
															}
															goto L172;
														}
														_t550 = _t550 + 1;
														goto L106;
													}
												} else {
													 *((intOrPtr*)(_t724 + _v32)) = _t612 + (_t550 >> 1) * 2;
													_t418 = L011536E3(_t612 + (_t550 >> 1) * 2, _v28 - _t550 >> 1,  *_t724);
													_t748 = _t748 + 0xc;
													if(_t418 != 0) {
														goto L170;
													} else {
														goto L101;
													}
												}
												goto L172;
											}
											_t550 = _t550 + 1;
											goto L98;
										} else {
											 *((intOrPtr*)(_t548 + 0xa8)) = _t548 + _t722;
											_t503 = L01155B19(_t548 + _t722, _v28 - _t722,  *((intOrPtr*)(_v16 + 0xa8)));
											_t748 = _t748 + 0xc;
											if(_t503 != 0) {
												goto L170;
											} else {
												goto L92;
											}
										}
									} else {
										 *((intOrPtr*)(_t548 + 0xa4)) = _t548 + _t720;
										_t507 = L01155B19(_t548 + _t720, _v28 - _t720,  *((intOrPtr*)(_v16 + 0xa4)));
										_t748 = _t748 + 0xc;
										if(_t507 != 0) {
											goto L170;
										} else {
											goto L88;
										}
									}
								} else {
									 *((intOrPtr*)(_t548 + 0xa0)) = _t548 + _t713;
									_t511 = L01155B19(_t548 + _t713, _v28 - _t713,  *((intOrPtr*)(_v16 + 0xa0)));
									_t748 = _t748 + 0xc;
									if(_t511 != 0) {
										goto L170;
									} else {
										goto L84;
									}
								}
							} else {
								_t468 = L01153D87(_t713);
								_v24 = _t468;
								if(_t468 == 0) {
									L167:
									if(_v40 != 0) {
										 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
									}
									return _t702;
								} else {
									L01152F9A(_t702, _t468, _t702, _t713);
									_t370 = _v24;
									_t748 = _t748 + 0xc;
									_t586 = _v16;
									_v28 = _t713;
									_t713 = 0x164;
									goto L47;
								}
							}
							goto L172;
						}
					} else {
						_t701 = 0;
						L39:
						L01155E98(_t360);
						if(_v24 != 0) {
							 *(_v36 + 0x350) =  *(_v36 + 0x350) & 0xfffffffd;
						}
						return _t701;
					}
				} else {
					_t699 = 0;
					L18:
					L01155E98(_t342);
					if(_v20 != 0) {
						 *(_v32 + 0x350) =  *(_v32 + 0x350) & 0xfffffffd;
					}
					return _t699;
				}
				L172:
			}








































































































































































          0x011bf4c4
          0x011bf4ca
          0x011bf4cd
          0x011bf4d7
          0x011bf4de
          0x011bf4e3
          0x011bf4e6
          0x011bf4e8
          0x011bf4e8
          0x011bf4eb
          0x011bf4ee
          0x011bf4ee
          0x011bf4f1
          0x011bf4f4
          0x011bf4fc
          0x011bf4fe
          0x011bf503
          0x011bf506
          0x011bf506
          0x011bf509
          0x011bf50c
          0x011bf51a
          0x011bf520
          0x011bf522
          0x011bf522
          0x011bf534
          0x011bf536
          0x011bf53b
          0x011bf546
          0x011bf549
          0x011bf54b
          0x011bf54e
          0x011bf54f
          0x011bf54f
          0x011bf552
          0x011bf565
          0x011bf56a
          0x011bf56f
          0x00000000
          0x00000000
          0x011bf575
          0x011bf577
          0x011bf577
          0x011bf57a
          0x011bf57a
          0x011bf57d
          0x011bf580
          0x011bf58c
          0x011bf58d
          0x011bf590
          0x011bf593
          0x011bf5a8
          0x011bf5ad
          0x011bf5b2
          0x00000000
          0x011bf5b4
          0x011bf5b4
          0x011bf5b6
          0x011bf5b6
          0x011bf5b9
          0x011bf5b9
          0x011bf5bc
          0x011bf5bf
          0x011bf5cc
          0x011bf5d1
          0x011bf5d4
          0x011bf5da
          0x011bf5db
          0x011bf5e1
          0x011bf5e2
          0x00000000
          0x011bf5e8
          0x011bf5e8
          0x011bf5ea
          0x00000000
          0x011bf5ea
          0x011bf5e2
          0x00000000
          0x011bf5b2
          0x011bf60d
          0x011bf60e
          0x011bf60f
          0x011bf610
          0x011bf611
          0x011bf612
          0x011bf617
          0x011bf618
          0x011bf619
          0x011bf61a
          0x011bf61b
          0x011bf61c
          0x011bf61d
          0x011bf61e
          0x011bf61f
          0x011bf620
          0x011bf621
          0x011bf622
          0x011bf623
          0x011bf624
          0x011bf625
          0x011bf626
          0x011bf627
          0x011bf628
          0x011bf629
          0x011bf62a
          0x011bf62b
          0x011bf62c
          0x011bf62d
          0x011bf62e
          0x011bf62f
          0x011bf630
          0x011bf631
          0x011bf632
          0x011bf633
          0x011bf634
          0x011bf635
          0x011bf636
          0x011bf637
          0x011bf638
          0x011bf639
          0x011bf63a
          0x011bf63b
          0x011bf63c
          0x011bf63d
          0x011bf63e
          0x011bf63f
          0x011bf640
          0x011bf641
          0x011bf642
          0x011bf643
          0x011bf644
          0x011bf645
          0x011bf646
          0x011bf647
          0x011bf648
          0x011bf649
          0x011bf64a
          0x011bf64b
          0x011bf64c
          0x011bf64d
          0x011bf64e
          0x011bf64f
          0x011bf650
          0x011bf651
          0x011bf652
          0x011bf653
          0x011bf654
          0x011bf655
          0x011bf656
          0x011bf657
          0x011bf658
          0x011bf659
          0x011bf65a
          0x011bf65b
          0x011bf65c
          0x011bf65d
          0x011bf65e
          0x011bf65f
          0x011bf660
          0x011bf661
          0x011bf662
          0x011bf663
          0x011bf664
          0x011bf665
          0x011bf666
          0x011bf667
          0x011bf668
          0x011bf669
          0x011bf66a
          0x011bf66b
          0x011bf66c
          0x011bf66d
          0x011bf66e
          0x011bf672
          0x011bf674
          0x011bf677
          0x011bf678
          0x011bf679
          0x011bf67a
          0x011bf680
          0x011bf683
          0x011bf68d
          0x011bf694
          0x011bf699
          0x011bf69c
          0x011bf69e
          0x011bf69e
          0x011bf6a1
          0x011bf6a4
          0x011bf6a4
          0x011bf6a7
          0x011bf6aa
          0x011bf6b2
          0x011bf6b4
          0x011bf6b9
          0x011bf6bc
          0x011bf6bc
          0x011bf6bf
          0x011bf6c2
          0x011bf6d0
          0x011bf6d6
          0x011bf6d8
          0x011bf6d8
          0x011bf6ea
          0x011bf6ec
          0x011bf6f1
          0x011bf6fc
          0x011bf6ff
          0x011bf701
          0x011bf704
          0x011bf705
          0x011bf705
          0x011bf708
          0x011bf71b
          0x011bf720
          0x011bf725
          0x00000000
          0x00000000
          0x011bf72b
          0x011bf72d
          0x011bf72d
          0x011bf730
          0x011bf730
          0x011bf733
          0x011bf736
          0x011bf742
          0x011bf743
          0x011bf746
          0x011bf749
          0x011bf75e
          0x011bf763
          0x011bf768
          0x00000000
          0x011bf76a
          0x011bf76a
          0x011bf76c
          0x011bf76c
          0x011bf76f
          0x011bf76f
          0x011bf772
          0x011bf775
          0x011bf782
          0x011bf787
          0x011bf78a
          0x011bf790
          0x011bf791
          0x011bf797
          0x011bf798
          0x00000000
          0x011bf79e
          0x011bf79e
          0x011bf7a0
          0x00000000
          0x011bf7a0
          0x011bf798
          0x00000000
          0x011bf768
          0x011bf7c3
          0x011bf7c4
          0x011bf7c5
          0x011bf7c6
          0x011bf7c7
          0x011bf7c8
          0x011bf7cd
          0x011bf7ce
          0x011bf7cf
          0x011bf7d0
          0x011bf7d1
          0x011bf7d2
          0x011bf7d3
          0x011bf7d4
          0x011bf7d5
          0x011bf7d6
          0x011bf7d7
          0x011bf7d8
          0x011bf7d9
          0x011bf7da
          0x011bf7db
          0x011bf7dc
          0x011bf7dd
          0x011bf7de
          0x011bf7df
          0x011bf7e0
          0x011bf7e1
          0x011bf7e2
          0x011bf7e3
          0x011bf7e4
          0x011bf7e5
          0x011bf7e6
          0x011bf7e7
          0x011bf7e8
          0x011bf7e9
          0x011bf7ea
          0x011bf7eb
          0x011bf7ec
          0x011bf7ed
          0x011bf7ee
          0x011bf7ef
          0x011bf7f0
          0x011bf7f1
          0x011bf7f2
          0x011bf7f3
          0x011bf7f4
          0x011bf7f5
          0x011bf7f6
          0x011bf7f7
          0x011bf7f8
          0x011bf7f9
          0x011bf7fa
          0x011bf7fb
          0x011bf7fc
          0x011bf7fd
          0x011bf7fe
          0x011bf7ff
          0x011bf800
          0x011bf801
          0x011bf802
          0x011bf803
          0x011bf804
          0x011bf805
          0x011bf806
          0x011bf807
          0x011bf808
          0x011bf809
          0x011bf80a
          0x011bf80b
          0x011bf80c
          0x011bf80d
          0x011bf80e
          0x011bf80f
          0x011bf810
          0x011bf811
          0x011bf812
          0x011bf813
          0x011bf814
          0x011bf815
          0x011bf816
          0x011bf817
          0x011bf818
          0x011bf819
          0x011bf81a
          0x011bf81b
          0x011bf81c
          0x011bf81d
          0x011bf81e
          0x011bf81f
          0x011bf820
          0x011bf821
          0x011bf822
          0x011bf823
          0x011bf824
          0x011bf827
          0x011bf828
          0x011bf82a
          0x011bf82d
          0x011bf82e
          0x011bf82f
          0x011bf830
          0x011bf836
          0x011bf83e
          0x011bf843
          0x011bf846
          0x011bf848
          0x011bf84b
          0x011bf851
          0x011bf853
          0x011bf856
          0x00000000
          0x011bf859
          0x011bf859
          0x011bf85c
          0x011bf889
          0x011bf889
          0x011bf88b
          0x011bf88e
          0x011bf891
          0x011bf893
          0x011bf896
          0x011bf89a
          0x011bf8c1
          0x011bf8c1
          0x011bf8c6
          0x011bf8c9
          0x011bf8c9
          0x011bf8cb
          0x011bf8cc
          0x00000000
          0x011bf89c
          0x011bf8a2
          0x011bf8ae
          0x011bf8b3
          0x011bf8b8
          0x011bff16
          0x011bff16
          0x011bff17
          0x011bff18
          0x011bff19
          0x011bff1a
          0x011bff1b
          0x011bff20
          0x011bff21
          0x011bff22
          0x011bff23
          0x011bff24
          0x011bff25
          0x011bff26
          0x011bff27
          0x011bff28
          0x011bff29
          0x011bff2a
          0x011bff2b
          0x011bff2c
          0x011bff2d
          0x011bff2e
          0x011bff2f
          0x011bff30
          0x011bff31
          0x011bff32
          0x011bff33
          0x011bff34
          0x011bff35
          0x011bff36
          0x011bff37
          0x011bff38
          0x011bff39
          0x011bff3a
          0x011bff3b
          0x011bff3c
          0x011bff3d
          0x011bff3e
          0x011bff3f
          0x011bff40
          0x011bff41
          0x011bff42
          0x011bff43
          0x011bff44
          0x011bff45
          0x011bff46
          0x011bff47
          0x011bff48
          0x011bff49
          0x011bff4a
          0x011bff4b
          0x011bff4c
          0x011bff4d
          0x011bff4e
          0x011bff4f
          0x011bff50
          0x011bff51
          0x011bff52
          0x011bff53
          0x011bff54
          0x011bff55
          0x011bff56
          0x011bff57
          0x011bff58
          0x011bff59
          0x011bff5a
          0x011bff5b
          0x011bff5c
          0x011bff5d
          0x011bff5e
          0x011bff5f
          0x011bff60
          0x011bff61
          0x011bff62
          0x011bff63
          0x011bff64
          0x011bff65
          0x011bff66
          0x011bff67
          0x011bff68
          0x011bff69
          0x011bff6a
          0x011bff6b
          0x011bff6c
          0x011bff6d
          0x011bff6e
          0x011bff6f
          0x011bff70
          0x011bff71
          0x011bff72
          0x011bff73
          0x011bff74
          0x011bff75
          0x011bff76
          0x011bff77
          0x011bff78
          0x011bff79
          0x011bff7a
          0x011bff7b
          0x011bff7c
          0x011bff7d
          0x011bff7e
          0x011bff7f
          0x011bff80
          0x011bff81
          0x011bff82
          0x011bff83
          0x011bff84
          0x011bff85
          0x011bff86
          0x011bff87
          0x011bff88
          0x011bff89
          0x011bff8a
          0x011bff8b
          0x011bff8c
          0x011bff8d
          0x011bff8e
          0x011bff8f
          0x011bff90
          0x011bff91
          0x011bff92
          0x011bff93
          0x011bff94
          0x011bff95
          0x011bff96
          0x011bff97
          0x011bff98
          0x011bff99
          0x011bff9a
          0x011bff9b
          0x011bff9c
          0x011bff9d
          0x011bff9e
          0x011bff9f
          0x011bffa0
          0x011bffa1
          0x011bffa2
          0x011bffa3
          0x011bffa4
          0x011bffa5
          0x011bffa6
          0x011bffa7
          0x011bffa8
          0x011bffa9
          0x011bffaa
          0x011bffab
          0x011bffac
          0x011bffad
          0x011bffae
          0x011bffaf
          0x011bffb0
          0x011bffb1
          0x011bffb2
          0x011bffb3
          0x011bffb4
          0x011bffb5
          0x011bffb6
          0x011bffb7
          0x011bffb8
          0x011bffb9
          0x011bffba
          0x011bffbb
          0x011bffbc
          0x011bffbd
          0x011bffbe
          0x011bffbf
          0x011bffc0
          0x011bffc1
          0x011bffc2
          0x011bffc3
          0x011bffc4
          0x011bffc5
          0x011bffc6
          0x011bffc7
          0x011bffc8
          0x011bffc9
          0x011bffca
          0x011bffcb
          0x011bffcc
          0x011bffcd
          0x011bffce
          0x011bffcf
          0x011bffd0
          0x011bffd1
          0x011bffd2
          0x011bffd3
          0x011bffd4
          0x011bffd5
          0x011bffd6
          0x011bffd7
          0x011bffd8
          0x011bffd9
          0x011bffda
          0x011bffdb
          0x011bffdc
          0x011bffdd
          0x011bffde
          0x011bffdf
          0x011bffe0
          0x011bffe1
          0x011bffe2
          0x011bffe3
          0x011bffe4
          0x011bffe5
          0x011bffe6
          0x011bffe7
          0x011bffe8
          0x011bffe9
          0x011bffea
          0x011bffeb
          0x011bffec
          0x011bffed
          0x011bffee
          0x011bffef
          0x011bfff0
          0x011bfff1
          0x011bfff2
          0x011bfff3
          0x011bfff4
          0x011bfff5
          0x011bfff6
          0x011bfff7
          0x011bfff8
          0x011bfff9
          0x011bfffa
          0x011bfffb
          0x011bfffc
          0x011bfffd
          0x011bfffe
          0x011bffff
          0x011c0000
          0x011c0001
          0x011c0002
          0x011c0003
          0x011c0004
          0x011c0005
          0x011c0006
          0x011c0007
          0x011c0008
          0x011c0009
          0x011c000a
          0x011c000b
          0x011c000c
          0x011c000d
          0x011c000e
          0x011c000f
          0x011c0010
          0x011c0011
          0x011c0012
          0x011c0013
          0x011c0014
          0x011c0015
          0x011c0016
          0x011c0017
          0x011c0018
          0x011c0019
          0x011c001a
          0x011c001b
          0x011c001c
          0x011c001d
          0x011c001e
          0x011c001f
          0x011c0020
          0x011c0021
          0x011c0022
          0x011c0023
          0x011c0024
          0x011c0025
          0x011c0026
          0x011c0027
          0x011c0028
          0x011c0029
          0x011c002a
          0x011c002b
          0x011c002c
          0x011c002d
          0x011c002e
          0x011c002f
          0x011c0030
          0x011c0031
          0x011c0032
          0x011c0033
          0x011c0034
          0x011c0035
          0x011c0036
          0x011c0037
          0x011c0038
          0x011c0039
          0x011c003a
          0x011c003b
          0x011c003c
          0x011c003d
          0x011c003e
          0x011c003f
          0x011c0040
          0x011c0041
          0x011c0042
          0x011c0043
          0x011c0044
          0x011c0045
          0x011c0046
          0x011c0047
          0x011c0048
          0x011c0049
          0x011c004a
          0x011c004b
          0x011c004c
          0x011c004d
          0x011c004e
          0x011c004f
          0x011c0050
          0x011c0051
          0x011c0052
          0x011c0053
          0x011c0054
          0x011c0055
          0x011c0056
          0x011c0057
          0x011c0058
          0x011c0059
          0x011c005a
          0x011c005b
          0x011c005c
          0x011c005d
          0x011c005e
          0x011c005f
          0x011c0060
          0x011c0061
          0x011c0062
          0x011c0063
          0x011c0064
          0x011c0065
          0x011c0066
          0x011c0067
          0x011c0068
          0x011c0069
          0x011c006a
          0x011c006b
          0x011c006c
          0x011c006d
          0x011c006e
          0x011c006f
          0x011c0070
          0x011c0071
          0x011c0072
          0x011c0073
          0x011c0074
          0x011c0075
          0x011c0076
          0x011c0077
          0x011c0078
          0x011c0079
          0x011c007a
          0x011c007b
          0x011c007c
          0x011c007d
          0x011c007e
          0x011c007f
          0x011c0080
          0x011c0081
          0x011c0082
          0x011c0083
          0x011c0084
          0x011c0085
          0x011c0086
          0x011c0087
          0x011c0088
          0x011c0089
          0x011c008a
          0x011c008b
          0x011c008c
          0x011c008d
          0x011c008e
          0x011c008f
          0x011c0090
          0x011c0091
          0x011c0092
          0x011c0093
          0x011c0094
          0x011c0095
          0x011c0096
          0x011c0097
          0x011c0098
          0x011c0099
          0x011c009a
          0x011c009b
          0x011c009c
          0x011c009d
          0x011c009e
          0x011c009f
          0x011c00a0
          0x011c00a1
          0x011c00a2
          0x011c00a3
          0x011c00a4
          0x011c00a5
          0x011c00a6
          0x011c00a7
          0x011c00a8
          0x011c00a9
          0x011c00aa
          0x011c00ab
          0x011c00ac
          0x011c00ad
          0x011c00ae
          0x011c00af
          0x011c00b0
          0x011c00b1
          0x011c00b2
          0x011c00b3
          0x011c00b4
          0x011c00b5
          0x011c00b6
          0x011c00b7
          0x011c00b8
          0x011c00b9
          0x011c00ba
          0x011c00bb
          0x011c00bc
          0x011c00bd
          0x011c00be
          0x011c00bf
          0x011c00c0
          0x011c00c1
          0x011c00c2
          0x011c00c3
          0x011c00c4
          0x011c00c5
          0x011c00c6
          0x011c00c7
          0x011c00c8
          0x011c00c9
          0x011c00ca
          0x011c00cb
          0x011c00cc
          0x011c00cd
          0x011c00ce
          0x011c00cf
          0x011c00d0
          0x011c00d1
          0x011c00d2
          0x011c00d3
          0x011c00d4
          0x011c00d5
          0x011c00d6
          0x011c00d7
          0x011c00d8
          0x011c00d9
          0x011c00da
          0x011c00db
          0x011c00dc
          0x011c00dd
          0x011c00de
          0x011c00df
          0x011c00e2
          0x011c00ff
          0x011bf8be
          0x011bf8be
          0x00000000
          0x011bf8be
          0x011bf8b8
          0x00000000
          0x011bf8d0
          0x011bf8d4
          0x011bf8d7
          0x011bf8d9
          0x011bf8da
          0x011bf8dd
          0x011bf8e0
          0x011bf8e8
          0x011bf8ea
          0x011bf8ed
          0x011bf8f0
          0x011bf8f4
          0x011bf91d
          0x011bf91d
          0x011bf922
          0x011bf925
          0x011bf925
          0x011bf927
          0x011bf928
          0x00000000
          0x011bf8f6
          0x011bf8fe
          0x011bf90a
          0x011bf90f
          0x011bf914
          0x00000000
          0x011bf91a
          0x011bf91a
          0x00000000
          0x011bf91a
          0x011bf914
          0x00000000
          0x011bf92c
          0x011bf930
          0x011bf932
          0x011bf935
          0x011bf936
          0x011bf939
          0x011bf941
          0x011bf943
          0x011bf946
          0x011bf949
          0x011bf94d
          0x011bf976
          0x011bf976
          0x011bf97b
          0x011bf97e
          0x011bf97e
          0x011bf980
          0x011bf981
          0x00000000
          0x011bf94f
          0x011bf957
          0x011bf963
          0x011bf968
          0x011bf96d
          0x00000000
          0x011bf973
          0x011bf973
          0x00000000
          0x011bf973
          0x011bf96d
          0x00000000
          0x011bf985
          0x011bf989
          0x011bf98b
          0x011bf98e
          0x011bf98f
          0x011bf992
          0x011bf99a
          0x011bf99c
          0x011bf99f
          0x011bf9a2
          0x011bf9a6
          0x011bf9cf
          0x011bf9cf
          0x011bf9d4
          0x011bf9d7
          0x011bf9d7
          0x011bf9d9
          0x011bf9da
          0x00000000
          0x011bf9a8
          0x011bf9b0
          0x011bf9bc
          0x011bf9c1
          0x011bf9c6
          0x00000000
          0x011bf9cc
          0x011bf9cc
          0x00000000
          0x011bf9cc
          0x011bf9c6
          0x00000000
          0x011bf9de
          0x011bf9e2
          0x011bf9e4
          0x011bf9e7
          0x011bf9e8
          0x011bf9eb
          0x011bf9f3
          0x011bf9f5
          0x011bf9f8
          0x011bf9fe
          0x011bfa02
          0x011bfa2b
          0x011bfa2b
          0x011bfa30
          0x011bfa33
          0x011bfa33
          0x011bfa35
          0x011bfa36
          0x00000000
          0x011bfa04
          0x011bfa0c
          0x011bfa18
          0x011bfa1d
          0x011bfa22
          0x00000000
          0x011bfa28
          0x011bfa28
          0x00000000
          0x011bfa28
          0x011bfa22
          0x00000000
          0x011bfa3a
          0x011bfa3e
          0x011bfa40
          0x011bfa43
          0x011bfa44
          0x011bfa47
          0x011bfa50
          0x011bfa53
          0x011bfa7e
          0x011bfa81
          0x011bfa87
          0x011bfa8a
          0x011bfa8a
          0x011bfa8c
          0x011bfa8d
          0x011bfa94
          0x011bfa9a
          0x011bfac5
          0x011bfac8
          0x011bface
          0x011bfad1
          0x011bfad1
          0x011bfad3
          0x011bfad4
          0x011bfadb
          0x011bfae1
          0x011bfb0c
          0x011bfb0f
          0x011bfb15
          0x011bfb18
          0x011bfb18
          0x011bfb1a
          0x011bfb1b
          0x011bfb21
          0x011bfb27
          0x011bfb2a
          0x011bfb2f
          0x011bfb3a
          0x011bfb40
          0x011bfb40
          0x011bfb49
          0x011bfb4c
          0x00000000
          0x011bfb55
          0x011bfb5d
          0x011bfb87
          0x011bfb87
          0x011bfb89
          0x011bfb8c
          0x011bfb8c
          0x011bfb8f
          0x011bfb92
          0x011bfb9c
          0x011bfb9f
          0x011bfba7
          0x011bfbaa
          0x011bfbad
          0x011bfbae
          0x011bfbb4
          0x00000000
          0x011bfbb6
          0x011bfbb9
          0x011bfbbc
          0x00000000
          0x011bfbc5
          0x011bfbce
          0x011bfbfb
          0x011bfbfb
          0x011bfbfd
          0x011bfc00
          0x011bfc00
          0x011bfc03
          0x011bfc06
          0x011bfc12
          0x011bfc18
          0x011bfc1b
          0x011bfc1c
          0x011bfc22
          0x00000000
          0x011bfc24
          0x011bfc27
          0x011bfc2a
          0x00000000
          0x011bfc33
          0x011bfc3c
          0x011bfc69
          0x011bfc69
          0x011bfc6b
          0x011bfc6e
          0x011bfc6e
          0x011bfc71
          0x011bfc74
          0x011bfc80
          0x011bfc86
          0x011bfc89
          0x011bfc8a
          0x011bfc90
          0x00000000
          0x011bfc92
          0x011bfc95
          0x011bfc98
          0x00000000
          0x011bfca1
          0x011bfcaa
          0x011bfcd7
          0x011bfcd7
          0x011bfcd9
          0x011bfcdc
          0x011bfcdc
          0x011bfcdf
          0x011bfce2
          0x011bfcee
          0x011bfcf4
          0x011bfcf7
          0x011bfcf8
          0x011bfcfe
          0x00000000
          0x011bfd00
          0x011bfd03
          0x011bfd06
          0x00000000
          0x011bfd0f
          0x011bfd18
          0x011bfd45
          0x011bfd45
          0x011bfd47
          0x011bfd4a
          0x011bfd4a
          0x011bfd4d
          0x011bfd50
          0x011bfd5c
          0x011bfd62
          0x011bfd65
          0x011bfd66
          0x011bfd6c
          0x00000000
          0x011bfd6e
          0x011bfd71
          0x011bfd70
          0x011bfd70
          0x011bfd7a
          0x011bfd7d
          0x011bfdae
          0x011bfdb1
          0x011bfdb7
          0x011bfdba
          0x011bfdba
          0x011bfdbd
          0x011bfdc0
          0x011bfdcc
          0x011bfdd2
          0x011bfdd1
          0x011bfdd1
          0x011bfddb
          0x011bfe0c
          0x011bfe0f
          0x011bfe15
          0x011bfe18
          0x011bfe18
          0x011bfe1b
          0x011bfe1e
          0x011bfe2a
          0x011bfe30
          0x011bfe2f
          0x011bfe2f
          0x011bfe39
          0x011bfe6a
          0x011bfe6d
          0x011bfe73
          0x011bfe76
          0x011bfe76
          0x011bfe79
          0x011bfe7c
          0x011bfe88
          0x011bfe8e
          0x011bfe8d
          0x011bfe8d
          0x011bfe97
          0x011bfec4
          0x011bfec7
          0x011bfecd
          0x011bfed0
          0x011bfed0
          0x011bfed3
          0x011bfed6
          0x011bfee2
          0x011bfee3
          0x011bfee9
          0x011bfeef
          0x011bfefc
          0x00000000
          0x011bfef1
          0x011bfef1
          0x011bfef4
          0x00000000
          0x011bfef4
          0x011bfe99
          0x011bfea3
          0x011bfeb8
          0x011bfebd
          0x011bfec2
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfec2
          0x011bfe3b
          0x011bfe45
          0x011bfe5a
          0x011bfe5f
          0x011bfe64
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfe64
          0x011bfddd
          0x011bfde7
          0x011bfdfc
          0x011bfe01
          0x011bfe06
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfe06
          0x011bfd7f
          0x011bfd89
          0x011bfd9e
          0x011bfda3
          0x011bfda8
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfda8
          0x011bfd7d
          0x011bfd1a
          0x011bfd27
          0x011bfd35
          0x011bfd3a
          0x011bfd3f
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfd3f
          0x00000000
          0x011bfd18
          0x011bfd0e
          0x00000000
          0x011bfd0e
          0x011bfcac
          0x011bfcb9
          0x011bfcc7
          0x011bfccc
          0x011bfcd1
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfcd1
          0x00000000
          0x011bfcaa
          0x011bfca0
          0x00000000
          0x011bfca0
          0x011bfc3e
          0x011bfc4b
          0x011bfc59
          0x011bfc5e
          0x011bfc63
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfc63
          0x00000000
          0x011bfc3c
          0x011bfc32
          0x00000000
          0x011bfc32
          0x011bfbd0
          0x011bfbdd
          0x011bfbeb
          0x011bfbf0
          0x011bfbf5
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfbf5
          0x00000000
          0x011bfbce
          0x011bfbc4
          0x00000000
          0x011bfbc4
          0x011bfb5f
          0x011bfb69
          0x011bfb77
          0x011bfb7c
          0x011bfb81
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfb81
          0x00000000
          0x011bfb5d
          0x011bfb54
          0x00000000
          0x011bfae3
          0x011bfae9
          0x011bfafc
          0x011bfb01
          0x011bfb06
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfb06
          0x011bfa9c
          0x011bfaa2
          0x011bfab5
          0x011bfaba
          0x011bfabf
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfabf
          0x011bfa55
          0x011bfa5b
          0x011bfa6e
          0x011bfa73
          0x011bfa78
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bfa78
          0x011bf85e
          0x011bf85f
          0x011bf864
          0x011bf86a
          0x011bfeff
          0x011bff03
          0x011bff08
          0x011bff08
          0x011bff15
          0x011bf870
          0x011bf873
          0x011bf878
          0x011bf87b
          0x011bf87e
          0x011bf881
          0x011bf884
          0x00000000
          0x011bf884
          0x011bf86a
          0x00000000
          0x011bf85c
          0x011bf6f3
          0x011bf6f3
          0x011bf7a3
          0x011bf7a4
          0x011bf7ae
          0x011bf7b3
          0x011bf7b3
          0x011bf7c0
          0x011bf7c0
          0x011bf53d
          0x011bf53d
          0x011bf5ed
          0x011bf5ee
          0x011bf5f8
          0x011bf5fd
          0x011bf5fd
          0x011bf60a
          0x011bf60a
          0x00000000

          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e182f53c0e118eeda4d49a16660ba0d3fad83da80bb618867c543e3538c1f775
          • Instruction ID: de88157e0eae53cad57872eda90fc31c78e970a7a631ca5fe817e1eed1b6948a
          • Opcode Fuzzy Hash: e182f53c0e118eeda4d49a16660ba0d3fad83da80bb618867c543e3538c1f775
          • Instruction Fuzzy Hash: 29628A34A0020A9BCB19CFACC9D4AFEBBB5EF45304F294169DD4697345E731AA46CB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011D1D69 Relevance: .6, Instructions: 637COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0f9b0c4f04aa689b4fe360667a1cc6ee3f4155e4ebf275b95786d1f2463118f1
          • Instruction ID: aeabad04bf5d520cf34376b0f9e9281feb445aa04416b925c573db3b97d2c3f8
          • Opcode Fuzzy Hash: 0f9b0c4f04aa689b4fe360667a1cc6ee3f4155e4ebf275b95786d1f2463118f1
          • Instruction Fuzzy Hash: D732F522D29F014DD72B9538D8313356699AFB72D4F15D73BE83AB5A99EB39C4C34200
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01154462 Relevance: .5, Instructions: 451COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 94%
          			E01154462(signed int* _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr* _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t190;
				signed int _t191;
				intOrPtr _t192;
				signed int _t195;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t204;
				signed int _t210;
				intOrPtr _t216;
				void* _t219;
				signed int _t221;
				signed int _t232;
				void* _t236;
				signed int _t239;
				signed int* _t245;
				signed int _t247;
				signed int* _t248;
				signed int* _t250;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t255;
				signed int _t259;
				unsigned int _t260;
				signed int _t262;
				signed int* _t266;
				signed int _t267;
				signed int _t268;
				intOrPtr _t270;
				void* _t274;
				signed char _t280;
				signed int* _t283;
				signed int _t287;
				signed int* _t288;
				intOrPtr* _t295;
				signed int _t297;
				signed int _t298;
				signed int* _t301;
				signed int _t302;
				signed int _t304;
				intOrPtr* _t305;
				signed int _t309;
				signed int _t310;
				signed int _t315;
				signed int _t320;
				signed int _t321;
				signed int _t323;
				void* _t324;
				signed int _t325;
				signed int _t328;
				signed int _t332;
				signed int* _t334;
				signed int _t338;
				signed int _t340;
				signed int _t341;
				signed int _t343;
				void* _t344;
				signed int _t349;
				signed int _t356;
				signed int* _t357;

				_t245 = _a4;
				_t338 =  *_t245;
				if(_t338 == 0) {
					L76:
					__eflags = 0;
					return 0;
				} else {
					_t295 = _a8;
					_t190 =  *_t295;
					_v56 = _t190;
					if(_t190 == 0) {
						goto L76;
					} else {
						_t320 = _t190 - 1;
						_t259 = _t338 - 1;
						_v12 = _t259;
						if(_t320 != 0) {
							__eflags = _t320 - _t259;
							if(_t320 > _t259) {
								goto L76;
							} else {
								_t191 = _t259;
								_t297 = _t259 - _t320;
								__eflags = _t259 - _t297;
								if(_t259 < _t297) {
									L21:
									_t297 = _t297 + 1;
									__eflags = _t297;
								} else {
									_t283 =  &(_t245[_t259 + 1]);
									_t356 = _a8 + _t320 * 4 + 4;
									__eflags = _t356;
									while(1) {
										__eflags =  *_t356 -  *_t283;
										if(__eflags != 0) {
											break;
										}
										_t191 = _t191 - 1;
										_t356 = _t356 - 4;
										_t283 = _t283 - 4;
										__eflags = _t191 - _t297;
										if(_t191 >= _t297) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									if(__eflags < 0) {
										goto L21;
									}
								}
								L22:
								__eflags = _t297;
								if(__eflags == 0) {
									goto L76;
								} else {
									_t192 = _a8;
									_t247 = _v56;
									_t340 =  *(_t192 + _t247 * 4);
									_t260 =  *(_t192 + _t247 * 4 - 4);
									asm("bsr eax, esi");
									_v52 = _t340;
									_v36 = _t260;
									if(__eflags == 0) {
										_t321 = 0x20;
									} else {
										_t321 = 0x1f - _t192;
									}
									_v16 = _t321;
									_v48 = 0x20 - _t321;
									__eflags = _t321;
									if(_t321 != 0) {
										_t280 = _t321;
										_v36 = _v36 << _t280;
										_v52 = _t340 << _t280 | _t260 >> _v48;
										__eflags = _t247 - 2;
										if(_t247 > 2) {
											_t70 =  &_v36;
											 *_t70 = _v36 |  *(_a8 + _t247 * 4 - 8) >> _v48;
											__eflags =  *_t70;
										}
									}
									_t341 = 0;
									_v32 = 0;
									_t298 = _t297 + 0xffffffff;
									__eflags = _t298;
									_v28 = _t298;
									if(_t298 >= 0) {
										_t197 = _t298 + _t247;
										_t250 = _a4;
										_v60 = _t197;
										_v64 = _t250 + 4 + _t298 * 4;
										_t266 = _t250 - 4 + _t197 * 4;
										_v80 = _t266;
										do {
											__eflags = _t197 - _v12;
											if(_t197 > _v12) {
												_t198 = 0;
												__eflags = 0;
											} else {
												_t198 = _t266[2];
											}
											_t302 = _t266[1];
											_t267 =  *_t266;
											_v76 = _t198;
											_v40 = 0;
											_v8 = _t198;
											_v24 = _t267;
											__eflags = _t321;
											if(_t321 != 0) {
												_t309 = _v8;
												_t328 = _t267 >> _v48;
												_t221 = L01153E27(_t302, _v16, _t309);
												_t267 = _v16;
												_t198 = _t309;
												_t302 = _t328 | _t221;
												_t341 = _v24 << _t267;
												__eflags = _v60 - 3;
												_v8 = _t309;
												_v24 = _t341;
												if(_v60 >= 3) {
													_t267 = _v48;
													_t341 = _t341 |  *(_t250 + (_v56 + _v28) * 4 - 8) >> _t267;
													__eflags = _t341;
													_t198 = _v8;
													_v24 = _t341;
												}
											}
											_push(_t250);
											_t199 = L011517CB(_t302, _t198, _v52, 0);
											_v40 = _t250;
											_t252 = _t199;
											_t343 = _t341 ^ _t341;
											_t200 = _t302;
											_v8 = _t252;
											_v20 = _t200;
											_t323 = _t267;
											_v72 = _t252;
											_v68 = _t200;
											_v40 = _t343;
											__eflags = _t200;
											if(_t200 != 0) {
												L39:
												_t253 = _t252 + 1;
												asm("adc eax, 0xffffffff");
												_t323 = _t323 + L0115252C(_t253, _t200, _v52, 0);
												asm("adc esi, edx");
												_t252 = _t253 | 0xffffffff;
												_t200 = 0;
												__eflags = 0;
												_v40 = _t343;
												_v8 = _t252;
												_v72 = _t252;
												_v20 = 0;
												_v68 = 0;
											} else {
												__eflags = _t252 - 0xffffffff;
												if(_t252 > 0xffffffff) {
													goto L39;
												}
											}
											__eflags = _t343;
											if(__eflags <= 0) {
												if(__eflags < 0) {
													goto L43;
												} else {
													__eflags = _t323 - 0xffffffff;
													if(_t323 <= 0xffffffff) {
														while(1) {
															L43:
															_v8 = _v24;
															_t219 = L0115252C(_v36, 0, _t252, _t200);
															__eflags = _t302 - _t323;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L46:
																_t200 = _v20;
																_t252 = _t252 + 0xffffffff;
																_v72 = _t252;
																asm("adc eax, 0xffffffff");
																_t323 = _t323 + _v52;
																__eflags = _t323;
																_v20 = _t200;
																asm("adc dword [ebp-0x24], 0x0");
																_v68 = _t200;
																if(_t323 == 0) {
																	__eflags = _t323 - 0xffffffff;
																	if(_t323 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t219 - _v8;
																if(_t219 <= _v8) {
																	break;
																} else {
																	goto L46;
																}
															}
															L50:
															_v8 = _t252;
															goto L51;
														}
														_t200 = _v20;
														goto L50;
													}
												}
											}
											L51:
											__eflags = _t200;
											if(_t200 != 0) {
												L53:
												_t268 = _v56;
												_t324 = 0;
												_t344 = 0;
												__eflags = _t268;
												if(_t268 != 0) {
													_t255 = _v64;
													_t210 = _a8 + 4;
													__eflags = _t210;
													_v40 = _t210;
													_v24 = _t268;
													do {
														_v12 =  *_t210;
														_t216 =  *_t255;
														_t274 = _t324 + _v72 * _v12;
														asm("adc esi, edx");
														_t324 = _t344;
														_t344 = 0;
														__eflags = _t216 - _t274;
														if(_t216 < _t274) {
															_t324 = _t324 + 1;
															asm("adc esi, esi");
														}
														 *_t255 = _t216 - _t274;
														_t255 = _t255 + 4;
														_t210 = _v40 + 4;
														_t153 =  &_v24;
														 *_t153 = _v24 - 1;
														__eflags =  *_t153;
														_v40 = _t210;
													} while ( *_t153 != 0);
													_t252 = _v8;
													_t268 = _v56;
												}
												__eflags = 0 - _t344;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L62:
														__eflags = _t268;
														if(_t268 != 0) {
															_t254 = 0;
															_t305 = _v64;
															_t349 = _a8 + 4;
															__eflags = _t349;
															_t325 = _t268;
															do {
																_t270 =  *_t305;
																_t349 = _t349 + 4;
																_t305 = _t305 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t305 - 4)) = _t270 +  *((intOrPtr*)(_t349 - 4)) + _t254;
																asm("adc eax, 0x0");
																_t254 = 0;
																_t325 = _t325 - 1;
																__eflags = _t325;
															} while (_t325 != 0);
															_t252 = _v8;
														}
														_t252 = _t252 + 0xffffffff;
														asm("adc dword [ebp-0x10], 0xffffffff");
													} else {
														__eflags = _v76 - _t324;
														if(_v76 < _t324) {
															goto L62;
														}
													}
												}
												_t204 = _v60 - 1;
												__eflags = _t204;
												_v12 = _t204;
											} else {
												__eflags = _t252;
												if(_t252 != 0) {
													goto L53;
												}
											}
											_t341 = _v32;
											_t250 = _a4;
											asm("adc esi, 0x0");
											_v64 = _v64 - 4;
											_t304 = _v28 - 1;
											_t321 = _v16;
											_t266 = _v80 - 4;
											_v32 = 0 + _t252;
											_t197 = _v60 - 1;
											_v28 = _t304;
											_v60 = _t197;
											_v80 = _t266;
											__eflags = _t304;
										} while (_t304 >= 0);
									}
									_t248 = _a4;
									_t262 = _v12 + 1;
									_t195 = _t262;
									__eflags = _t195 -  *_t248;
									if(_t195 <  *_t248) {
										_t301 =  &(( &(_t248[1]))[_t195]);
										do {
											 *_t301 = 0;
											_t301 =  &(_t301[1]);
											_t195 = _t195 + 1;
											__eflags = _t195 -  *_t248;
										} while (_t195 <  *_t248);
									}
									 *_t248 = _t262;
									__eflags = _t262;
									if(_t262 != 0) {
										while(1) {
											__eflags = _t248[_t262];
											if(_t248[_t262] != 0) {
												goto L75;
											}
											_t262 = _t262 + 0xffffffff;
											__eflags = _t262;
											 *_t248 = _t262;
											if(_t262 != 0) {
												continue;
											}
											goto L75;
										}
									}
									L75:
									return _v32;
								}
							}
						} else {
							_t310 =  *(_t295 + 4);
							_v12 = _t310;
							if(_t310 != 1) {
								__eflags = _t259;
								if(_t259 != 0) {
									_t332 = 0;
									_v16 = 0;
									_v40 = 0;
									_v28 = 0;
									__eflags = _t259 - 0xffffffff;
									if(_t259 != 0xffffffff) {
										_t287 = _t259 + 1;
										__eflags = _t287;
										_t288 =  &(_t245[_t287]);
										_v32 = _t288;
										do {
											_t236 = L011517CB( *_t288, _t332, _t310, 0);
											_v28 = _t245;
											_t245 = _t245;
											_v68 = _t310;
											_t332 = _t288;
											_v16 = 0 + _t236;
											_t310 = _v12;
											asm("adc ecx, 0x0");
											_v40 = _v16;
											_t288 = _v32 - 4;
											_v32 = _t288;
											_t338 = _t338 - 1;
											__eflags = _t338;
										} while (_t338 != 0);
										_t245 = _a4;
									}
									_v544 = 0;
									_t357 =  &(_t245[1]);
									 *_t245 = 0;
									E011BD23C(_t357, 0x1cc,  &_v540, 0);
									_t232 = _v28;
									__eflags = 0 - _t232;
									 *_t357 = _t332;
									_t245[2] = _t232;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t245 = 0xbadbae;
									return _v16;
								} else {
									_t334 =  &(_t245[1]);
									_v544 = _t259;
									 *_t245 = _t259;
									E011BD23C(_t334, 0x1cc,  &_v540, _t259);
									_t239 = _t245[1];
									_t315 = _t239 % _v12;
									__eflags = 0 - _t315;
									 *_t334 = _t315;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t245 =  ~0x00000000;
									return _t239 / _v12;
								}
							} else {
								_v544 = _t320;
								 *_t245 = _t320;
								E011BD23C( &(_t245[1]), 0x1cc,  &_v540, _t320);
								return _t245[1];
							}
						}
					}
				}
			}




















































































          0x011bb57c
          0x011bb581
          0x011bb585
          0x011bb9fd
          0x011bba01
          0x011bba07
          0x011bb58b
          0x011bb58b
          0x011bb58e
          0x011bb590
          0x011bb595
          0x00000000
          0x011bb59b
          0x011bb59b
          0x011bb59e
          0x011bb5a1
          0x011bb5a6
          0x011bb6d7
          0x011bb6d9
          0x00000000
          0x011bb6df
          0x011bb6e1
          0x011bb6e3
          0x011bb6e5
          0x011bb6e7
          0x011bb70b
          0x011bb70b
          0x011bb70b
          0x011bb6e9
          0x011bb6f0
          0x011bb6f3
          0x011bb6f3
          0x011bb6f6
          0x011bb6f8
          0x011bb6fa
          0x00000000
          0x00000000
          0x011bb6fc
          0x011bb6fd
          0x011bb700
          0x011bb703
          0x011bb705
          0x00000000
          0x011bb707
          0x00000000
          0x011bb707
          0x00000000
          0x011bb705
          0x011bb709
          0x00000000
          0x00000000
          0x011bb709
          0x011bb70c
          0x011bb70c
          0x011bb70e
          0x00000000
          0x011bb714
          0x011bb714
          0x011bb717
          0x011bb71a
          0x011bb71d
          0x011bb721
          0x011bb724
          0x011bb727
          0x011bb72a
          0x011bb735
          0x011bb72c
          0x011bb731
          0x011bb731
          0x011bb73f
          0x011bb744
          0x011bb747
          0x011bb749
          0x011bb752
          0x011bb754
          0x011bb75b
          0x011bb75e
          0x011bb761
          0x011bb76f
          0x011bb76f
          0x011bb76f
          0x011bb76f
          0x011bb761
          0x011bb772
          0x011bb774
          0x011bb77b
          0x011bb77b
          0x011bb77e
          0x011bb781
          0x011bb787
          0x011bb78a
          0x011bb78d
          0x011bb796
          0x011bb79c
          0x011bb79f
          0x011bb7a2
          0x011bb7a2
          0x011bb7a5
          0x011bb7ac
          0x011bb7ac
          0x011bb7a7
          0x011bb7a7
          0x011bb7a7
          0x011bb7ae
          0x011bb7b1
          0x011bb7b3
          0x011bb7b6
          0x011bb7bd
          0x011bb7c0
          0x011bb7c3
          0x011bb7c5
          0x011bb7d0
          0x011bb7d3
          0x011bb7d8
          0x011bb7dd
          0x011bb7e4
          0x011bb7e9
          0x011bb7eb
          0x011bb7ed
          0x011bb7f1
          0x011bb7f4
          0x011bb7f7
          0x011bb7ff
          0x011bb808
          0x011bb808
          0x011bb80a
          0x011bb80d
          0x011bb80d
          0x011bb7f7
          0x011bb810
          0x011bb818
          0x011bb81d
          0x011bb822
          0x011bb824
          0x011bb826
          0x011bb828
          0x011bb82b
          0x011bb82e
          0x011bb830
          0x011bb833
          0x011bb836
          0x011bb839
          0x011bb83b
          0x011bb842
          0x011bb847
          0x011bb84a
          0x011bb854
          0x011bb856
          0x011bb858
          0x011bb85b
          0x011bb85b
          0x011bb85d
          0x011bb860
          0x011bb863
          0x011bb866
          0x011bb869
          0x011bb83d
          0x011bb83d
          0x011bb840
          0x00000000
          0x00000000
          0x011bb840
          0x011bb86c
          0x011bb86e
          0x011bb870
          0x00000000
          0x011bb872
          0x011bb872
          0x011bb875
          0x011bb877
          0x011bb877
          0x011bb885
          0x011bb888
          0x011bb88d
          0x011bb88f
          0x00000000
          0x00000000
          0x011bb891
          0x011bb898
          0x011bb898
          0x011bb89b
          0x011bb89e
          0x011bb8a1
          0x011bb8a4
          0x011bb8a4
          0x011bb8a7
          0x011bb8aa
          0x011bb8ae
          0x011bb8b1
          0x011bb8b3
          0x011bb8b6
          0x00000000
          0x00000000
          0x011bb8b8
          0x011bb8b6
          0x011bb893
          0x011bb893
          0x011bb896
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bb896
          0x011bb8bd
          0x011bb8bd
          0x00000000
          0x011bb8bd
          0x011bb8ba
          0x00000000
          0x011bb8ba
          0x011bb875
          0x011bb870
          0x011bb8c0
          0x011bb8c0
          0x011bb8c2
          0x011bb8cc
          0x011bb8cc
          0x011bb8cf
          0x011bb8d1
          0x011bb8d3
          0x011bb8d5
          0x011bb8da
          0x011bb8dd
          0x011bb8dd
          0x011bb8e0
          0x011bb8e3
          0x011bb8e6
          0x011bb8e8
          0x011bb8fd
          0x011bb8ff
          0x011bb901
          0x011bb903
          0x011bb905
          0x011bb907
          0x011bb909
          0x011bb90b
          0x011bb90e
          0x011bb90e
          0x011bb912
          0x011bb914
          0x011bb91a
          0x011bb91d
          0x011bb91d
          0x011bb91d
          0x011bb921
          0x011bb921
          0x011bb926
          0x011bb929
          0x011bb929
          0x011bb92e
          0x011bb930
          0x011bb932
          0x011bb939
          0x011bb939
          0x011bb93b
          0x011bb940
          0x011bb942
          0x011bb945
          0x011bb945
          0x011bb948
          0x011bb950
          0x011bb950
          0x011bb952
          0x011bb957
          0x011bb95d
          0x011bb961
          0x011bb964
          0x011bb967
          0x011bb969
          0x011bb969
          0x011bb969
          0x011bb96e
          0x011bb96e
          0x011bb971
          0x011bb974
          0x011bb934
          0x011bb934
          0x011bb937
          0x00000000
          0x00000000
          0x011bb937
          0x011bb932
          0x011bb97b
          0x011bb97b
          0x011bb97c
          0x011bb8c4
          0x011bb8c4
          0x011bb8c6
          0x00000000
          0x00000000
          0x011bb8c6
          0x011bb97f
          0x011bb98c
          0x011bb98f
          0x011bb992
          0x011bb996
          0x011bb997
          0x011bb99a
          0x011bb99d
          0x011bb9a3
          0x011bb9a4
          0x011bb9a7
          0x011bb9aa
          0x011bb9ad
          0x011bb9ad
          0x011bb7a2
          0x011bb9b8
          0x011bb9bb
          0x011bb9bc
          0x011bb9be
          0x011bb9c0
          0x011bb9c5
          0x011bb9d0
          0x011bb9d0
          0x011bb9d6
          0x011bb9d9
          0x011bb9da
          0x011bb9da
          0x011bb9d0
          0x011bb9de
          0x011bb9e0
          0x011bb9e2
          0x011bb9e4
          0x011bb9e4
          0x011bb9e8
          0x00000000
          0x00000000
          0x011bb9ea
          0x011bb9ea
          0x011bb9ed
          0x011bb9ef
          0x00000000
          0x00000000
          0x00000000
          0x011bb9ef
          0x011bb9e4
          0x011bb9f1
          0x011bb9fc
          0x011bb9fc
          0x011bb70e
          0x011bb5ac
          0x011bb5ac
          0x011bb5af
          0x011bb5b5
          0x011bb5e6
          0x011bb5e8
          0x011bb62a
          0x011bb62c
          0x011bb633
          0x011bb63a
          0x011bb63d
          0x011bb640
          0x011bb642
          0x011bb642
          0x011bb643
          0x011bb646
          0x011bb650
          0x011bb65a
          0x011bb65f
          0x011bb662
          0x011bb664
          0x011bb667
          0x011bb670
          0x011bb673
          0x011bb676
          0x011bb679
          0x011bb67f
          0x011bb682
          0x011bb685
          0x011bb685
          0x011bb685
          0x011bb68a
          0x011bb68a
          0x011bb695
          0x011bb6a0
          0x011bb6a3
          0x011bb6af
          0x011bb6b4
          0x011bb6bf
          0x011bb6c1
          0x011bb6c3
          0x011bb6c9
          0x011bb6ce
          0x011bb6d0
          0x011bb6d6
          0x011bb5ea
          0x011bb5f5
          0x011bb5f8
          0x011bb604
          0x011bb606
          0x011bb60d
          0x011bb60f
          0x011bb617
          0x011bb619
          0x011bb61b
          0x011bb620
          0x011bb623
          0x011bb629
          0x011bb629
          0x011bb5b7
          0x011bb5c5
          0x011bb5d1
          0x011bb5d3
          0x011bb5e5
          0x011bb5e5
          0x011bb5b5
          0x011bb5a6
          0x011bb595

          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8d3ae30c21d2088df33db1c942c3e95f3ae74acad4e4648bdea6d407c3ec5b79
          • Instruction ID: c5810438b1e4bf9ab7e23984f69e2041838aedaf2038ec48e640bf1d63fc8f8e
          • Opcode Fuzzy Hash: 8d3ae30c21d2088df33db1c942c3e95f3ae74acad4e4648bdea6d407c3ec5b79
          • Instruction Fuzzy Hash: 20F14E71E042199FDF18CFA9C8D06EDBBB1FF48324F158269D919AB741D731AA01CB94
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011535CB Relevance: .4, Instructions: 376COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 68%
          			E011535CB(signed int* _a4, signed int _a8) {
				signed int _v8;
				char _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int* _v940;
				signed int _v944;
				signed int* _v948;
				signed int _v952;
				signed int _v956;
				signed int _v960;
				signed int* _v964;
				signed int _v968;
				signed int* _v972;
				signed int _v976;
				char _v1444;
				signed int _v1448;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t173;
				signed int _t177;
				signed int _t182;
				signed int _t183;
				signed int _t185;
				signed int _t186;
				signed int _t206;
				signed int _t207;
				signed int* _t209;
				void* _t211;
				signed int _t223;
				signed int _t233;
				signed int _t235;
				signed int _t236;
				signed int _t239;
				signed int _t241;
				signed int* _t245;
				void* _t246;
				signed int _t247;
				signed int* _t248;
				void* _t249;
				void* _t250;
				signed int _t251;
				void* _t252;
				signed int _t253;
				signed int _t254;
				signed int _t256;
				signed int _t258;
				signed int _t261;
				signed int _t266;
				signed int _t267;
				signed int _t269;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int* _t276;
				signed int* _t279;
				signed int* _t282;
				void* _t285;
				signed int _t286;
				void* _t287;
				void* _t288;
				signed int* _t290;
				void* _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				void* _t296;
				signed int _t297;
				void* _t298;
				void* _t299;
				signed int* _t301;
				void* _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t307;
				signed int _t312;
				void* _t313;

				_t307 = _t312;
				_t313 = _t312 - 0x5a4;
				_t173 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t173 ^ _t307;
				_t275 = 0xcccccccd * _a8 >> 0x20;
				_t245 = _a4;
				_t256 = 0xcccccccd * _a8 >> 0x20 >> 3;
				_t177 = _t256;
				_v940 = _t245;
				_v960 = _t256;
				_v976 = _t177;
				if(_t177 == 0) {
					L61:
					_t258 = _a8 - _t256 + _t256 * 4 + _t256 + _t256 * 4;
					if(_t258 == 0) {
						L64:
						_pop(_t285);
						_pop(_t296);
						_pop(_t246);
						return L01152ECD(1, _t246, _v8 ^ _t307, _t275, _t285, _t296);
					} else {
						_t286 =  *(0x11f6e84 + _t258 * 4);
						if(_t286 != 0) {
							if(_t286 == 1) {
								goto L64;
							} else {
								_t182 =  *_t245;
								_v960 = _t182;
								if(_t182 == 0) {
									goto L64;
								} else {
									_t276 =  &(_t245[1]);
									_t297 = 0;
									_v956 = _t276;
									_t261 = 0;
									_t247 = _t182;
									do {
										_t183 = _t286;
										_t185 = _t183 * _t276[_t261] + _t297;
										asm("adc edx, 0x0");
										_t297 = _t183 * _t276[_t261] >> 0x20;
										_t276 = _v956;
										_t276[_t261] = _t185;
										_t261 = _t261 + 1;
									} while (_t261 != _t247);
									_t248 = _v940;
									if(_t297 == 0) {
										goto L64;
									} else {
										_t186 =  *_t248;
										if(_t186 >= 0x73) {
											_v1448 = 0;
											 *_t248 = 0;
											E011BD23C(_t276, 0x1cc,  &_v1444, 0);
											_pop(_t287);
											_pop(_t298);
											_pop(_t249);
											return L01152ECD(0, _t249, _v8 ^ _t307, _t276, _t287, _t298);
										} else {
											 *(_t248 + 4 + _t186 * 4) = _t297;
											 *_t248 =  *_t248 + 1;
											_pop(_t288);
											_pop(_t299);
											_pop(_t250);
											return L01152ECD(1, _t250, _v8 ^ _t307, _t276, _t288, _t299);
										}
									}
								}
							}
						} else {
							_v1448 = _t286;
							 *_t245 = _t286;
							E011BD23C( &(_t245[1]), 0x1cc,  &_v1444, _t286);
							goto L64;
						}
					}
				} else {
					do {
						if(_t177 > 0x26) {
							_t177 = 0x26;
						}
						_t266 =  *(0x11f6dce + _t177 * 4) & 0x000000ff;
						_v952 = _t177;
						_v936 = _t266 + ( *(0x11f6dcf + _t177 * 4) & 0x000000ff);
						L01152F9A(_t266 * 4,  &_v932, 0, _t266 * 4);
						L01155385( &(( &_v932)[_t266]), 0x11f62f8 + ( *(0x11f6dcc + _v952 * 4) & 0x0000ffff) * 4, ( *(0x11f6dcf + _t177 * 4) & 0x000000ff) * 4);
						_t206 = _v936;
						_t313 = _t313 + 0x18;
						if(_t206 > 1) {
							_t275 =  *_t245;
							_t301 =  &(_t245[1]);
							_v944 = _t275;
							_v948 = _t301;
							if(_t275 > 1) {
								_t73 = _t206 - _t275 > 0;
								_t267 = _t266 & 0xffffff00 | _t73;
								if(_t73 >= 0) {
									_t290 = _t301;
									_v972 = _t301;
								} else {
									_t290 =  &_v932;
									_v972 = _t290;
								}
								if(_t267 == 0) {
									_v944 = _t206;
									_v964 =  &_v932;
									_t269 = _t275;
								} else {
									_v964 = _t301;
									_t269 = _t206;
								}
								_t207 = 0;
								_v968 = _t269;
								_t251 = 0;
								_v472 = 0;
								if(_t269 == 0) {
									L54:
									_t245 = _v940;
									 *_t245 = _t207;
									_push(_t207 << 2);
									_t209 =  &_v468;
									goto L55;
								} else {
									do {
										_t275 = _t290[_t251];
										_v956 = _t275;
										if(_t275 != 0) {
											_t303 = 0;
											_t292 = 0;
											_t272 = _t251;
											if(_v944 == 0) {
												L50:
												if(_t272 == 0x73) {
													goto L65;
												} else {
													_t269 = _v968;
													_t290 = _v972;
													goto L52;
												}
											} else {
												while(_t272 != 0x73) {
													if(_t272 == _t207) {
														_t92 = _t251 + 1; // 0x1
														 *(_t307 + _t272 * 4 - 0x1d0) = 0;
														_v472 = _t92 + _t292;
													}
													_t223 = _v964[_t292];
													_t100 = _t223 * _t275;
													_t275 = _t223 * _t275 >> 0x20;
													asm("adc edx, 0x0");
													 *(_t307 + _t272 * 4 - 0x1d0) = _t100 +  *(_t307 + _t272 * 4 - 0x1d0) + _t303;
													_t207 = _v472;
													asm("adc edx, 0x0");
													_t292 = _t292 + 1;
													_t272 = _t272 + 1;
													_t303 = _t275;
													if(_t292 != _v944) {
														_t275 = _v956;
														continue;
													}
													break;
												}
												if(_t303 == 0) {
													goto L50;
												} else {
													while(_t272 != 0x73) {
														if(_t272 == _t207) {
															_t113 = _t272 + 1; // 0x1
															 *(_t307 + _t272 * 4 - 0x1d0) = 0;
															_v472 = _t113;
														}
														 *(_t307 + _t272 * 4 - 0x1d0) =  *(_t307 + _t272 * 4 - 0x1d0) + _t303;
														asm("adc eax, eax");
														_t272 = _t272 + 1;
														_t303 = 0;
														_t207 = _v472;
														if(0 != 0) {
															continue;
														} else {
															goto L50;
														}
														goto L58;
													}
													L65:
													_t245 = _v940;
													_v1448 = 0;
													 *_t245 = 0;
													E011BD23C( &(_t245[1]), 0x1cc,  &_v1444, 0);
													_t313 = _t313 + 0x10;
													_t211 = 0;
												}
											}
										} else {
											if(_t251 == _t207) {
												_t86 = _t251 + 1; // 0x1
												_t207 = _t86;
												 *(_t307 + _t251 * 4 - 0x1d0) = _t275;
												_v472 = _t207;
											}
											goto L52;
										}
										goto L58;
										L52:
										_t251 = _t251 + 1;
									} while (_t251 != _t269);
									_t301 = _v948;
									goto L54;
								}
							} else {
								_t293 =  *_t301;
								 *_t245 = _t206;
								E011BD23C(_t301, 0x1cc,  &_v932, _t206 << 2);
								_t313 = _t313 + 0x10;
								if(_t293 != 0) {
									if(_t293 == 1) {
										goto L57;
									} else {
										_t254 =  *_t245;
										if(_t254 != 0) {
											_t282 = _v948;
											_t304 = 0;
											_t273 = 0;
											do {
												_t233 = _t293;
												_t235 = _t233 * _t282[_t273] + _t304;
												asm("adc edx, 0x0");
												_t304 = _t233 * _t282[_t273] >> 0x20;
												_t282 = _v948;
												_t282[_t273] = _t235;
												_t273 = _t273 + 1;
											} while (_t273 != _t254);
											goto L13;
										} else {
											_t245 = _v940;
											goto L57;
										}
									}
								} else {
									_v936 = _t293;
									_t209 =  &_v932;
									 *_t245 = _t293;
									_push(_t293);
									L55:
									_push(_t209);
									_push(0x1cc);
									_push(_t301);
									goto L56;
								}
							}
						} else {
							_t294 = _v932;
							if(_t294 != 0) {
								if(_t294 == 1) {
									goto L57;
								} else {
									_t253 =  *_t245;
									if(_t253 != 0) {
										_t305 = 0;
										_t279 =  &(_v940[1]);
										_t274 = 0;
										do {
											_t239 = _t294;
											_t294 = _v932;
											_t241 = _t239 * _t279[_t274] + _t305;
											asm("adc edx, 0x0");
											_t305 = _t239 * _t279[_t274] >> 0x20;
											_t279 =  &(_v940[1]);
											_t279[_t274] = _t241;
											_t274 = _t274 + 1;
										} while (_t274 != _t253);
										L13:
										_t245 = _v940;
										if(_t304 == 0) {
											goto L57;
										} else {
											_t236 =  *_t245;
											if(_t236 >= 0x73) {
												_v936 = 0;
												 *_t245 = 0;
												E011BD23C(_t279, 0x1cc,  &_v932, 0);
												_t313 = _t313 + 0x10;
												_t211 = 0;
											} else {
												 *(_t245 + 4 + _t236 * 4) = _t304;
												 *_t245 =  *_t245 + 1;
												goto L57;
											}
										}
									} else {
										_t245 = _v940;
										goto L57;
									}
								}
							} else {
								_push(_t294);
								_v472 = _t294;
								_push( &_v468);
								_push(0x1cc);
								 *_t245 = _t294;
								_push( &(_t245[1]));
								L56:
								E011BD23C();
								_t313 = _t313 + 0x10;
								L57:
								_t211 = 1;
							}
						}
						L58:
						if(_t211 == 0) {
							_v1448 = 0;
							 *_t245 = 0;
							E011BD23C( &(_t245[1]), 0x1cc,  &_v1444, 0);
							_pop(_t291);
							_pop(_t302);
							_pop(_t252);
							return L01152ECD(0, _t252, _v8 ^ _t307, _t275, _t291, _t302);
						} else {
							goto L59;
						}
						goto L75;
						L59:
						_t177 = _v976 - _v952;
						_v976 = _t177;
					} while (_t177 != 0);
					_t256 = _v960;
					goto L61;
				}
				L75:
			}


















































































          0x011bc183
          0x011bc185
          0x011bc18b
          0x011bc192
          0x011bc19a
          0x011bc19e
          0x011bc1a3
          0x011bc1a6
          0x011bc1a8
          0x011bc1ae
          0x011bc1b4
          0x011bc1be
          0x011bc536
          0x011bc53e
          0x011bc540
          0x011bc572
          0x011bc572
          0x011bc573
          0x011bc576
          0x011bc584
          0x011bc542
          0x011bc542
          0x011bc54b
          0x011bc5fc
          0x00000000
          0x011bc602
          0x011bc602
          0x011bc604
          0x011bc60c
          0x00000000
          0x011bc612
          0x011bc612
          0x011bc615
          0x011bc617
          0x011bc61d
          0x011bc61f
          0x011bc621
          0x011bc621
          0x011bc626
          0x011bc628
          0x011bc62b
          0x011bc62d
          0x011bc633
          0x011bc636
          0x011bc637
          0x011bc63b
          0x011bc643
          0x00000000
          0x011bc649
          0x011bc649
          0x011bc64e
          0x011bc671
          0x011bc682
          0x011bc688
          0x011bc697
          0x011bc698
          0x011bc699
          0x011bc6a2
          0x011bc650
          0x011bc650
          0x011bc656
          0x011bc658
          0x011bc659
          0x011bc65a
          0x011bc668
          0x011bc668
          0x011bc64e
          0x011bc643
          0x011bc60c
          0x011bc551
          0x011bc558
          0x011bc562
          0x011bc56a
          0x00000000
          0x011bc56f
          0x011bc54b
          0x011bc1c4
          0x011bc1c4
          0x011bc1c7
          0x011bc1c9
          0x011bc1c9
          0x011bc1ce
          0x011bc1de
          0x011bc1ef
          0x011bc1fe
          0x011bc22a
          0x011bc22f
          0x011bc235
          0x011bc23b
          0x011bc301
          0x011bc303
          0x011bc306
          0x011bc30c
          0x011bc315
          0x011bc391
          0x011bc391
          0x011bc394
          0x011bc3a4
          0x011bc3a6
          0x011bc396
          0x011bc396
          0x011bc39c
          0x011bc39c
          0x011bc3ae
          0x011bc3c0
          0x011bc3c6
          0x011bc3cc
          0x011bc3b0
          0x011bc3b0
          0x011bc3b6
          0x011bc3b6
          0x011bc3ce
          0x011bc3d0
          0x011bc3d6
          0x011bc3d8
          0x011bc3e0
          0x011bc4ed
          0x011bc4ed
          0x011bc4f3
          0x011bc4f8
          0x011bc4f9
          0x00000000
          0x011bc3e6
          0x011bc3f0
          0x011bc3f0
          0x011bc3f3
          0x011bc3fb
          0x011bc41a
          0x011bc41c
          0x011bc41e
          0x011bc426
          0x011bc4c9
          0x011bc4cc
          0x00000000
          0x011bc4d2
          0x011bc4d2
          0x011bc4d8
          0x00000000
          0x011bc4d8
          0x011bc430
          0x011bc430
          0x011bc437
          0x011bc439
          0x011bc43c
          0x011bc449
          0x011bc449
          0x011bc455
          0x011bc458
          0x011bc458
          0x011bc461
          0x011bc466
          0x011bc46d
          0x011bc473
          0x011bc476
          0x011bc477
          0x011bc478
          0x011bc480
          0x011bc482
          0x00000000
          0x011bc482
          0x00000000
          0x011bc480
          0x011bc48c
          0x00000000
          0x011bc490
          0x011bc490
          0x011bc49b
          0x011bc49d
          0x011bc4a0
          0x011bc4ab
          0x011bc4ab
          0x011bc4b3
          0x011bc4ba
          0x011bc4bc
          0x011bc4bd
          0x011bc4bf
          0x011bc4c7
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bc4c7
          0x011bc585
          0x011bc585
          0x011bc59c
          0x011bc5a7
          0x011bc5ad
          0x011bc5b2
          0x011bc5b5
          0x011bc5b5
          0x011bc48c
          0x011bc3fd
          0x011bc3ff
          0x011bc405
          0x011bc405
          0x011bc408
          0x011bc40f
          0x011bc40f
          0x00000000
          0x011bc3ff
          0x00000000
          0x011bc4de
          0x011bc4de
          0x011bc4df
          0x011bc4e7
          0x00000000
          0x011bc4e7
          0x011bc317
          0x011bc317
          0x011bc319
          0x011bc32c
          0x011bc331
          0x011bc336
          0x011bc34f
          0x00000000
          0x011bc355
          0x011bc355
          0x011bc359
          0x011bc366
          0x011bc36c
          0x011bc36e
          0x011bc370
          0x011bc370
          0x011bc375
          0x011bc377
          0x011bc37a
          0x011bc37c
          0x011bc382
          0x011bc385
          0x011bc386
          0x00000000
          0x011bc35b
          0x011bc35b
          0x00000000
          0x011bc35b
          0x011bc359
          0x011bc338
          0x011bc338
          0x011bc33e
          0x011bc344
          0x011bc346
          0x011bc4ff
          0x011bc4ff
          0x011bc500
          0x011bc505
          0x00000000
          0x011bc505
          0x011bc336
          0x011bc241
          0x011bc241
          0x011bc249
          0x011bc26c
          0x00000000
          0x011bc272
          0x011bc272
          0x011bc276
          0x011bc289
          0x011bc28b
          0x011bc28e
          0x011bc290
          0x011bc290
          0x011bc292
          0x011bc29b
          0x011bc29d
          0x011bc2a0
          0x011bc2a8
          0x011bc2ab
          0x011bc2ae
          0x011bc2af
          0x011bc2b3
          0x011bc2b3
          0x011bc2bb
          0x00000000
          0x011bc2c1
          0x011bc2c1
          0x011bc2c6
          0x011bc2db
          0x011bc2ec
          0x011bc2f2
          0x011bc2f7
          0x011bc2fa
          0x011bc2c8
          0x011bc2c8
          0x011bc2cc
          0x00000000
          0x011bc2cc
          0x011bc2c6
          0x011bc278
          0x011bc278
          0x00000000
          0x011bc278
          0x011bc276
          0x011bc24b
          0x011bc24b
          0x011bc252
          0x011bc258
          0x011bc259
          0x011bc261
          0x011bc263
          0x011bc506
          0x011bc506
          0x011bc50b
          0x011bc50e
          0x011bc50e
          0x011bc50e
          0x011bc249
          0x011bc510
          0x011bc512
          0x011bc5c4
          0x011bc5d2
          0x011bc5de
          0x011bc5e8
          0x011bc5e9
          0x011bc5ea
          0x011bc5f8
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011bc518
          0x011bc51e
          0x011bc524
          0x011bc524
          0x011bc530
          0x00000000
          0x011bc530
          0x00000000

          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 91cecb5de438ef513e46574288201028d7f70631bf4aeca5533aa4b19b939100
          • Instruction ID: fff60795c1de681ec3765685b580afc601b59613cdd766044d823345d5089ab7
          • Opcode Fuzzy Hash: 91cecb5de438ef513e46574288201028d7f70631bf4aeca5533aa4b19b939100
          • Instruction Fuzzy Hash: 2CE18471A002299FDB29DF58C8C0BEAB7B8EF85704F5440EAD949E7345D7709B848F91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01151E2E Relevance: .2, Instructions: 160COMMONCrypto
          Download Yara Rule
          C-Code - Quality: 25%
          			E01151E2E(signed char _a4, signed int _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed char _v32;
				intOrPtr _v36;
				void* _t85;
				intOrPtr _t106;
				intOrPtr _t109;
				signed char _t111;
				signed char _t113;
				intOrPtr _t119;
				signed int _t121;
				signed char _t127;
				signed char _t128;
				signed int _t129;
				void* _t134;
				signed int* _t139;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				intOrPtr _t143;
				signed int _t144;
				signed int _t145;

				_t106 = _a20;
				_t140 = _a8;
				_t134 = ((0 |  *((intOrPtr*)(_t106 + 4)) == 0x00000000) - 0x00000001 & 0x0000001d) + 0x17;
				if(_t140 > 0x40) {
					_t141 = _t140 >> 5;
					_t113 = _t140 & 0x0000001f;
					_v32 = _t113;
					_t144 = _t141 - 2;
					_v16 = _t144 << 5;
					_t81 = _a4;
					_v28 =  *((intOrPtr*)(_t81 + 4 + _t144 * 4));
					_v12 =  *((intOrPtr*)(_t81 + _t141 * 4));
					_t109 = _a20;
					__eflags = _t113;
					if(_t113 != 0) {
						_t111 = 1;
						_v24 = (1 << _t113) - 1;
						_t85 = 0x40;
						_v20 = _t85 - _t113;
						_v36 = _v16 + _t113 + _t134;
						_v8 = L01153E27(_v12, _v20 - 0x20, 0);
						_v12 = 0;
						_v8 = _v8 + L01153E27( *(_a4 + 4 + _t141 * 4) & _v24, _v20, 0);
						asm("adc [ebp-0x8], edx");
						_t142 = _v28;
						_t81 = L01151B04( !_v24 & _t142, _v32, 0);
						_t119 = _v8 + _t81;
						_v8 = _t119;
						asm("adc [ebp-0x8], edx");
						__eflags = _a16;
						if(_a16 != 0) {
							L17:
							_t111 = 0;
							__eflags = 0;
						} else {
							__eflags = _v24 & _t142;
							if((_v24 & _t142) != 0) {
								goto L17;
							}
						}
						_v16 = _t111;
						__eflags = _t144;
						if(_t144 != 0) {
							_t121 = _a4 + 4;
							__eflags = _t121;
							do {
								__eflags =  *_t121;
								_t121 = _t121 + 4;
								_t81 = (_t81 & 0xffffff00 | __eflags != 0x00000000) - 1;
								_t111 = _t111 & _t81;
								_v16 = _t111;
								_t144 = _t144 - 1;
								__eflags = _t144;
							} while (_t144 != 0);
							_t119 = _v8;
						}
						_push(_a20);
						_push(_v16);
						_push(_a12);
						_push(_v36);
						_push(_v12);
						_push(_t119);
					} else {
						_t143 = _v12;
						_v24 = _v16 + _t134;
						_v20 = 0 +  *((intOrPtr*)(_t81 + 4 + _t144 * 4));
						asm("adc edi, 0x0");
						_t127 = _a16 ^ 0x00000001;
						_v16 = _t127;
						__eflags = _t144;
						if(_t144 != 0) {
							_t139 = _t81 + 4;
							do {
								__eflags =  *_t139;
								_t139 =  &(_t139[1]);
								_t81 = (_t81 & 0xffffff00 | __eflags != 0x00000000) - 1;
								_t127 = _t127 & _t81;
								_t144 = _t144 - 1;
								__eflags = _t144;
							} while (_t144 != 0);
							_v16 = _t127;
						}
						_push(_t109);
						_push(_v16);
						_push(_a12);
						_push(_v24);
						_push(_t143);
						_push(_v20);
					}
				} else {
					_t128 = _a4;
					if( *_t128 <= 0) {
						_t145 = 0;
						__eflags = 0;
					} else {
						_t145 =  *((intOrPtr*)(_t128 + 4));
					}
					if( *_t128 <= 1) {
						_t129 = 0;
						__eflags = 0;
					} else {
						_t129 =  *((intOrPtr*)(_t128 + 8));
					}
					_push(_t106);
					_push((_a16 ^ 0x00000001) & 0x000000ff);
					_push(_a12);
					_t81 = 0 + _t145;
					_push(_t134);
					asm("adc ecx, 0x0");
					_push(_t129);
					_push(0 + _t145);
				}
				return L0115633E(_t81);
			}





























          0x011b8d4e
          0x011b8d53
          0x011b8d60
          0x011b8d66
          0x011b8da1
          0x011b8da4
          0x011b8da7
          0x011b8daa
          0x011b8db2
          0x011b8db5
          0x011b8dbc
          0x011b8dc2
          0x011b8dc5
          0x011b8dc8
          0x011b8dca
          0x011b8e1d
          0x011b8e23
          0x011b8e28
          0x011b8e2b
          0x011b8e3a
          0x011b8e4b
          0x011b8e51
          0x011b8e62
          0x011b8e68
          0x011b8e6d
          0x011b8e77
          0x011b8e7f
          0x011b8e81
          0x011b8e84
          0x011b8e87
          0x011b8e8b
          0x011b8e92
          0x011b8e92
          0x011b8e92
          0x011b8e8d
          0x011b8e8d
          0x011b8e90
          0x00000000
          0x00000000
          0x011b8e90
          0x011b8e94
          0x011b8e97
          0x011b8e99
          0x011b8e9e
          0x011b8e9e
          0x011b8ea1
          0x011b8ea1
          0x011b8ea4
          0x011b8eaa
          0x011b8eac
          0x011b8eae
          0x011b8eb1
          0x011b8eb1
          0x011b8eb1
          0x011b8eb6
          0x011b8eb6
          0x011b8eb9
          0x011b8ebf
          0x011b8ec2
          0x011b8ec5
          0x011b8ec8
          0x011b8ec9
          0x011b8dcc
          0x011b8dcf
          0x011b8dd4
          0x011b8ddd
          0x011b8de3
          0x011b8de6
          0x011b8de9
          0x011b8dec
          0x011b8dee
          0x011b8df0
          0x011b8df3
          0x011b8df3
          0x011b8df6
          0x011b8dfc
          0x011b8dfe
          0x011b8e00
          0x011b8e00
          0x011b8e00
          0x011b8e05
          0x011b8e05
          0x011b8e08
          0x011b8e09
          0x011b8e0c
          0x011b8e0f
          0x011b8e12
          0x011b8e13
          0x011b8e13
          0x011b8d68
          0x011b8d68
          0x011b8d6e
          0x011b8d75
          0x011b8d75
          0x011b8d70
          0x011b8d70
          0x011b8d70
          0x011b8d7a
          0x011b8d81
          0x011b8d81
          0x011b8d7c
          0x011b8d7c
          0x011b8d7c
          0x011b8d88
          0x011b8d8c
          0x011b8d8d
          0x011b8d92
          0x011b8d94
          0x011b8d95
          0x011b8d98
          0x011b8d99
          0x011b8d99
          0x011b8ed6

          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f85b0c60d4ef8b9450612640fc1f7a91357f5dcdd8fb055f441efcd10c7c66c2
          • Instruction ID: ad9630ad1c60f47115509493e65a4f60eab1f100b553129d28ac3c2e82b0de0a
          • Opcode Fuzzy Hash: f85b0c60d4ef8b9450612640fc1f7a91357f5dcdd8fb055f441efcd10c7c66c2
          • Instruction Fuzzy Hash: CE517071E00119EFDF09CF99C980AEEBBB6FF88704F198099E915AB241C7349E51CB91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01152838 Relevance: .1, Instructions: 105COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 05d787f8e77e214cbc617363401b8a18cb49de17b57829716cc24bc57f64e51d
          • Instruction ID: bf315431dcd9eaea4829f854628e15fced33a3591fc5d06caa03f363dc5cd067
          • Opcode Fuzzy Hash: 05d787f8e77e214cbc617363401b8a18cb49de17b57829716cc24bc57f64e51d
          • Instruction Fuzzy Hash: CA21A473F20839477B0CC47E8C57279B6E1978C641745423AE8A6EA2C1E968D917E2A4
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01151A64 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c16e94941032484bca33d3cdff0a4382b7e32661144ede102e3ae23996dc2f04
          • Instruction ID: 3c0d673555e74f32dcbeadf978141512aa4a77e50e3078917cd10ade802eb3dc
          • Opcode Fuzzy Hash: c16e94941032484bca33d3cdff0a4382b7e32661144ede102e3ae23996dc2f04
          • Instruction Fuzzy Hash: E6F06D72654224ABD72E9A5CC519B5877AAEB05B14F0105DAE706DB390C3B0EE00C7D2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01154827 Relevance: .0, Instructions: 30COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ae76aaa280b84e24bb4390aee1b6914ffec22afa0ecbc465cab1e003c2cf4674
          • Instruction ID: 1e72511e2602b52221d329cd14b064fa4a52c70dfa50177536a6570c116a7d1f
          • Opcode Fuzzy Hash: ae76aaa280b84e24bb4390aee1b6914ffec22afa0ecbc465cab1e003c2cf4674
          • Instruction Fuzzy Hash: A5F03032A11234DBCB2ADB4CD805B99B3ACEB48B54F114056F501D7251C7B0ED00CBD0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0115302B Relevance: .0, Instructions: 30COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 81bf4e0622aff4793f7d342c617a425659038980c12e364e0d7cb0f640c5006d
          • Instruction ID: 50b29b135b927c39ae4d618ebae98d7604de483f51e8f9219f6a5842bcb4f58d
          • Opcode Fuzzy Hash: 81bf4e0622aff4793f7d342c617a425659038980c12e364e0d7cb0f640c5006d
          • Instruction Fuzzy Hash: 44F03032610234EFCB2ACA4CD805B5973A8EB45B69F12549AE541DB251D770EE40CBD0
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01153C1A Relevance: 9.2, APIs: 6, Instructions: 225COMMON
          Download Yara Rule
          C-Code - Quality: 72%
          			E01153C1A(intOrPtr _a4, intOrPtr _a8, short* _a12, short* _a16, char* _a20, int _a24, int _a28) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				int _v32;
				char* _v36;
				short* _v40;
				int _v44;
				short* _v48;
				short* _v52;
				intOrPtr _v56;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t54;
				short* _t58;
				signed int _t63;
				signed int _t64;
				short* _t66;
				signed int _t68;
				signed int _t69;
				short* _t72;
				char* _t75;
				char* _t76;
				int _t79;
				intOrPtr _t88;
				intOrPtr _t89;
				short* _t96;
				signed int _t97;
				short* _t98;

				_t54 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t54 ^ _t97;
				_t96 = _a12;
				_t95 = _a16;
				_v56 = _a4;
				_t57 = _a20;
				_v32 = _t96;
				_v36 = _a20;
				if(_t95 <= 0) {
					if(_t95 < 0xffffffff) {
						goto L57;
					}
					goto L4;
				} else {
					_t95 = E011526D0(_t96, _t95);
					_t57 = _v36;
					L4:
					_t79 = _a24;
					if(_t79 <= 0) {
						if(_t79 < 0xffffffff) {
							L57:
							_t58 = 0;
							L58:
							return L01152ECD(_t58, _t79, _v8 ^ _t97, _t94, _t95, _t96);
						}
						L7:
						if(_t95 == 0 || _t79 == 0) {
							if(_t95 == _t79) {
								L56:
								_push(2);
								L21:
								_pop(_t58);
								goto L58;
							}
							if(_t79 > 1) {
								L30:
								_t58 = 1;
								goto L58;
							}
							if(_t95 > 1) {
								L20:
								_push(3);
								goto L21;
							}
							if(GetCPInfo(_a28,  &_v28) == 0) {
								goto L57;
							}
							if(_t95 <= 0) {
								if(_t79 <= 0) {
									goto L31;
								}
								if(_v28 < 2) {
									goto L30;
								}
								_t75 =  &_v22;
								if(_v22 == 0) {
									goto L30;
								}
								_t95 = _v36;
								while(1) {
									_t88 =  *((intOrPtr*)(_t75 + 1));
									if(_t88 == 0) {
										goto L30;
									}
									_t94 =  *_t95;
									if(_t94 <  *_t75 || _t94 > _t88) {
										_t75 = _t75 + 2;
										if( *_t75 != 0) {
											continue;
										}
										goto L30;
									} else {
										goto L56;
									}
								}
								goto L30;
							}
							if(_v28 < 2) {
								goto L20;
							}
							_t76 =  &_v22;
							if(_v22 == 0) {
								goto L20;
							} else {
								goto L16;
							}
							while(1) {
								L16:
								_t89 =  *((intOrPtr*)(_t76 + 1));
								if(_t89 == 0) {
									goto L20;
								}
								_t94 =  *_t96;
								if(_t94 <  *_t76 || _t94 > _t89) {
									_t76 = _t76 + 2;
									if( *_t76 != 0) {
										continue;
									}
									goto L20;
								} else {
									goto L56;
								}
							}
							goto L20;
						} else {
							L31:
							_t96 = 0;
							_t63 = MultiByteToWideChar(_a28, 9, _v32, _t95, 0, 0);
							_v44 = _t63;
							if(_t63 == 0) {
								goto L57;
							}
							_t94 = _t63 + _t63 + 8;
							asm("sbb eax, eax");
							_t64 = _t63 & _t63 + _t63 + 0x00000008;
							if(_t64 == 0) {
								_v52 = 0;
								L55:
								L011535B7( &_v52);
								_t58 = _t96;
								goto L58;
							}
							if(_t64 > 0x400) {
								_push(_t64);
								_t66 = E0115156E();
								_v40 = _t66;
								if(_t66 == 0) {
									L39:
									_v52 = _t66;
									if(_t66 == 0 || MultiByteToWideChar(_a28, 1, _v32, _t95, _t66, _v44) == 0) {
										goto L55;
									} else {
										_t95 = _v36;
										_t68 = MultiByteToWideChar(_a28, 9, _v36, _t79, _t96, _t96);
										_v32 = _t68;
										if(_t68 == 0) {
											goto L55;
										}
										_t94 = _t68 + _t68 + 8;
										asm("sbb eax, eax");
										_t69 = _t68 & _t68 + _t68 + 0x00000008;
										if(_t69 == 0) {
											_v48 = _t96;
											L53:
											L011535B7( &_v48);
											goto L55;
										}
										if(_t69 > 0x400) {
											_push(_t69);
											_t95 = E0115156E();
											if(_t95 == 0) {
												L49:
												_v48 = _t95;
												if(_t95 != 0) {
													_t72 = MultiByteToWideChar(_a28, 1, _v36, _t79, _t95, _v32);
													if(_t72 != 0) {
														__imp__CompareStringEx(_v56, _a8, _v40, _v44, _t95, _v32, _t96, _t96, _t96);
														_t96 = _t72;
													}
												}
												goto L53;
											}
											 *_t95 = 0xdddd;
											L48:
											_t95 =  &(_t95[4]);
											goto L49;
										}
										L011532D8(_t69);
										_t95 = _t98;
										if(_t95 == 0) {
											goto L49;
										}
										 *_t95 = 0xcccc;
										goto L48;
									}
								}
								 *_t66 = 0xdddd;
								L38:
								_t66 =  &(_t66[4]);
								_v40 = _t66;
								goto L39;
							}
							L011532D8(_t64);
							_t66 = _t98;
							_v40 = _t66;
							if(_t66 == 0) {
								goto L39;
							}
							 *_t66 = 0xcccc;
							goto L38;
						}
					}
					_t79 = E011526D0(_t57, _t79);
					goto L7;
				}
			}

































          0x01186de3
          0x01186dea
          0x01186df2
          0x01186df6
          0x01186df9
          0x01186dfc
          0x01186dff
          0x01186e02
          0x01186e07
          0x01186e1c
          0x00000000
          0x00000000
          0x00000000
          0x01186e09
          0x01186e11
          0x01186e13
          0x01186e22
          0x01186e22
          0x01186e27
          0x01186e39
          0x0118702f
          0x0118702f
          0x01187031
          0x01187042
          0x01187042
          0x01186e3f
          0x01186e41
          0x01186e4d
          0x01187028
          0x01187028
          0x01186ea8
          0x01186ea8
          0x00000000
          0x01186ea8
          0x01186e56
          0x01186ee1
          0x01186ee3
          0x00000000
          0x01186ee3
          0x01186e5f
          0x01186ea6
          0x01186ea6
          0x00000000
          0x01186ea6
          0x01186e70
          0x00000000
          0x00000000
          0x01186e78
          0x01186eb0
          0x00000000
          0x00000000
          0x01186eb6
          0x00000000
          0x00000000
          0x01186ebc
          0x01186ebf
          0x00000000
          0x00000000
          0x01186ec1
          0x01186ec4
          0x01186ec4
          0x01186ec9
          0x00000000
          0x00000000
          0x01186ecb
          0x01186ecf
          0x01186ed9
          0x01186edf
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x01186ecf
          0x00000000
          0x01186ec4
          0x01186e7e
          0x00000000
          0x00000000
          0x01186e84
          0x01186e87
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x01186e89
          0x01186e89
          0x01186e89
          0x01186e8e
          0x00000000
          0x00000000
          0x01186e90
          0x01186e94
          0x01186e9e
          0x01186ea4
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x01186e94
          0x00000000
          0x01186ee9
          0x01186ee9
          0x01186ee9
          0x01186ef6
          0x01186efc
          0x01186f01
          0x00000000
          0x00000000
          0x01186f0a
          0x01186f0f
          0x01186f11
          0x01186f13
          0x01187019
          0x0118701c
          0x0118701f
          0x01187024
          0x00000000
          0x01187024
          0x01186f1e
          0x01186f36
          0x01186f37
          0x01186f3c
          0x01186f42
          0x01186f50
          0x01186f50
          0x01186f55
          0x00000000
          0x01186f76
          0x01186f76
          0x01186f82
          0x01186f88
          0x01186f8d
          0x00000000
          0x00000000
          0x01186f96
          0x01186f9b
          0x01186f9d
          0x01186f9f
          0x0118700c
          0x0118700f
          0x01187012
          0x00000000
          0x01187012
          0x01186fa6
          0x01186fbb
          0x01186fc1
          0x01186fc6
          0x01186fd1
          0x01186fd1
          0x01186fd6
          0x01186fe5
          0x01186fed
          0x01187002
          0x01187008
          0x01187008
          0x01186fed
          0x00000000
          0x01186fd6
          0x01186fc8
          0x01186fce
          0x01186fce
          0x00000000
          0x01186fce
          0x01186fa8
          0x01186fad
          0x01186fb1
          0x00000000
          0x00000000
          0x01186fb3
          0x00000000
          0x01186fb3
          0x01186f55
          0x01186f44
          0x01186f4a
          0x01186f4a
          0x01186f4d
          0x00000000
          0x01186f4d
          0x01186f20
          0x01186f25
          0x01186f27
          0x01186f2c
          0x00000000
          0x00000000
          0x01186f2e
          0x00000000
          0x01186f2e
          0x01186e41
          0x01186e32
          0x00000000
          0x01186e32

          APIs
          • GetCPInfo.KERNEL32(?,?), ref: 01186E68
          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 01186EF6
          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 01186F68
          • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 01186F82
          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 01186FE5
          • CompareStringEx.KERNEL32 ref: 01187002
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ByteCharMultiWide$CompareInfoString
          • String ID:
          • API String ID: 2984826149-0
          • Opcode ID: 102d0e8f122ca83a7cc7750389d5ca9e00c60b0ca7f35bf363282fe9c128a32a
          • Instruction ID: b9884900713ace14aca6d068fab8a464e350596d2c8402fdbfd49aef87d65897
          • Opcode Fuzzy Hash: 102d0e8f122ca83a7cc7750389d5ca9e00c60b0ca7f35bf363282fe9c128a32a
          • Instruction Fuzzy Hash: 8E71E57290021AABDF29EF68CC50EEF7FB6EF46254F298019E915A7290DB31C445CF61
          Uniqueness

          Uniqueness Score: -1.00%

          Function 0115362A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON
          Download Yara Rule
          C-Code - Quality: 25%
          			E0115362A(struct HINSTANCE__* __ebx, void* __edx, void* __esi, void* __eflags, intOrPtr _a4) {
				signed short* _v0;
				signed int _v8;
				signed int _v12;
				char _v13;
				char _v512;
				long _v516;
				void* __edi;
				void* _t16;
				intOrPtr _t18;
				short _t19;
				short _t21;
				void* _t28;
				void* _t29;
				struct HINSTANCE__* _t30;
				short* _t33;
				void* _t40;
				WCHAR* _t41;
				signed int _t43;
				void* _t50;
				void* _t51;

				_t40 = __esi;
				_t30 = __ebx;
				_t16 = E01152D15(3);
				if(_t16 == 1 || _t16 == 0 &&  *0x14f2ae4 == 1) {
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x1fc;
					 *0x14efcac =  *0x14efcac ^ __ebp;
					_v8 =  *0x14efcac ^ __ebp;
					_push(__esi);
					__eax = GetStdHandle(0xfffffff4);
					__esi = __eax;
					if(__esi != 0 && __esi != 0xffffffff) {
						__edx = _v0;
						__ecx =  &_v512;
						while(1) {
							__al =  *__edx;
							 *__ecx = __al;
							__ecx = __ecx + 1;
							__eax =  &_v12;
							if(__ecx ==  &_v12) {
								break;
							}
							__eax =  *__edx & 0x0000ffff;
							__edx =  &(__edx[1]);
							if(__ax != 0) {
								continue;
							}
							break;
						}
						__eax = 0;
						_v13 = __al;
						_v516 = 0;
						__eax =  &_v516;
						__eax =  &_v512;
						__ecx = __ecx - __eax;
						__eax = WriteFile(__esi, __eax, __ecx,  &_v516, 0);
					}
					__ecx = _v12;
					__ecx = _v12 ^ __ebp;
					_pop(__esi);
					__eax = L01152ECD(__eax, __ebx, _v12 ^ __ebp, __edx, __edi, __esi);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				} else {
					_push(_t30);
					_push(_t40);
					_t19 = L011536E3(0x14f2ae8, 0x314, L"Runtime Error!\n\nProgram: ");
					_t51 = _t50 + 0xc;
					_t30 = 0;
					if(_t19 != 0) {
						L23:
						_push(_t30);
						_push(_t30);
						_push(_t30);
						_push(_t30);
						_push(_t30);
						L0115342C();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t18 =  *0x14f2ae4; // 0x1
						return _t18;
					} else {
						_t41 = 0x14f2b1a;
						 *0x14f2d22 = _t19;
						if(GetModuleFileNameW(0, 0x14f2b1a, 0x104) != 0) {
							L15:
							_t10 =  &(_t41[1]); // 0x14f2b1c
							_t33 = _t10;
							do {
								_t21 =  *_t41;
								_t41 =  &(_t41[1]);
							} while (_t21 != _t30);
							_t43 = _t41 - _t33 >> 1;
							_t11 = _t43 + 1; // 0x14f2b19
							if(_t11 <= 0x3c) {
								L19:
								if(E01152A4A(0x14f2ae8, 0x314, L"\n\n") != 0 || E01152A4A(0x14f2ae8, 0x314, _a4) != 0) {
									goto L23;
								} else {
									_push(0x12010);
									_push(L"Microsoft Visual C++ Runtime Library");
									return E011519BF(_t33, 0x14f2ae8);
								}
							} else {
								_push(3);
								_t12 = _t43 - 0x3b; // 0x14f2add
								_t28 = L0115569B( &(0x14f2b1a[_t12]), 0x2fb - _t12, L"...");
								_t51 = _t51 + 0x10;
								if(_t28 != 0) {
									goto L23;
								} else {
									goto L19;
								}
							}
						} else {
							_t29 = L011536E3(0x14f2b1a, 0x2fb, L"<program name unknown>");
							_t51 = _t51 + 0xc;
							if(_t29 != 0) {
								goto L23;
							} else {
								goto L15;
							}
						}
					}
				}
			}























          0x0115362a
          0x0115362a
          0x011c0e40
          0x011c0e49
          0x011c0da2
          0x011c0da3
          0x011c0da5
          0x011c0db0
          0x011c0db2
          0x011c0db5
          0x011c0db8
          0x011c0dbe
          0x011c0dc2
          0x011c0dc9
          0x011c0dcc
          0x011c0dd2
          0x011c0dd2
          0x011c0dd4
          0x011c0dd6
          0x011c0dd7
          0x011c0ddc
          0x00000000
          0x00000000
          0x011c0dde
          0x011c0de1
          0x011c0de7
          0x00000000
          0x00000000
          0x00000000
          0x011c0de7
          0x011c0de9
          0x011c0dec
          0x011c0def
          0x011c0df5
          0x011c0dfc
          0x011c0e02
          0x011c0e08
          0x011c0e08
          0x011c0e0e
          0x011c0e11
          0x011c0e13
          0x011c0e14
          0x011c0e19
          0x011c0e19
          0x011c0e1a
          0x011c0e60
          0x011c0e60
          0x011c0e61
          0x011c0e71
          0x011c0e76
          0x011c0e79
          0x011c0e7d
          0x011c0f43
          0x011c0f43
          0x011c0f44
          0x011c0f45
          0x011c0f46
          0x011c0f47
          0x011c0f48
          0x011c0f4d
          0x011c0f4e
          0x011c0f4f
          0x011c0f50
          0x011c0f51
          0x011c0f52
          0x011c0f53
          0x011c0f54
          0x011c0f55
          0x011c0f56
          0x011c0f57
          0x011c0f58
          0x011c0f59
          0x011c0f5a
          0x011c0f5b
          0x011c0f5c
          0x011c0f5d
          0x011c0f5e
          0x011c0f5f
          0x011c0f60
          0x011c0f61
          0x011c0f62
          0x011c0f63
          0x011c0f64
          0x011c0f65
          0x011c0f66
          0x011c0f67
          0x011c0f68
          0x011c0f69
          0x011c0f6a
          0x011c0f6b
          0x011c0f6c
          0x011c0f6d
          0x011c0f6e
          0x011c0f6f
          0x011c0f70
          0x011c0f71
          0x011c0f72
          0x011c0f73
          0x011c0f74
          0x011c0f75
          0x011c0f76
          0x011c0f77
          0x011c0f78
          0x011c0f79
          0x011c0f7a
          0x011c0f7b
          0x011c0f7c
          0x011c0f7d
          0x011c0f7e
          0x011c0f7f
          0x011c0f80
          0x011c0f81
          0x011c0f82
          0x011c0f83
          0x011c0f84
          0x011c0f85
          0x011c0f86
          0x011c0f87
          0x011c0f88
          0x011c0f89
          0x011c0f8a
          0x011c0f8b
          0x011c0f8c
          0x011c0f8d
          0x011c0f8e
          0x011c0f8f
          0x011c0f90
          0x011c0f91
          0x011c0f92
          0x011c0f93
          0x011c0f98
          0x011c0e83
          0x011c0e89
          0x011c0e8e
          0x011c0ea3
          0x011c0ebc
          0x011c0ebc
          0x011c0ebc
          0x011c0ebf
          0x011c0ebf
          0x011c0ec2
          0x011c0ec5
          0x011c0ecc
          0x011c0ece
          0x011c0ed4
          0x011c0ef7
          0x011c0f12
          0x00000000
          0x011c0f26
          0x011c0f26
          0x011c0f2b
          0x011c0f3c
          0x011c0f3c
          0x011c0ed6
          0x011c0ed6
          0x011c0ed8
          0x011c0eeb
          0x011c0ef0
          0x011c0ef5
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011c0ef5
          0x011c0ea5
          0x011c0eac
          0x011c0eb1
          0x011c0eb6
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011c0eb6
          0x011c0ea3
          0x011c0e7d

          APIs
          • GetModuleFileNameW.KERNEL32(00000000,014F2B1A,00000104), ref: 011C0E96
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: FileModuleName
          • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
          • API String ID: 514040917-4022980321
          • Opcode ID: 6e62b61f4720c030d55b977a4d72496dd775b5ceaa235758aab2ef6949ec976b
          • Instruction ID: 0381c5fbcde82c8e0c77ef05df07b241b039e66ba02a33c7cfe663bb123ce09f
          • Opcode Fuzzy Hash: 6e62b61f4720c030d55b977a4d72496dd775b5ceaa235758aab2ef6949ec976b
          • Instruction Fuzzy Hash: AC217C3AA44213EBDB7D656AAC05F6B375C8BB8F44F00042EFD1892251F7B1C755C2A2
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011C282A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
          Download Yara Rule
          C-Code - Quality: 25%
          			E011C282A(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x14f5000(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






          0x011c2830
          0x011c2834
          0x011c283f
          0x011c2847
          0x011c2852
          0x011c2858
          0x011c285c
          0x011c2863
          0x011c2869
          0x011c2869
          0x011c286b
          0x011c2870
          0x00000000
          0x011c2875
          0x011c287c

          APIs
          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,011C2789,?,?,011C2738,?,?,?), ref: 011C283F
          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 011C2852
          • FreeLibrary.KERNEL32(00000000,?,?,011C2789,?,?,011C2738,?,?,?), ref: 011C2875
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: AddressFreeHandleLibraryModuleProc
          • String ID: CorExitProcess$mscoree.dll
          • API String ID: 4061214504-1276376045
          • Opcode ID: a3043f9e095abee752b48fcbc67c0e0e6abb61151384f352476d62e312cd6b16
          • Instruction ID: 1297ef756afea6d67cc8db245bc3a8bc464c089ff27142e0ab9f5bd0e7feef77
          • Opcode Fuzzy Hash: a3043f9e095abee752b48fcbc67c0e0e6abb61151384f352476d62e312cd6b16
          • Instruction Fuzzy Hash: 5CF01271500219FFDB259B55D90AB9E7EE5EF00B56F54006CF905B12A4CB708E10DB95
          Uniqueness

          Uniqueness Score: -1.00%

          Function 01198B8E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
          Download Yara Rule
          C-Code - Quality: 100%
          			E01198B8E(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || L01155191(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




          0x01198b9b
          0x01198ba3
          0x01198bd8
          0x01198ba5
          0x01198bae
          0x00000000
          0x01198bd5
          0x01198bd4
          0x01198bd4

          APIs
          • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,01198A36,?,?,?,?,?,?,01198CE0,00000003,FlsSetValue,011F4D60,011F4D68), ref: 01198B9B
          • GetLastError.KERNEL32(?,01198A36,?,?,?,?,?,?,01198CE0,00000003,FlsSetValue,011F4D60,011F4D68), ref: 01198BA5
          • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 01198BCD
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: LibraryLoad$ErrorLast
          • String ID: api-ms-
          • API String ID: 3177248105-2084034818
          • Opcode ID: 35d7cb185ee0ecc63474679db0b274ff514beb01f28f725816442aa29baf0861
          • Instruction ID: 590fddfa111a1da8f9f0c1087c24f52fc355d084cd3b2835ba273be8576631f3
          • Opcode Fuzzy Hash: 35d7cb185ee0ecc63474679db0b274ff514beb01f28f725816442aa29baf0861
          • Instruction Fuzzy Hash: ADE048B1280208BFEF251E55EC05F5A3F959B01B50F184424FA0EE85E5FB6194609645
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011CE670 Relevance: 6.3, APIs: 4, Instructions: 317fileCOMMON
          Download Yara Rule
          C-Code - Quality: 83%
          			E011CE670(void* __eflags, intOrPtr _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				signed char _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v51;
				void _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed int _v84;
				signed int _v88;
				long _v92;
				intOrPtr _v96;
				long _v100;
				signed char* _v104;
				signed char* _v108;
				void* _v112;
				intOrPtr _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t170;
				signed int _t172;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				signed char* _t202;
				void* _t206;
				struct _OVERLAPPED* _t211;
				void* _t220;
				long _t224;
				intOrPtr _t225;
				char _t227;
				void* _t237;
				struct _OVERLAPPED* _t242;
				void* _t243;
				signed int _t245;
				intOrPtr _t248;
				signed int _t251;
				signed int _t252;
				signed int _t254;
				intOrPtr _t256;
				void* _t262;
				intOrPtr _t263;
				signed int _t264;
				signed char _t267;
				intOrPtr _t270;
				signed char* _t273;
				void* _t275;
				signed int _t277;
				signed int _t279;
				void* _t281;
				signed int _t284;
				signed int _t285;
				intOrPtr _t286;
				signed int _t287;
				struct _OVERLAPPED* _t289;
				struct _OVERLAPPED* _t291;
				signed int _t293;
				signed int _t295;
				void* _t296;
				void* _t298;

				_t293 = _t295;
				_t296 = _t295 - 0x8c;
				_t170 =  *0x14efcac; // 0x473d9cf5
				_v8 = _t170 ^ _t293;
				_t172 = _a8;
				_t267 = _t172 >> 6;
				_t245 = (_t172 & 0x0000003f) * 0x38;
				_t273 = _a12;
				_v108 = _t273;
				_v80 = _t267;
				_v112 =  *((intOrPtr*)(_t245 +  *((intOrPtr*)(0x14f3688 + _t267 * 4)) + 0x18));
				_v44 = _t245;
				_v96 = _a16 + _t273;
				_t178 = GetConsoleOutputCP();
				_t242 = 0;
				_v124 = _t178;
				L01155407( &_v72, _t267, 0);
				_t279 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_t248 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t248;
				_v104 = _t273;
				if(_t273 >= _v96) {
					L49:
					__eflags = _v60 - _t242;
				} else {
					while(1) {
						_t251 = _v44;
						_v51 =  *_t273;
						_v76 = _t242;
						_v40 = 1;
						_t186 =  *((intOrPtr*)(0x14f3688 + _v80 * 4));
						_v48 = _t186;
						if(_t248 != 0xfde9) {
							goto L20;
						}
						_t211 = _t242;
						_t270 = _v48 + 0x2e + _t251;
						_v116 = _t270;
						while( *((intOrPtr*)(_t270 + _t211)) != _t242) {
							_t211 =  &(_t211->Internal);
							if(_t211 < 5) {
								continue;
							}
							break;
						}
						_t267 = _v96 - _t273;
						_v40 = _t211;
						if(_t211 <= 0) {
							_t72 = ( *_t273 & 0x000000ff) + 0x14effc0; // 0x0
							_t256 =  *_t72 + 1;
							_v48 = _t256;
							__eflags = _t256 - _t267;
							if(_t256 > _t267) {
								__eflags = _t267;
								if(_t267 <= 0) {
									goto L41;
								} else {
									_t285 = _v44;
									do {
										 *((char*)( *((intOrPtr*)(0x14f3688 + _v80 * 4)) + _t285 + _t242 + 0x2e)) =  *((intOrPtr*)(_t242 + _t273));
										_t242 =  &(_t242->Internal);
										__eflags = _t242 - _t267;
									} while (_t242 < _t267);
									goto L40;
								}
							} else {
								_v144 = _t242;
								__eflags = _t256 - 4;
								_v140 = _t242;
								_v56 = _t273;
								_v40 = (_t256 == 4) + 1;
								_t220 = L01155C81( &_v144,  &_v76,  &_v56, (_t256 == 4) + 1,  &_v144);
								_t298 = _t296 + 0x10;
								__eflags = _t220 - 0xffffffff;
								if(_t220 == 0xffffffff) {
									goto L49;
								} else {
									_t286 = _v48;
									goto L19;
								}
							}
						} else {
							_t224 =  *((char*)(( *(_t251 + _v48 + 0x2e) & 0x000000ff) + 0x14effc0)) + 1;
							_v56 = _t224;
							_t225 = _t224 - _v40;
							_v48 = _t225;
							if(_t225 > _t267) {
								__eflags = _t267;
								if(_t267 > 0) {
									_t287 = _t251;
									do {
										_t227 =  *((intOrPtr*)(_t242 + _t273));
										_t262 =  *((intOrPtr*)(0x14f3688 + _v80 * 4)) + _t287 + _t242;
										_t242 =  &(_t242->Internal);
										 *((char*)(_t262 + _v40 + 0x2e)) = _t227;
										_t287 = _v44;
										__eflags = _t242 - _t267;
									} while (_t242 < _t267);
									L40:
									_t279 = _v88;
								}
								L41:
								_t284 = _t279 + _t267;
								__eflags = _t284;
								L42:
								__eflags = _v60;
								_v88 = _t284;
							} else {
								_t267 = _v40;
								_t289 = _t242;
								_t263 = _v116;
								do {
									 *((char*)(_t293 + _t289 - 0xc)) =  *((intOrPtr*)(_t263 + _t289));
									_t289 =  &(_t289->Internal);
								} while (_t289 < _t267);
								_t290 = _v48;
								_t264 = _v44;
								if(_v48 > 0) {
									L01155385( &_v16 + _t267, _t273, _t290);
									_t264 = _v44;
									_t296 = _t296 + 0xc;
									_t267 = _v40;
								}
								_t277 = _v80;
								_t291 = _t242;
								do {
									 *( *((intOrPtr*)(0x14f3688 + _t277 * 4)) + _t264 + _t291 + 0x2e) = _t242;
									_t291 =  &(_t291->Internal);
								} while (_t291 < _t267);
								_t273 = _v104;
								_t286 = _v48;
								_v120 =  &_v16;
								_v136 = _t242;
								_v132 = _t242;
								_v40 = (_v56 == 4) + 1;
								_t237 = L01155C81( &_v136,  &_v76,  &_v120, (_v56 == 4) + 1,  &_v136);
								_t298 = _t296 + 0x10;
								if(_t237 == 0xffffffff) {
									goto L49;
								} else {
									L19:
									_t273 = _t273 - 1 + _t286;
									L28:
									_t273 =  &(_t273[1]);
									_v104 = _t273;
									_t193 = L011560BE(_v124, _t242,  &_v76, _v40,  &_v32, 5, _t242, _t242);
									_t296 = _t298 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L49;
									} else {
										if(WriteFile(_v112,  &_v32, _t193,  &_v100, _t242) == 0) {
											L48:
											_v92 = GetLastError();
											goto L49;
										} else {
											_t279 = _v84 - _v108 + _t273;
											_v88 = _t279;
											if(_v100 < _v56) {
												goto L49;
											} else {
												if(_v51 != 0xa) {
													L35:
													if(_t273 >= _v96) {
														goto L49;
													} else {
														_t248 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v52 = _t198;
													if(WriteFile(_v112,  &_v52, 1,  &_v100, _t242) == 0) {
														goto L48;
													} else {
														if(_v100 < 1) {
															goto L49;
														} else {
															_v84 = _v84 + 1;
															_t279 = _t279 + 1;
															_v88 = _t279;
															goto L35;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L50;
						L20:
						_t267 =  *((intOrPtr*)(_t251 + _t186 + 0x2d));
						__eflags = _t267 & 0x00000004;
						if((_t267 & 0x00000004) == 0) {
							_v33 =  *_t273;
							_t188 = L01154994(_t267);
							_t252 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t252 * 2)) - _t242;
							if( *((intOrPtr*)(_t188 + _t252 * 2)) >= _t242) {
								_push(1);
								_push(_t273);
								goto L27;
							} else {
								_t202 =  &(_t273[1]);
								_v56 = _t202;
								__eflags = _t202 - _v96;
								if(_t202 >= _v96) {
									_t267 = _v80;
									_t254 = _v44;
									 *((char*)(_t254 +  *((intOrPtr*)(0x14f3688 + _t267 * 4)) + 0x2e)) = _v33;
									 *(_t254 +  *((intOrPtr*)(0x14f3688 + _t267 * 4)) + 0x2d) =  *(_t254 +  *((intOrPtr*)(0x14f3688 + _t267 * 4)) + 0x2d) | 0x00000004;
									_t284 = _t279 + 1;
									goto L42;
								} else {
									_t206 = L0115293C( &_v76, _t273, 2);
									_t298 = _t296 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L49;
									} else {
										_t273 = _v56;
										goto L28;
									}
								}
							}
						} else {
							_t267 = _t267 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t251 + _t186 + 0x2e));
							_v23 =  *_t273;
							_push(2);
							 *(_t251 + _v48 + 0x2d) = _t267;
							_push( &_v24);
							L27:
							_push( &_v76);
							_t190 = L0115293C();
							_t298 = _t296 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L49;
							} else {
								goto L28;
							}
						}
						goto L50;
					}
				}
				L50:
				if(__eflags != 0) {
					_t183 = _v72;
					_t165 = _t183 + 0x350;
					 *_t165 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t165;
				}
				__eflags = _v8 ^ _t293;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_pop(_t275);
				_pop(_t281);
				_pop(_t243);
				return L01152ECD(_a4, _t243, _v8 ^ _t293, _t267, _t275, _t281);
			}




















































































          0x011ce673
          0x011ce675
          0x011ce67b
          0x011ce682
          0x011ce685
          0x011ce68d
          0x011ce690
          0x011ce69d
          0x011ce6a0
          0x011ce6a3
          0x011ce6aa
          0x011ce6b2
          0x011ce6b5
          0x011ce6b8
          0x011ce6be
          0x011ce6c0
          0x011ce6c7
          0x011ce6d1
          0x011ce6d3
          0x011ce6d6
          0x011ce6d9
          0x011ce6dc
          0x011ce6df
          0x011ce6e2
          0x011ce6e8
          0x011ce9f3
          0x011ce9f3
          0x00000000
          0x011ce6ee
          0x011ce6f6
          0x011ce6f9
          0x011ce6ff
          0x011ce702
          0x011ce709
          0x011ce710
          0x011ce713
          0x00000000
          0x00000000
          0x011ce71c
          0x011ce721
          0x011ce723
          0x011ce726
          0x011ce72b
          0x011ce72f
          0x00000000
          0x00000000
          0x00000000
          0x011ce72f
          0x011ce734
          0x011ce736
          0x011ce73b
          0x011ce7f5
          0x011ce7fc
          0x011ce7fd
          0x011ce800
          0x011ce802
          0x011ce9a6
          0x011ce9a8
          0x00000000
          0x011ce9aa
          0x011ce9aa
          0x011ce9ad
          0x011ce9bc
          0x011ce9c0
          0x011ce9c1
          0x011ce9c1
          0x00000000
          0x011ce9c5
          0x011ce808
          0x011ce80a
          0x011ce810
          0x011ce813
          0x011ce81f
          0x011ce828
          0x011ce833
          0x011ce838
          0x011ce83b
          0x011ce83e
          0x00000000
          0x011ce844
          0x011ce844
          0x00000000
          0x011ce844
          0x011ce83e
          0x011ce741
          0x011ce750
          0x011ce751
          0x011ce754
          0x011ce757
          0x011ce75c
          0x011ce972
          0x011ce974
          0x011ce976
          0x011ce978
          0x011ce982
          0x011ce98a
          0x011ce98c
          0x011ce98d
          0x011ce991
          0x011ce994
          0x011ce994
          0x011ce998
          0x011ce998
          0x011ce998
          0x011ce99b
          0x011ce99b
          0x011ce99b
          0x011ce99d
          0x011ce99d
          0x011ce9a1
          0x011ce762
          0x011ce762
          0x011ce765
          0x011ce767
          0x011ce76a
          0x011ce76d
          0x011ce771
          0x011ce772
          0x011ce776
          0x011ce779
          0x011ce77e
          0x011ce788
          0x011ce78d
          0x011ce790
          0x011ce793
          0x011ce793
          0x011ce796
          0x011ce799
          0x011ce79b
          0x011ce7a4
          0x011ce7a8
          0x011ce7a9
          0x011ce7ad
          0x011ce7b3
          0x011ce7bc
          0x011ce7c9
          0x011ce7d0
          0x011ce7d4
          0x011ce7df
          0x011ce7e4
          0x011ce7ea
          0x00000000
          0x011ce7f0
          0x011ce847
          0x011ce848
          0x011ce8cb
          0x011ce8d2
          0x011ce8da
          0x011ce8e2
          0x011ce8e7
          0x011ce8ea
          0x011ce8ef
          0x00000000
          0x011ce8f5
          0x011ce90a
          0x011ce9ea
          0x011ce9f0
          0x00000000
          0x011ce910
          0x011ce919
          0x011ce91b
          0x011ce921
          0x00000000
          0x011ce927
          0x011ce92b
          0x011ce961
          0x011ce964
          0x00000000
          0x011ce96a
          0x011ce96a
          0x00000000
          0x011ce96a
          0x011ce92d
          0x011ce92f
          0x011ce931
          0x011ce94a
          0x00000000
          0x011ce950
          0x011ce954
          0x00000000
          0x011ce95a
          0x011ce95a
          0x011ce95d
          0x011ce95e
          0x00000000
          0x011ce95e
          0x011ce954
          0x011ce94a
          0x011ce92b
          0x011ce921
          0x011ce90a
          0x011ce8ef
          0x011ce7ea
          0x011ce75c
          0x00000000
          0x011ce84c
          0x011ce84c
          0x011ce850
          0x011ce853
          0x011ce875
          0x011ce878
          0x011ce87d
          0x011ce881
          0x011ce885
          0x011ce8b3
          0x011ce8b5
          0x00000000
          0x011ce887
          0x011ce887
          0x011ce88a
          0x011ce88d
          0x011ce890
          0x011ce9c7
          0x011ce9ca
          0x011ce9d7
          0x011ce9e2
          0x011ce9e7
          0x00000000
          0x011ce896
          0x011ce89d
          0x011ce8a2
          0x011ce8a5
          0x011ce8a8
          0x00000000
          0x011ce8ae
          0x011ce8ae
          0x00000000
          0x011ce8ae
          0x011ce8a8
          0x011ce890
          0x011ce855
          0x011ce859
          0x011ce85c
          0x011ce861
          0x011ce867
          0x011ce869
          0x011ce870
          0x011ce8b6
          0x011ce8b9
          0x011ce8ba
          0x011ce8bf
          0x011ce8c2
          0x011ce8c5
          0x00000000
          0x00000000
          0x00000000
          0x00000000
          0x011ce8c5
          0x00000000
          0x011ce853
          0x011ce6ee
          0x011ce9f6
          0x011ce9f6
          0x011ce9f8
          0x011ce9fb
          0x011ce9fb
          0x011ce9fb
          0x011ce9fb
          0x011cea0d
          0x011cea0f
          0x011cea10
          0x011cea11
          0x011cea12
          0x011cea13
          0x011cea14
          0x011cea1b

          APIs
          • GetConsoleOutputCP.KERNEL32(?,?,?), ref: 011CE6B8
          • WriteFile.KERNEL32(?,00000020,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 011CE902
          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 011CE942
          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 011CE9EA
          Memory Dump Source
          • Source File: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: FileWrite$ConsoleErrorLastOutput
          • String ID:
          • API String ID: 2718003287-0
          • Opcode ID: 0a79a2fe61648f8d3e18ea18633a69f564f6d76f66d35af502d8952df424b2fa
          • Instruction ID: ae5787cee09ddd0c0a8358fc71a4a4e49e0ee60c62cf03e696e8076f9cc0a0e2
          • Opcode Fuzzy Hash: 0a79a2fe61648f8d3e18ea18633a69f564f6d76f66d35af502d8952df424b2fa
          • Instruction Fuzzy Hash: 6CC19A75D012999FDB29CFA8C8809EDBFB5BF19314F28416EE855BB341E7309906CB60
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011535F8 Relevance: 6.0, APIs: 4, Instructions: 30COMMON
          Download Yara Rule
          C-Code - Quality: 100%
          			E011535F8(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x14f0940, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					L01155C5E();
					E011E6AC8();
					_t13 = WriteConsoleW( *0x14f0940, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




          0x011e6b4d
          0x011e6b51
          0x011e6b5e
          0x011e6b63
          0x011e6b7e
          0x011e6b7e
          0x011e6b84

          APIs
          • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 011E6B47
          • GetLastError.KERNEL32 ref: 011E6B53
          • ___initconout.LIBCMT ref: 011E6B63
            • Part of subcall function 011E6AC8: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,011E6B68), ref: 011E6ADB
          • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 011E6B78
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID: ConsoleWrite$CreateErrorFileLast___initconout
          • String ID:
          • API String ID: 3431868840-0
          • Opcode ID: d4d60334b8d5fd520f342d4046bef2bab253131b1ea30fb62c709c85e45d5c4c
          • Instruction ID: a1342838a9918808c85d1b58085eef9e9edc48590c841b4ce93a4d571b2c4ea0
          • Opcode Fuzzy Hash: d4d60334b8d5fd520f342d4046bef2bab253131b1ea30fb62c709c85e45d5c4c
          • Instruction Fuzzy Hash: A8F01C3AA00615BBCF361FD5DC0C99A3F66FB583B1F454014FA1886224DB328870DB90
          Uniqueness

          Uniqueness Score: -1.00%

          Function 011515AF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
          Download Yara Rule
          Strings
          • GetXStateFeaturesMask, xrefs: 011CC4BB
          • InitializeCriticalSectionEx, xrefs: 011CC50B
          Memory Dump Source
          • Source File: 00000000.00000002.285545275.0000000001151000.00000020.00000001.01000000.00000003.sdmp, Offset: 01150000, based on PE: true
          • Associated: 00000000.00000002.285541404.0000000001150000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285552445.000000000115B000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285556777.000000000115F000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285644992.00000000011EA000.00000020.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285659822.00000000011F0000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285722076.000000000120A000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.285988887.0000000001473000.00000040.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286000365.00000000014EF000.00000004.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286006157.00000000014F4000.00000002.00000001.01000000.00000003.sdmpDownload File
          • Associated: 00000000.00000002.286011217.00000000014F6000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1150000_Ou0ZT4968y.jbxd
          Similarity
          • API ID:
          • String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
          • API String ID: 0-4196971266
          • Opcode ID: b0ff213f24c71a12b6cdec538e7d34f37dd6dc8f2926076aecc97b72a3f2bf0b
          • Instruction ID: 6fd53573d43858de4f31ed1291670a4f184fbb21dd667398c1cb3a56d521a6c4
          • Opcode Fuzzy Hash: b0ff213f24c71a12b6cdec538e7d34f37dd6dc8f2926076aecc97b72a3f2bf0b
          • Instruction Fuzzy Hash: 7A01843168022877CB292E569C09FAEBE15DB70FA1F05401DFF1D59224D771492097D1
          Uniqueness

          Uniqueness Score: -1.00%